Sujet Précédent Sujet Suivant

Quelq'un pour analyser mon rapport HijackThis

Spider88 Messages postés 8 Statut Membre -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
j'aimerais trouver quelqu'un qui ci connait avec le logiciel Hijackthis pour analyser mon rapport, en effet je crois qu'il doit être infecté, malgré mes différents scan anti virus. Les gens qui veulent bien m'aider, écrivez sur ce forum, et j'y mettrais mon rapport Hijackhis, merci d'avance.
A voir également:

26 réponses

  • 1
  • 2
Réponse 1 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

Tu peux le poster.
0
Réponse 2 / 26
Spider88 Messages postés 8 Statut Membre
 
Voila mon rapport, merci de me dire si quelque chose cloche :)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:16:42, on 04/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\DAP\DAP.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Mes documents\My Completed Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [BMabae40fa] Rundll32.exe "C:\WINDOWS\system32\odmukxsu.dll",s
O4 - HKLM\..\Run: [a89d7366] rundll32.exe "C:\WINDOWS\system32\rukqprkw.dll",b
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDF4547-9240-4F63-A101-54EBE09CD871}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qsfeie.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
0
Réponse 3 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
O4 - HKLM\..\Run: [BMabae40fa] Rundll32.exe "C:\WINDOWS\system32\odmukxsu.dll",s
O4 - HKLM\..\Run: [a89d7366] rundll32.exe "C:\WINDOWS\system32\rukqprkw.dll",b

---> Infection Vundo/Virtumonde.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 4 / 26
Spider88 Messages postés 8 Statut Membre
 
Ok merci beaucoup, je vais faire ça :) et je poste le rapport en suite.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ok.
0
Réponse 6 / 26
Spider88 Messages postés 8 Statut Membre
 
Je n'arrive pas à installer combofix, quand je veux le télécharger, j'ai trois fenètres qui s'ouvre avec ceci de marqué :

rundll32.exe - erreur d'application
L'application n'a pas réussi à s'initialiser correctement (0xc0000005).

cmd.exe - erreur d'application
L'application n'a pas réussi à s'initialiser correctement (0xc0000005).

find.exe - erreur d'application
L'application n'a pas réussi à s'initialiser correctement (0xc0000005).
0
Réponse 7 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu n'arrives pas à le télécharger ou à l'installer ?
0
Réponse 8 / 26
spider88
 
euh oui excusez moi je n'arrive pas à " l'installer " lol. le fichier d'installation est sur mon bureau, un tigre blanc sur fond rouge.
0
Réponse 9 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Essaie en mode sans échec :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
0
Réponse 10 / 26
Spider88
 
Sa ne marche pas non plus en mode sans echec, les trois meme fenetres s'ouvrent...
0
Réponse 11 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 12 / 26
Spider88
 
Bonjour voila mon rapport malwarebytes'

malwarebytes' Anti-Malware 1.24
Version de la base de données: 1024
Windows 5.1.2600 Service Pack 2

11:11:48 05/08/2008
mbam-log-8-5-2008 (11-11-48).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 196391
Temps écoulé: 2 hour(s), 22 minute(s), 32 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 33

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\hgGxWnLC.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\qsfeie.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\fccyaYqo.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7083e573-553c-465b-953a-461647047e62} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7083e573-553c-465b-953a-461647047e62} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd357b7b-a6d9-4391-9137-5a6e8f7619a5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{dd357b7b-a6d9-4391-9137-5a6e8f7619a5} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9160b539-1b91-409a-98ba-985c2349feeb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9160b539-1b91-409a-98ba-985c2349feeb} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{9160b539-1b91-409a-98ba-985c2349feeb} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxwnlc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\hggxwnlc -> Delete on reboot.

