Sujet Précédent Sujet Suivant

A L'AIDE TROJAN ET POP UP

jphil069 Messages postés 4 Statut Membre -  
papyber Messages postés 6430 Statut Contributeur sécurité -
Bonjour,
Ce qui m'arrive n'a rien d'extraordinaire au vu de ce que j'ai lu sur ce forum!
J'ai "chopé" Zlob Trojan ...et compagnie + scanner.vav-x-scanner.
Et tout en ayant téléchargé une version (donc vérolée) de Ad-Aware.
Donc... be aware!!!!!!!!!!!
J'ai "tout" essayé mais en vain pour éliminer ces saloperies (plusieurs spyware, redémarrage en mode sans échecs, scans avec anti-virus [Norton qui n'a rien détecté!], corrections avec RegCleaner et CCleaner, etc.....).
Rien n'y fait.
Au démarrage de Win XP, j'ai des messages d'erreur comme quoi il y a un problème dans l'adresse ......(plein de zéros) - à mon avis pb de chargement de windows - car par exemple quand je veux utiliser outlook express, je ne suis plus reconnu, idem pour me brancher sur ma messagerie à partir de mon FAI et quand j'utilise Internet Explorer, je ne peux plus être identifié car en plus on me dit que je suis mal configuré (ne peux recevoir des cookies) et plein de fenêtres de pub s'affichent malgré un anti-pop up (norton internet securities) et régulièrement NIS me dit qu'il bloque une attentive d'intrusion et une nouvelle page internet s'ouvre mais avec connexion refusée avec une adresse en chiffres seulement!...............

Voici les rapports de malwarebytes et Hijackthis.
Si qqu'un peut m'aider .................
Merci bcp à l'avance!
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1017
Windows 5.1.2600 Service Pack 3

10:54:15 03/08/2008
mbam-log-8-3-2008 (10-54-15).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 245308
Temps écoulé: 10 hour(s), 10 minute(s), 54 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 20
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 13

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\efcCUnLe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\vrualdar.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\wvUoNGYr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\clnqsz.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0f1bf5ab-5424-47a1-8479-0ca3272d118d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0f1bf5ab-5424-47a1-8479-0ca3272d118d} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62ffbf73-2200-40dc-82ee-a6a8815682ad} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{62ffbf73-2200-40dc-82ee-a6a8815682ad} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{39dc821c-fe03-415f-8f47-b50ada5d7d1a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39dc821c-fe03-415f-8f47-b50ada5d7d1a} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wvuongyr (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{4d25f920-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d25f923-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{4d25f924-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\28cf998a (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{39dc821c-fe03-415f-8f47-b50ada5d7d1a} (Trojan.Vundo) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccunle -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\efccunle -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\clnqsz.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\efcCUnLe.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\eLnUCcfe.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eLnUCcfe.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vrualdar.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\radlaurv.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUoNGYr.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\0pop.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll (Adware.MyWay) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvfkaixs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkLFXrS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\XXXXX\Favoris\Online Security Test.url (Rogue.Link) -> Quarantined and deleted successfully.

Logfile of HijackThis v1.99.1
Scan saved at 23:11:19, on 02/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\M6 Video\M6video.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rmctrl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\zeropop.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\sysdoc32.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [28cf998a] rundll32.exe "C:\WINDOWS\system32\vrualdar.dll",b
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Startup: 0pop.lnk = C:\Program Files\zeropop.exe
O4 - Startup: Norton System Doctor.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: clnqsz.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
A voir également:

11 réponses

Réponse 1 / 11
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
tu es infecté
fais ceci

Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4

Le PC va être redémarré lors du passage de VundoFix, je te conseille donc de fermer et enregistrer tout ce que tu as en cours!

Fais un double clic sur VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo
Lorsque l'analyse de ton PC est terminée, clique sur le bouton Fix Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique sur YES
Après avoir cliqué sur Yes, le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer
Clique sur OK

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage.
Coche les fichiers à supprimer qui te sont proposés
Clique sur Fix Vundo et laisse Vundofix redémarrer le PC
Renouvelle l'opération si demandé.

Copie/colle le contenu du rapport situé dans C:\VundoFix.txt (si XP est installé sur C:\ dans le cas contraire, il sera à la racine de ta partition système) ainsi qu'un nouveau rapport Hijack This dans ta prochaine réponse

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
***Si le lien ne fonctionne pas, essaie celui-ci :
http://download.bleepingcomputer.com/andymanchesta/SDFix.exe ***

Double clique sur SDFix.exe et choisis Install. L'outil sera extrait à la racine du lecteur système (généralement le C:\).
Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
· Redémarre ton ordinateur
· Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (F5 sur certains PC), une pression par seconde.
· A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
· Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
· Choisis ton compte.
Déroule la liste des instructions ci-dessous :
· Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
· Appuie sur Y pour commencer le processus de nettoyage.
· Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
· Appuie sur une touche pour redémarrer le PC.
· Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
· Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
· Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
· Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
· Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Télécharge ComboFix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Tutoriel officiel de ComboFix, afin de l’utiliser correctement
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Désactive ton antivirus, antispyware, et Spybot-S&D (résident) durant l'utilisation de ComboFix. Merci. Tu le réactiveras ensuite, en fin de désinfection.
Voir ici comment désactiver tes protections
https://forum.pcastuces.com/default.asp
Double clique sur ComboFix.exe (ComboFix)
Tape 1 puis tape sur Entrée
A noter: une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.
Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...
A la fin de l’analyse, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
Si le rapport n'apparaît pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)

2
jphil069 Messages postés 4 Statut Membre
 
Merci, merci bcp.
Je vais essayé de faire tout cela ce soir!
Bonne journée.
0
Réponse 2 / 11
XogoX Messages postés 278 Statut Membre 5
 
Salut

déjà,mets à jour ta version hijackthis de 1.99.1 ->>2.0.2

Et après refait un scan hijackthis et colle le ici

et on voit que tu es infecté par le trojan vundo et je te passe un site (très bien)pour l'enlever

http://www.malekal.com/Trojan.vundo.php

En espérant t'avoir aidé

PS:c'est possible qu'il y ait d'autre infections,mais on attends ton scan hijackthis version 2.0.2
0
Réponse 3 / 11
jphil069 Messages postés 4 Statut Membre
 
Bonjour et merci pour cette réponse ultra rapide !
Malheureusement, je n'ai pas pu charger la dernière version de Hijackthis (!!!!) - refus total du serveur!!! -
Et de plus comme mon ordi refuse les cookies, je suis obligé de passer par un autre pour poster mes messages sur le forum (pratique!!). De sorte que je ne pourrai poursuivre cette "conversation" que......demain!
Désolé, mais si qq'un peut me donner des tuyaux entre-temps, je suis preneur!
A+ et merci encore
0
Réponse 4 / 11
jphil069 Messages postés 4 Statut Membre
 
Bonjour!!!!!!

Voilà!
J'ai fais les manip indiquées et voici les rapports.
Apparemment tout semble s'être bien passé sauf que après VundoFix, Windows XP ne tenait plus le mode sans échec (plantage au bout de très peu de temps). Alors impossible de passer SDFix. J'ai donc utilisé ensuite ComboFix sans problème et après j'ai reessayé le mode SE et là plus de problème.
Après une courte navig sur le net, je n'ai pas non plus été embêté par des pops up.
Tout se serait-il arrangé?
Merci à l'avance pour vos réponses.
Cordialement.

Voici les rapports :

Logfile of HijackThis v1.99.1
Scan saved at 19:27:50, on 05/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\M6 Video\M6video.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\rmctrl.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\zeropop.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\XXXXX\Bureau\Logiciels Système\hijackthis\HijackThis.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\agent.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [m6] C:\Program Files\M6 Video\M6video.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [EEventManager] C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -lock
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\system32\rmctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: 0pop.lnk = C:\Program Files\zeropop.exe
O4 - Startup: Norton System Doctor.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Program Files\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {09CC593B-E8A9-4491-927D-A3E33534DDD4} (InstallerObj Class) - http://www.1-click.com/common/files/installer2.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://www.msn.com/fr-fr/
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://www.gamespy.com
O16 - DPF: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} (Image Uploader) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - https://secure.photobox.com/assets/aurigma/ImageUploader4.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - http://www.mypix.com/importer/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 22:27:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,53,a0,9b,9f,1a,a9,40,28,7f,2a,00,02,e8,fa,03,86,fb,..
"hj34z0"=hex:6c,97,ce,6c,d0,77,16,76,de,b7,14,f2,6f,3f,09,11,2d,ef,8e,61,d4,..
"hj34z1"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
"hj34z2"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
"hj34z3"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
"hj34z4"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,fd,fa,71,90,f5,28,ac,5d,b4,d5,bd,d8,c7,0c,18,69,6e,..
"hj34z0"=hex:a3,59,b5,02,11,c5,6f,b6,31,62,d0,0a,c6,d8,8c,c3,36,da,bc,e0,45,..
"hj34z1"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
"hj34z2"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
"hj34z3"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
"hj34z4"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]SDFix: Version 1.213 /b
Run by XXXXXXX on 05/08/2008 at 22:15