Dossier(s) infecté(s):
C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\Application Data\m (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\Application Data\m\shared (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\qsfeie.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\hgGxWnLC.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\CLnWxGgh.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CLnWxGgh.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyaYqo.dll (Trojan.Vundo) -> Delete on reboot.
C:\Documents and Settings\jojo !\Local Settings\Temp\ginstall.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\VundoFix Backups\afmrbt.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\evpyhslu.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\fccyaYqo.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\fqkajtdh.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\hgGvuTLd.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\jkkHWMEX.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\kaawgtjg.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\odmukxsu.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\oplfilhk.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\opqllb.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\qsfeie.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\reiashjo.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\rmursc.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\rukqprkw.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\tuvvVPfF.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\uvwgfnla.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\vtUmJAtR.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\wvUnLfFV.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\ymprhpvv.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\VundoFix Backups\yvsttqoh.dll.bad (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMabae40fa.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMabae40fa.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcgtqj0er0l.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\photos.zip (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\Explorer.dmp (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
0
Réponse 13 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance MBAM, va dans Quarantaine et supprime tout

---> Réessaie la manip' avec ComboFix :
http://www.commentcamarche.net/forum/affich 7740927 quelq un pour analyser mon rapport hijackthis#3
0
Réponse 14 / 26
Spider88
 
Voila mon rapport COMBOFIX :

ComboFix 08-08-03.05 - Compaq_Propriétaire 2008-08-05 13:03:11.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.117 [GMT 2:00]
Endroit: C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Invité\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Program Files\Fichiers communs\{A89D7~1
C:\WINDOWS\BMabae40fa.txt
C:\WINDOWS\BMabae40fa.xml
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gkasegnd.ini
C:\WINDOWS\system32\gocrnyqc.dll
C:\WINDOWS\system32\kppcoygp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mmffbetq.ini
C:\WINDOWS\system32\obkcittp.dll
C:\WINDOWS\system32\pgyocppk.ini
C:\WINDOWS\system32\wclfyu.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))
.