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

[b]Checking Files /b:

Trojan Files Found:

C:\Documents and Settings\XXXXX\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.xxxxxxxxx.com\settings.sol - Deleted

Folder C:\Documents and Settings\ANDRIOT\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.xxxxxxxxxxxxx.com - Removed

Removing Temp Files

[b]ADS Check /b:

[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-05 22:27:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40]
"khjeh"=hex:20,02,00,00,53,a0,9b,9f,1a,a9,40,28,7f,2a,00,02,e8,fa,03,86,fb,..
"hj34z0"=hex:6c,97,ce,6c,d0,77,16,76,de,b7,14,f2,6f,3f,09,11,2d,ef,8e,61,d4,..
"hj34z1"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
"hj34z2"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
"hj34z3"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
"hj34z4"=hex:c1,97,ce,6c,a8,77,16,76,df,b7,15,f2,6e,3f,09,11,2d,ef,8e,61,a4,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41]
"khjeh"=hex:20,02,00,00,fd,fa,71,90,f5,28,ac,5d,b4,d5,bd,d8,c7,0c,18,69,6e,..
"hj34z0"=hex:a3,59,b5,02,11,c5,6f,b6,31,62,d0,0a,c6,d8,8c,c3,36,da,bc,e0,45,..
"hj34z1"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
"hj34z2"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
"hj34z3"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
"hj34z4"=hex:1a,59,b5,02,69,c5,6f,b6,30,62,d1,0a,c7,d8,8c,c3,36,da,bc,e0,55,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40]

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services /b:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\M6 Video\\M6video.exe"="C:\\Program Files\\M6 Video\\M6video.exe:*:Enabled:OneClick"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\XXXXXXXXX\\Bureau\\Logiciels Internet\\utorrent.exe"="C:\\Documents and Settings\\XXXXXXXXXX\\Bureau\\Logiciels Internet\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"="C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.0"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"="C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe:*:Enabled:tvprunner"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files /b:

File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:

Sun 27 Jul 2008 65,536 ..SH. --- "C:\Documents and Settings\XXXXXXXXXXX "
Fri 11 Nov 2005 4,126,240 ...H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 7 Jul 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 7 Jul 2008 4,891,472 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 7 Jul 2008 2,156,368 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sun 4 Mar 2007 210,432 A..H. --- "C:\SauvUSBDISKPRO\XXX\~WRL2606.tmp"
Tue 27 Dec 2005 56 A.SHR --- "C:\WINDOWS\system32\7F29E3841A.sys"
Mon 3 Oct 2005 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 16 Apr 2007 893 A..H. --- "C:\Program Files\Outlook Express\v6cxtVTEGdDgA2u\XiRTH9JG.tmp"
Fri 27 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 8 Aug 2007 400 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COH32LU.reg"
Wed 8 Aug 2007 403 A..H. --- "C:\Program Files\Fichiers communs\Symantec Shared\COH\COHDLU.reg"
Thu 13 Jul 2006 839 A..H. --- "C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy\v6cxtVTEGdDgA2u\XiRTH9JG.tmp"
Wed 4 Oct 2006 3,072,000 A..H. --- "C:\Documents and Settings\XXXXXXX\Application Data\U3\temp\Launchpad Removal.exe"
Wed 24 Sep 2003 60,928 A..H. --- "C:\SauvUSBDISKPRO\XXX\XXXXXXX\1. XXXXXXX 230\KASTNER - CAILLE\~WRL2731.tmp"
Wed 19 Nov 2003 60,416 A..H. --- "C:\SauvUSBDISKPRO\XXXXX\XXXXXX\4. XXXXX XXXXXX\XXXXXXX\~WRL0527.tmp"
Tue 18 Nov 2003 58,880 A..H. --- "C:\SauvUSBDISKPRO\XXX\XXXXX\4. XXXX XXXXXXX\XXXXXX\~WRL3135.tmp"
Wed 24 Sep 2003 60,928 A..H. --- "C:\Mes documents\XXXXX\XXXXXX\XXXXX\1. XXXXXXXXX230\XXXXXX\~WRL2731.tmp"
Wed 19 Nov 2003 60,416 A..H. --- "C:\Mes documents\XXXXXX\XXXXXXX\XXXXXX\4. XXXXXXXXXXXXXX\~WRL0527.tmp"
Tue 18 Nov 2003 58,880 A..H. --- "C:\Mes documents\XXXXXXX\XXXXXXXX\XXXXXXXX\4. XXXXXX XXXXXX\~WRL3135.tmp"
Wed 24 Sep 2003 60,928 A..H. --- "C:\SauvUSBDISKPRO\XXXXX\XXXXX\XXXXXX\1.XXXX XXXXXXX\XXXXX XXXXXXXX\~WRL2731.tmp"
Wed 19 Nov 2003 60,416 A..H. --- "C:\SauvUSBDISKPRO\XXXXXX\XXXXXXX\XXXXX\4. XXXX XXXXXXXX\XXXXXX XXXX\~WRL0527.tmp"
Tue 18 Nov 2003 58,880 A..H. --- "C:\SauvUSBDISKPRO\XXXXX\XXXXXXXX\XXX\4. XXXXXXX\XXXXXX XXXXXXX\~WRL3135.tmp"

[b]Finished!/b
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
il me faudrait le rapport combofix pour vérification...
0
Réponse 6 / 11
jphil069
 
bonsoir,
Voici le rapport :

ComboFix 08-08-04.07 - XXXXXXX 2008-08-06 20:01:42.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.470 [GMT 2:00]
Endroit: C:\Documents and Settings\XXXXXX\Bureau\Logiciels Système\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-06 to 2008-08-06 ))))))))))))))))))))))))))))))))))))
.