2008-08-05 10:10 . 2008-08-05 10:10 2,048 --a--c--- C:\WINDOWS\system32\ctkwpxjn.exe
2008-08-04 19:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-04 19:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 19:39 . 2008-08-04 19:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:39 . 2008-08-04 19:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 19:30 . 2008-08-05 11:11 <REP> d----c--- C:\VundoFix Backups
2008-08-03 18:09 . 2005-01-01 23:10 <REP> d----c--- C:\Documents and Settings\spider88\WINDOWS
2008-08-03 18:09 . 2004-11-24 03:37 <REP> d----c--- C:\Documents and Settings\spider88\Voisinage r‚seau
2008-08-03 18:09 . 2004-11-24 03:37 <REP> d----c--- C:\Documents and Settings\spider88\Voisinage d'impression
2008-08-03 18:09 . 2008-05-18 23:58 <REP> d----c--- C:\Documents and Settings\spider88\ModŠles
2008-08-03 18:09 . 2004-11-25 05:26 <REP> d----c--- C:\Documents and Settings\spider88\Mes documents
2008-08-03 18:09 . 2004-11-25 05:26 <REP> d----c--- C:\Documents and Settings\spider88\Menu D‚marrer
2008-08-03 18:09 . 2008-05-18 16:15 <REP> d----c--- C:\Documents and Settings\spider88\Favoris
2008-08-03 18:09 . 2005-01-01 23:15 <REP> d----c--- C:\Documents and Settings\spider88\Bureau
2008-08-03 18:09 . 2005-01-01 23:30 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\Symantec
2008-08-03 18:09 . 2005-01-01 23:23 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\SampleView
2008-08-03 18:09 . 2005-01-01 23:10 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\Apple Computer
2008-08-03 18:09 . 2008-08-03 18:09 <REP> d----c--- C:\Documents and Settings\spider88
2008-08-02 21:35 . 2008-08-02 21:35 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-02 21:30 . 2008-08-02 21:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-31 21:39 . 2008-07-31 21:41 <REP> d-------- C:\Program Files\File Properties Changer
2008-07-31 15:46 . 2008-07-31 15:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-31 15:46 . 2008-07-31 15:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-27 19:38 . 2008-07-27 19:38 <REP> d-------- C:\Program Files\VirtualDub
2008-07-25 19:55 . 2008-07-25 19:55 <REP> d----c--- C:\chatlog
2008-07-25 19:48 . 2008-07-25 19:57 140,885,248 --a--c--- C:\9 best1.AC3
2008-07-25 17:32 . 2008-06-11 02:07 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-07-25 17:32 . 2008-06-11 02:07 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-07-25 17:32 . 2008-06-11 02:07 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-07-25 17:32 . 2008-06-11 02:07 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-25 17:32 . 2008-06-11 02:07 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-25 17:25 . 2008-07-25 17:25 0 --a--c--- C:\movie_1.avi
2008-07-25 13:30 . 2008-07-25 13:30 268 --ah-c--- C:\sqmdata05.sqm
2008-07-25 13:30 . 2008-07-25 13:30 244 --ah-c--- C:\sqmnoopt05.sqm
2008-07-24 23:15 . 2008-07-25 13:45 224,040,960 --a--c--- C:\out_3.vob
2008-07-24 23:15 . 2008-07-25 13:45 55,296 --a--c--- C:\out.ifo
2008-07-24 23:15 . 2008-07-25 13:45 206 --a--c--- C:\out.rpk
2008-07-24 23:15 . 2008-07-25 13:45 42 --a--c--- C:\out.lst
2008-07-24 23:12 . 2008-07-25 13:44 1,073,741,824 --a--c--- C:\out_2.vob
2008-07-24 23:10 . 2008-07-25 13:42 1,073,741,824 --a--c--- C:\out_1.vob
2008-07-22 13:16 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\No1 DVD Ripper
2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-20 18:51 . 2008-07-20 19:02 161,792 --a------ C:\WINDOWS\mmproxy_40.mdb
2008-07-20 18:51 . 2008-07-20 18:51 100,352 --a------ C:\WINDOWS\mmproxy_40_Backup.mdb
2008-07-20 18:45 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Super Groovy
2008-07-20 18:44 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Picture Pyramid
2008-07-20 18:43 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Slickball
2008-07-20 18:42 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Feeding Frenzy
2008-07-20 18:42 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Feed The Snake
2008-07-20 18:36 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Alpha Ball
2008-07-20 18:28 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Playtonium Jigsaw Atlantic Lighthouses
2008-07-20 18:27 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Playtonium Jigsaw Animals of Africa
2008-07-20 18:25 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Truffle Tray
2008-07-20 18:15 . 2008-07-20 18:15 <REP> d-------- C:\Program Files\AIST
2008-07-20 18:12 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\MadCaps
2008-07-20 18:05 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\Aqua Bubble
2008-07-19 22:08 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\Wippien
2008-07-14 10:04 . 2008-07-14 10:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-14 10:04 . 2008-07-14 10:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-14 10:03 . 2008-07-14 10:03 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-14 10:00 . 2008-07-14 10:03 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-12 11:57 . 2008-07-12 12:02 <REP> d-------- C:\Program Files\CoverPro
2008-07-11 19:01 . 2008-07-11 19:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-11 19:01 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
2008-07-11 19:01 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-07-11 19:01 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-07-11 19:01 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-07-11 19:00 . 2008-08-05 11:16 <REP> d-------- C:\Program Files\LogMeIn
2008-07-11 19:00 . 2008-07-14 13:58 1,024 --a--c--- C:\.rnd
2008-07-11 18:25 . 2008-07-11 18:27 <REP> d-------- C:\Program Files\UnderCoverXP
2008-07-05 14:31 . 2008-08-03 18:42 <REP> d-------- C:\Program Files\DAEMON Tools
2008-07-05 14:31 . 2008-07-05 14:31 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 11:17 --------- d-----w C:\Program Files\eMule
2008-08-04 21:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-04 17:29 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 19:30 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-08-01 11:18 --------- d-----w C:\Program Files\Xfire
2008-07-25 15:33 --------- d-----w C:\Program Files\DivX
2008-07-14 08:05 --------- d-----w C:\Program Files\AIM6
2008-07-02 15:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-30 15:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-26 18:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-26 18:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-25 19:38 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-24 16:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-24 16:34 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-24 16:25 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-24 16:06 --------- d-----w C:\Program Files\Managed DirectX (0900)
2008-06-24 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 09:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 09:15 --------- d-----w C:\Program Files\Microsoft Games
2008-06-20 21:11 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 17:46 --------- d-----w C:\Program Files\Futuroscope Experience ADF
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:32 --------- d-----w C:\Program Files\Logitech
2008-06-20 13:31 --------- d-----w C:\Program Files\Google
2008-06-20 13:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 13:22 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-18 17:52 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-06-17 16:20 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 13:21 --------- d-----w C:\Program Files\Convar
2008-06-13 12:53 --------- d-----w C:\Program Files\Morgan
2008-06-11 00:07 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-06-11 00:07 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-06-11 00:04 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-06-10 12:50 --------- d-----w C:\Program Files\DAP
2008-06-10 12:39 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2008-06-10 08:30 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-06-07 13:17 --------- d-----w C:\Program Files\Java
2008-06-07 12:11 --------- d-----w C:\Program Files\VirtualDubMOD
2008-06-06 15:19 209,636 ----a-w C:\WINDOWS\IPUI_DivXG400.exe
2008-06-06 15:11 --------- d-----w C:\Program Files\Rippackv3
2008-05-28 10:32 10,040 ----a-w C:\WINDOWS\system32\LMImirr2.dll
2008-05-22 22:18 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-08 01:39 16,577 ----a-w C:\Program Files\Lightroom - Bitte lesen.html
2008-04-08 01:30 16,925 ----a-w C:\Program Files\Lightroom - Lisez-moi.html
2008-04-08 00:11 15,628 ----a-w C:\Program Files\Lightroom Read Me.html
2008-01-01 14:18 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-04-30 22:19 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll
2006-08-12 15:27 81,920 ----a-w C:\Documents and Settings\jojo !\Application Data\ezpinst.exe
2006-08-12 15:27 47,360 ----a-w C:\Documents and Settings\jojo !\Application Data\pcouffin.sys
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "C:\PROGRA~1\DAP\SBSearch.dll" [2008-06-10 14:39 32768]

[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 15:30 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 05:05 339968]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 00:04 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23 663552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 13:32 266497]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-01-01 23:10 98304]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 57344 C:\WINDOWS\ALCXMNTR.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire.SPIDER.000^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-06-10 14:39 3053056 C:\Program Files\DAP\DAP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-01-01 23:10 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINSOS VERIFY]
--a------ 2008-03-28 13:31 2116102 C:\Program Files\Winsos\Winsos.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Winsos\\winsos.exe"=
"C:\\Program Files\\TchecMeet\\Tchecmeet.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"C:\\Program Files\\SmartWhois\\sw.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Server\\haloded.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3473:UDP"= 3473:UDP:Windows Media Format SDK (firefox.exe)
"3472:UDP"= 3472:UDP:Windows Media Format SDK (firefox.exe)
"57089:TCP"= 57089:TCP:Pando P2P TCP Listening Port
"57089:UDP"= 57089:UDP:Pando P2P UDP Listening Port

R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e950b0f-37d2-11dd-af31-001c10e6cea3}]
\Shell\AutoRun\command - explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e3ce518-2a37-11dd-af27-001c10e6cea3}]
\Shell\AutoRun\command - explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8e3ce52e-2a37-11dd-af27-001c10e6cea3}]
\Shell\AutoRun\command - explorer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4b057ab-525a-11dd-af47-001c10e6cea3}]
\Shell\AutoRun\command - explorer.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-07-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-08-05 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job
- C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe [2005-04-22 18:36]

2008-08-01 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-a89d7366 - C:\WINDOWS\system32\kppcoygp.dll
HKLM-Run-BMabae40fa - C:\WINDOWS\system32\gocrnyqc.dll
Notify-LMIinit - LMIinit.dll
MSConfigStartUp-AdVantage - C:\Program Files\AdVantage\AdVantage.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Mozilla\Firefox\Profiles\wbcllouu.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 13:12:45
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\ramaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-05 13:26:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-05 11:26:25

Pre-Run: 26,758,193,152 octets libres
Post-Run: 27,986,165,760 octets libres

314 --- E O F --- 2008-08-05 11:24:31
0
Réponse 15 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge le fichier CFScript et enregistre-le sur ton bureau :
http://www.zshare.net/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît (Type 1 to continue, or 2 to abort), tape 1 puis valide.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 16 / 26
Spider88
 
ComboFix 08-08-03.05 - Compaq_Propriétaire 2008-08-05 14:21:06.2 - NTFSx86
Endroit: C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Bureau\cfscript.txt
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-05 to 2008-08-05 ))))))))))))))))))))))))))))))))))))
.