2008-08-05 22:13 . 2008-08-05 22:13 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-05 22:13 . 2008-08-05 22:13 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-05 20:56 . 2008-08-05 20:56 99,712 --a------ C:\WINDOWS\system32\nsfmdvyj.dll
2008-08-05 20:56 . 2008-08-05 22:30 474 ---hs---- C:\WINDOWS\system32\jyvdmfsn.ini
2008-08-05 19:55 . 2008-08-05 19:55 294 ---hs---- C:\WINDOWS\system32\jgmerrkn.ini
2008-08-05 19:54 . 2008-08-05 19:54 99,712 --a------ C:\WINDOWS\system32\nkrremgj.dll
2008-08-05 19:10 . 2008-08-05 19:10 <REP> d-------- C:\VundoFix Backups
2008-08-04 19:41 . 2008-08-04 19:41 294 ---hs---- C:\WINDOWS\system32\muvsljdy.ini
2008-08-03 18:37 . 2008-08-03 18:37 294 ---hs---- C:\WINDOWS\system32\apcorryc.ini
2008-08-03 11:54 . 2008-08-03 11:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-03 11:54 . 2008-08-03 12:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Documents and Settings\XXXXXXXXXXApplication Data\Malwarebytes
2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 23:20 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-02 23:20 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 16:36 . 2000-12-08 21:59 122,880 --a------ C:\WINDOWS\UnGins.exe
2008-08-01 18:34 . 2008-08-02 17:01 886 ---hs---- C:\WINDOWS\system32\anajaqhw.ini
2008-07-31 23:03 . 2008-08-01 18:32 474 ---hs---- C:\WINDOWS\system32\pbbfbkda.ini
2008-07-31 21:21 . 2008-07-31 21:58 354 ---hs---- C:\WINDOWS\system32\scvlpexk.ini
2008-07-27 10:14 . 2008-07-27 14:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 10:12 . 2008-07-27 10:12 65,536 ---hs---- C:\Documents and Settings\XXXXXXXXXX\XXXXXXXXX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 18:00 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-06 17:55 --------- d-----w C:\Program Files\Wanadoo
2008-08-05 20:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-03 11:58 --------- d-----w C:\Program Files\eMule
2008-08-02 19:40 --------- d-----w C:\Program Files\Google
2008-08-02 14:36 1,599 ----a-w C:\Program Files\INSTALL.LOG
2008-08-01 23:37 --------- d-----w C:\Program Files\Free FLV Converter
2008-08-01 22:14 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-28 10:12 --------- d-----w C:\Program Files\Norton SystemWorks
2008-07-27 17:23 --------- d-----w C:\Documents and Settings\ANDRIOT\Application Data\Skype
2008-07-27 10:30 --------- d-----w C:\Documents and Settings\ANDRIOT\Application Data\uTorrent
2008-07-27 10:23 --------- d-----w C:\Documents and Settings\ANDRIOT\Application Data\Lavasoft
2008-07-27 09:38 --------- d-----w C:\Program Files\24-FR
2008-07-23 11:08 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2008-07-23 11:08 --------- d-----w C:\Program Files\1&1 Internet AG
2008-07-16 16:59 --------- d-----w C:\Program Files\Avanquest update
2008-07-15 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-13 18:10 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-07-13 18:07 0 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2008-07-12 02:52 233,472 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-07-09 19:02 --------- d-----w C:\Documents and Settings\XXXXXXXXXX\Application Data\U3
2008-07-02 21:41 --------- d-----w C:\Program Files\Canon PhotoStitch
2008-06-28 16:17 381,724 ----a-w C:\Documents and Settings\XXXXXX\Application Data\mdbu.bin
2008-06-24 22:33 --------- d-----w C:\Documents and Settings\XXXXXXX\Application Data\XXXXXXX
2008-06-21 16:56 --------- d-----w C:\Program Files\Fnac
2008-06-20 18:39 --------- d-----w C:\Program Files\LETMIN
2008-06-20 18:39 --------- d-----w C:\Program Files\Icone
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 15:52 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-06-07 10:35 --------- d-----w C:\Program Files\iTunes
2008-06-07 10:35 --------- d-----w C:\Program Files\iPod
2008-06-07 10:35 --------- d-----w C:\Program Files\Bonjour
2008-06-03 09:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-16 22:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLeh.DAT
2006-11-17 18:27 2,532,922 ----a-w C:\WINDOWS\inf\SET101D.tmp
2006-01-01 17:08 5,984 ----a-w C:\Documents and Settings\ANDRIOT\Application Data\wklnhst.dat
2004-08-05 11:00 1,568,358 ----a-w C:\WINDOWS\inf\SET1090.tmp
2003-08-19 00:04 1,024,512 ----a-w C:\Program Files\zeropop.exe
2005-12-27 21:30 56 --sha-r C:\WINDOWS\system32\7F29E3841A.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-05_22.10.41.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-03 02:05:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-05 20:13:04 14,696,448 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-05 20:13:04 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-03 02:05:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-05 20:13:03 14,696,448 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-05 20:13:03 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 16:54 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 12:55 1871872]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 16:18 405583]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 01:52 36864]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-12 00:10 4583424]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"m6"="C:\Program Files\M6 Video\M6video.exe" [2007-07-24 11:13 1444352]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50 139264]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09 102400]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-28 23:27 185632]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2000-10-16 10:37 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"nwiz"="nwiz.exe" [2005-10-10 21:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2004-11-12 00:10 86016 C:\WINDOWS\system32\nvmctray.dll]
"CTHelper"="CTHELPER.EXE" [2004-03-11 16:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

C:\Documents and Settings\XXXXXXX\Menu D‚marrer\Programmes\D‚marrage\
0pop.lnk - C:\Program Files\zeropop.exe [2003-08-19 02:04:14 1024512]
Norton System Doctor.lnk - C:\Program Files\Norton SystemWorks\Norton Utilities\sysdoc32.exe [2005-11-30 17:23:44 83680]

C:\Documents and Settings\XXXXXXXXX\Menu D‚marrer\Programmes\D‚marrage\
0pop.lnk - C:\Program Files\zeropop.exe [2003-08-19 02:04:14 1024512]
Norton System Doctor.lnk - C:\Program Files\Norton SystemWorks\Norton Utilities\sysdoc32.exe [2005-11-30 17:23:44 83680]