2008-08-05 13:26 . 2008-08-05 13:26 <REP> d----c--- C:\Documents and Settings\InvitÚ.MAURICE
2008-08-05 13:26 . 2008-08-05 13:26 <REP> d----c--- C:\Documents and Settings\InvitÚ
2008-08-05 13:26 . 2008-08-05 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_PropriÚtaire.SPIDER88
2008-08-05 13:26 . 2008-08-05 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_PropriÚtaire.SPIDER.000
2008-08-05 10:10 . 2008-08-05 10:10 2,048 --a--c--- C:\WINDOWS\system32\ctkwpxjn.exe
2008-08-04 19:40 . 2008-08-04 19:40 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Malwarebytes
2008-08-04 19:40 . 2008-08-04 19:40 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Malwarebytes
2008-08-04 19:40 . 2008-08-04 19:40 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Malwarebytes
2008-08-04 19:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-04 19:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-04 19:39 . 2008-08-04 19:40 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-04 19:39 . 2008-08-04 19:39 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-04 19:30 . 2008-08-05 11:11 <REP> d----c--- C:\VundoFix Backups
2008-08-03 18:09 . 2005-01-01 23:10 <REP> d----c--- C:\Documents and Settings\spider88\WINDOWS
2008-08-03 18:09 . 2004-11-24 03:37 <REP> d----c--- C:\Documents and Settings\spider88\Voisinage réseau
2008-08-03 18:09 . 2004-11-24 03:37 <REP> d----c--- C:\Documents and Settings\spider88\Voisinage d'impression
2008-08-03 18:09 . 2008-05-18 23:58 <REP> d----c--- C:\Documents and Settings\spider88\Modèles
2008-08-03 18:09 . 2004-11-25 05:26 <REP> d----c--- C:\Documents and Settings\spider88\Mes documents
2008-08-03 18:09 . 2004-11-25 05:26 <REP> d----c--- C:\Documents and Settings\spider88\Menu Démarrer
2008-08-03 18:09 . 2008-05-18 16:15 <REP> d----c--- C:\Documents and Settings\spider88\Favoris
2008-08-03 18:09 . 2005-01-01 23:15 <REP> d----c--- C:\Documents and Settings\spider88\Bureau
2008-08-03 18:09 . 2005-01-01 23:30 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\Symantec
2008-08-03 18:09 . 2005-01-01 23:23 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\SampleView
2008-08-03 18:09 . 2005-01-01 23:10 <REP> d----c--- C:\Documents and Settings\spider88\Application Data\Apple Computer
2008-08-03 18:09 . 2008-08-03 18:09 <REP> d----c--- C:\Documents and Settings\spider88
2008-08-02 21:35 . 2008-08-02 21:35 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\skypePM
2008-08-02 21:35 . 2008-08-02 21:35 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\skypePM
2008-08-02 21:35 . 2008-08-02 21:35 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\skypePM
2008-08-02 21:35 . 2008-08-02 21:35 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-08-02 21:31 . 2008-08-02 22:17 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Skype
2008-08-02 21:31 . 2008-08-02 22:17 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Skype
2008-08-02 21:31 . 2008-08-02 22:17 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Skype
2008-08-02 21:30 . 2008-08-02 21:30 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-31 21:39 . 2008-07-31 21:41 <REP> d-------- C:\Program Files\File Properties Changer
2008-07-31 15:46 . 2008-07-31 15:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-31 15:46 . 2008-07-31 15:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-27 19:38 . 2008-07-27 19:38 <REP> d-------- C:\Program Files\VirtualDub
2008-07-25 19:55 . 2008-07-25 19:55 <REP> d----c--- C:\chatlog
2008-07-25 19:48 . 2008-07-25 19:57 140,885,248 --a--c--- C:\9 best1.AC3
2008-07-25 17:32 . 2008-06-11 02:07 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2008-07-25 17:32 . 2008-06-11 02:07 120,056 --------- C:\WINDOWS\system32\pxcpyi64.exe
2008-07-25 17:32 . 2008-06-11 02:07 118,520 --------- C:\WINDOWS\system32\pxinsi64.exe
2008-07-25 17:32 . 2008-06-11 02:07 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-07-25 17:32 . 2008-06-11 02:07 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-07-25 17:25 . 2008-07-25 17:25 0 --a--c--- C:\movie_1.avi
2008-07-25 13:38 . 2008-07-25 13:38 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\InterVideo
2008-07-25 13:38 . 2008-07-25 13:38 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\InterVideo
2008-07-25 13:38 . 2008-07-25 13:38 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\InterVideo
2008-07-25 13:30 . 2008-07-25 13:30 268 --ah-c--- C:\sqmdata05.sqm
2008-07-25 13:30 . 2008-07-25 13:30 244 --ah-c--- C:\sqmnoopt05.sqm
2008-07-24 23:15 . 2008-07-25 13:45 224,040,960 --a--c--- C:\out_3.vob
2008-07-24 23:15 . 2008-07-25 13:45 55,296 --a--c--- C:\out.ifo
2008-07-24 23:15 . 2008-07-25 13:45 206 --a--c--- C:\out.rpk
2008-07-24 23:15 . 2008-07-25 13:45 42 --a--c--- C:\out.lst
2008-07-24 23:12 . 2008-07-25 13:44 1,073,741,824 --a--c--- C:\out_2.vob
2008-07-24 23:10 . 2008-07-25 13:42 1,073,741,824 --a--c--- C:\out_1.vob
2008-07-22 14:47 . 2008-07-22 14:47 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\DivX
2008-07-22 14:47 . 2008-07-22 14:47 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\DivX
2008-07-22 14:47 . 2008-07-22 14:47 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\DivX
2008-07-22 13:40 . 2008-07-25 13:25 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\dvdcss
2008-07-22 13:40 . 2008-07-25 13:25 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\dvdcss
2008-07-22 13:40 . 2008-07-25 13:25 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\dvdcss
2008-07-22 13:16 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\No1 DVD Ripper
2008-07-22 02:42 . 2008-07-22 02:42 42,320 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-07-20 18:51 . 2008-07-20 19:02 161,792 --a------ C:\WINDOWS\mmproxy_40.mdb
2008-07-20 18:51 . 2008-07-20 18:51 100,352 --a------ C:\WINDOWS\mmproxy_40_Backup.mdb
2008-07-20 18:45 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Super Groovy
2008-07-20 18:44 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Picture Pyramid
2008-07-20 18:43 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Slickball
2008-07-20 18:42 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Feeding Frenzy
2008-07-20 18:42 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Feed The Snake
2008-07-20 18:36 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Alpha Ball
2008-07-20 18:28 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Playtonium Jigsaw Atlantic Lighthouses
2008-07-20 18:27 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Playtonium Jigsaw Animals of Africa
2008-07-20 18:25 . 2008-07-25 13:25 <REP> d-------- C:\Program Files\Truffle Tray
2008-07-20 18:15 . 2008-07-20 18:15 <REP> d-------- C:\Program Files\AIST
2008-07-20 18:12 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\MadCaps
2008-07-20 18:05 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\Aqua Bubble
2008-07-19 22:08 . 2008-07-25 13:26 <REP> d-------- C:\Program Files\Wippien
2008-07-19 22:08 . 2008-07-25 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Wippien
2008-07-19 22:08 . 2008-07-25 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Wippien
2008-07-19 22:08 . 2008-07-25 13:26 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Wippien
2008-07-14 10:05 . 2008-07-14 10:05 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\acccore
2008-07-14 10:05 . 2008-07-14 10:05 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\acccore
2008-07-14 10:05 . 2008-07-14 10:05 <REP> d----c--- C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\acccore
2008-07-14 10:04 . 2008-07-14 10:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-14 10:04 . 2008-07-14 10:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-07-14 10:03 . 2008-07-14 10:03 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL
2008-07-14 10:00 . 2008-07-14 10:03 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-07-12 11:57 . 2008-07-12 12:02 <REP> d-------- C:\Program Files\CoverPro
2008-07-11 19:01 . 2008-07-11 19:01 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\LogMeIn
2008-07-11 19:01 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll.000.bak
2008-07-11 19:01 . 2008-05-28 12:33 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-07-11 19:01 . 2008-03-07 13:39 45,848 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-07-11 19:01 . 2008-05-28 12:33 24,608 --a------ C:\WINDOWS\system32\LMIport.dll
2008-07-11 19:00 . 2008-08-05 11:16 <REP> d-------- C:\Program Files\LogMeIn
2008-07-11 19:00 . 2008-07-14 13:58 1,024 --a--c--- C:\.rnd
2008-07-11 18:25 . 2008-07-11 18:27 <REP> d-------- C:\Program Files\UnderCoverXP
2008-07-05 14:31 . 2008-08-03 18:42 <REP> d-------- C:\Program Files\DAEMON Tools
2008-07-05 14:31 . 2008-07-05 14:31 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-05 12:18 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\uTorrent
2008-08-05 12:18 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\uTorrent
2008-08-05 12:18 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\uTorrent
2008-08-05 11:43 --------- d-----w C:\Program Files\eMule
2008-08-04 21:46 --------- dc----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-08-04 21:13 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Hamachi
2008-08-04 21:13 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Hamachi
2008-08-04 21:13 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Hamachi
2008-08-04 17:29 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-02 19:30 --------- d-----w C:\Program Files\Fichiers communs\Skype
2008-08-01 11:18 --------- d-----w C:\Program Files\Xfire
2008-07-25 17:53 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Xfire
2008-07-25 17:53 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Xfire
2008-07-25 17:53 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Xfire
2008-07-25 15:33 --------- d-----w C:\Program Files\DivX
2008-07-14 08:05 --------- d-----w C:\Program Files\AIM6
2008-07-03 13:14 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\AdobeUM
2008-07-03 13:14 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\AdobeUM
2008-07-03 13:14 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\AdobeUM