C:\Documents and Settings\XXXXXXX\Menu D‚marrer\Programmes\D‚marrage\
0pop.lnk - C:\Program Files\zeropop.exe [2003-08-19 02:04:14 1024512]
Norton System Doctor.lnk - C:\Program Files\Norton SystemWorks\Norton Utilities\sysdoc32.exe [2005-11-30 17:23:44 83680]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"MSACM.CEGSM"= mobilev.acm
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP31"= vp31vfw.dll
"VIDC.MPG4"= msmpeg4.dll
"VIDC.MP42"= msmpeg4.dll
"VIDC.MP43"= msmpeg4.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winap78.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbw08.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winem74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winor65.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winti72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwg34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\M6 Video\\M6video.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\XXXXXXXX\\Bureau\\Logiciels Internet\\utorrent.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-18 13:43]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-01-31 14:15]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-18 13:44]
S0 Winbw08;Winbw08;C:\WINDOWS\system32\Drivers\Winbw08.sys []
S0 Winor65;Winor65;C:\WINDOWS\system32\Drivers\Winor65.sys []
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
S3 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-09-11 11:27]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 12:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4331d970-db01-11db-829b-00123f6c5d86}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3db9665-e917-11db-82a1-00123f6c5d86}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa125a4-a0d4-11dc-8301-00123f6c5d86}]
\Shell\AutoRun\command - T:\InstallTomTomHOME.exe

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-07-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-04 C:\WINDOWS\Tasks\Norton Internet Security - Effectuer une analyse complète du système - XXXXXXXX.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 19:19]

2008-07-28 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2005-12-01 14:27]

2008-08-05 C:\WINDOWS\Tasks\Symantec Drmc.job
- C:\Program Files\Fichiers communs\Symantec Shared\SymDrmc.exe [2005-10-26 19:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - (no file)
BHO-{5C95CA56-F0B6-42CF-A4FB-7E90C25552F3} - (no file)
BHO-{9DB52845-8972-463D-AAFA-21DDF38BE89C} - (no file)
BHO-{BD6E8F2F-2C8A-4C1E-98CA-D82B7494AED6} - (no file)
Notify-wvUoNGYr - (no file)

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R0 -: HKCU-Main,Start Page = hxxp://www.orange.fr/
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O9 -: { - C:\Program Files\Messenger\msmsgs.exe
O18 -: Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O18 -: Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O18 -: Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll

O16 -: {09CC593B-E8A9-4491-927D-A3E33534DDD4} - hxxp://www.1-click.com/common/files/installer2.cab
C:\WINDOWS\Downloaded Program Files\installer2.dll

O16 -: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe

O16 -: {A73BAEFA-EE65-494D-BEDB-DD3E5A34FA98} - hxxp://www.extrafilm.fr/ImageUploader4.cab
C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx

O16 -: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://www.photoways.com/assets/aurigma/ImageUploader4.cab
C:\WINDOWS\Downloaded Program Files\ImageUploader4.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ImageUploader4.ocx
C:\WINDOWS\system32\unicows.dll

O16 -: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - hxxp://www.XXXXX.fr/download/cfweb_www.XXXXXXXX.fr-download_instmodule.exe

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 20:04:20
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
Temps d'accomplissement: 2008-08-06 20:05:42
ComboFix-quarantined-files.txt 2008-08-06 18:05:27
ComboFix2.txt 2008-08-05 20:11:30

Pre-Run: 295,385,628,672 octets libres
Post-Run: 295,361,847,296 octets libres

309 --- E O F --- 2008-07-27 10:33:41
0
Réponse 7 / 11
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
va sur virus total
https://www.virustotal.com/gui/
et fais examiner ces fichiers
C:\WINDOWS\system32\7F29E3841A.sys
C:\WINDOWS\system32\Drivers\Winbw08.sys
C:\WINDOWS\system32\Drivers\Winor65.sys
poste les rapports obtenus
0
Réponse 8 / 11
jphil069
 
MERCI ENCORE!

Voici le rapport pour le premier fichier.
Par contre, rien pour les autres. Impossibles à trouver malgré recherche aprofondie!!!!!!

C:\WINDOWS\system32\7F29E3841A.sys

Fichier 7F29E3841A.sys reçu le 2008.