2008-07-02 15:49 --------- dc----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-30 15:05 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Microsoft Web Folders
2008-06-30 15:05 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Microsoft Web Folders
2008-06-30 15:05 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Microsoft Web Folders
2008-06-30 15:04 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-26 18:28 --------- dc----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-06-26 18:28 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-06-25 19:38 --------- dc----w C:\Documents and Settings\All Users\Application Data\Avira
2008-06-24 16:42 --------- dc----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-06-24 16:34 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-24 16:06 --------- d-----w C:\Program Files\Managed DirectX (0900)
2008-06-24 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-24 11:12 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\OpenOffice.org2
2008-06-24 11:12 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\OpenOffice.org2
2008-06-24 11:12 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\OpenOffice.org2
2008-06-24 09:24 --------- dc----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-24 09:15 --------- d-----w C:\Program Files\Microsoft Games
2008-06-20 17:46 --------- d-----w C:\Program Files\Futuroscope Experience ADF
2008-06-20 17:32 --------- d-----w C:\Program Files\Logitech
2008-06-20 13:31 --------- d-----w C:\Program Files\Google
2008-06-20 13:22 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-17 16:20 --------- d-----w C:\Program Files\Easy Internet signup
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 13:21 --------- d-----w C:\Program Files\Convar
2008-06-13 12:53 --------- d-----w C:\Program Files\Morgan
2008-06-12 16:39 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Samsung
2008-06-12 16:39 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Samsung
2008-06-12 16:39 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\Samsung
2008-06-11 00:07 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-06-10 12:50 --------- d-----w C:\Program Files\DAP
2008-06-10 08:30 --------- d-----w C:\Program Files\Combined Community Codec Pack
2008-06-10 08:29 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer
2008-06-10 08:29 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer
2008-06-10 08:29 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer
2008-06-10 08:16 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer Pro
2008-06-10 08:16 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer Pro
2008-06-10 08:16 --------- dc----w C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Application Data\BSplayer Pro
2008-06-07 13:17 --------- d-----w C:\Program Files\Java
2008-06-07 12:11 --------- d-----w C:\Program Files\VirtualDubMOD
2008-06-06 15:19 209,636 ----a-w C:\WINDOWS\IPUI_DivXG400.exe
2008-06-06 15:11 --------- d-----w C:\Program Files\Rippackv3
2008-05-17 15:23 679 -c--a-w C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\Application Data\waver_2.95.dat
2008-05-09 18:53 744 -c--a-w C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\Application Data\filterclsid.dat
2008-04-08 01:39 16,577 ----a-w C:\Program Files\Lightroom - Bitte lesen.html
2008-04-08 01:30 16,925 ----a-w C:\Program Files\Lightroom - Lisez-moi.html
2008-04-08 00:11 15,628 ----a-w C:\Program Files\Lightroom Read Me.html
2008-03-07 18:07 24,192 -c--a-w C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\usbsermptxp.sys
2008-03-07 18:07 22,768 -c--a-w C:\Documents and Settings\Compaq_Propriétaire.SPIDER88\usbsermpt.sys
2008-01-01 14:18 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
2007-04-30 22:19 245,760 ----a-w C:\Program Files\Uninstall Ask Toolbar.dll
2006-08-12 15:27 81,920 ----a-w C:\Documents and Settings\jojo !\Application Data\ezpinst.exe
2006-08-12 15:27 47,360 ----a-w C:\Documents and Settings\jojo !\Application Data\pcouffin.sys
2006-07-18 13:41 1,019,094 --sha-r C:\Program Files\serial.tde
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.zip
2006-05-28 16:46 397,306 --sha-r C:\Program Files\wunauclt.tbe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-20 15:30 68856]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [2008-05-11 13:19 5423104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 18:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-06 05:05 339968]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-10-14 00:04 278528]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 22:43 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2003-09-12 21:13 98304]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 22:54 253952]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2004-12-14 02:23 663552]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-25 13:32 266497]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00 128920]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 15:31 63048]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 88363 C:\WINDOWS\AGRSMMSG.exe]

C:\Documents and Settings\Compaq_Propri‚taire.SPIDER88\Menu D‚marrer\Programmes\D‚marrage\
hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-05-02 09:19:27 624416]
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-24 16:25:23 110592]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Propriétaire.SPIDER.000^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-06-10 14:39 3053056 C:\Program Files\DAP\DAP.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\TchecMeet\\Tchecmeet.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Custom Edition\\haloce.exe"=
"C:\\Program Files\\SmartWhois\\sw.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires\\EMPIRESX.EXE"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"C:\\Program Files\\Microsoft Games\\Halo Server\\haloded.exe"=
"C:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"C:\\Program Files\\Fichiers communs\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3473:UDP"= 3473:UDP:Windows Media Format SDK (firefox.exe)
"3472:UDP"= 3472:UDP:Windows Media Format SDK (firefox.exe)
"57089:TCP"= 57089:TCP:Pando P2P TCP Listening Port
"57089:UDP"= 57089:UDP:Pando P2P UDP Listening Port

R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2008-03-07 13:39]
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2008-02-28 15:31]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-07-30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57]

2008-08-05 C:\WINDOWS\Tasks\Connexion facile à Internet.job
- C:\Program Files\Easy Internet signup\HPSdpApp.exe [2005-03-03 19:04]

2008-08-05 C:\WINDOWS\Tasks\HPpromotions psc 2350 series.job
- C:\Program Files\HP\Digital Imaging\bin\HP Promotions\AiOMVC\HPpromo.exe [2005-04-22 18:36]

2008-08-01 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe []
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 14:29:04
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-05 14:37:56
ComboFix-quarantined-files.txt 2008-08-05 12:37:49
ComboFix2.txt 2008-08-05 11:26:39

Pre-Run: 27,745,951,744 octets libres
Post-Run: 27,740,307,456 octets libres

292 --- E O F --- 2008-08-05 11:24:31
0
Réponse 17 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Mets à jour Internet Explorer :
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr

---> Mets à jour Java :
https://www.java.com/fr/download/manual.jsp

---> Poste un nouveau rapport HijackThis
0
Réponse 18 / 26
Spider88
 
ile of Trend Micro HijackThis v2.0.2
Scan saved at 15:13:52, on 05/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Propriétaire.SPIDER.000\Mes documents\My Completed Downloads\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q305&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.msn.com/fr-fr?cobrand=compaq-desktop.msn.com&ocid=HPDHP&pc=CPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDDF4547-9240-4F63-A101-54EBE09CD871}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
0
Réponse 19 / 26
spider88
 
ne tener pas compte du Windows/ system32/ SNDVOL32.exe ( fausse manip' )
0
Réponse 20 / 26
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

---> Enregistre le fichier sur le Bureau.

---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste Standard List of Files/Folders to be moved.

C:\WINDOWS\system32\ctkwpxjn.exe
C:\WINDOWS\system32\ezsidmv.dat
C:\Documents and Settings\jojo !\Application Data\ezpinst.exe
C:\Program Files\Winsos\
C:\Program Files\AdVantage\

---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.

---> Redémarre ton PC et poste un nouveau rapport HijackThis
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses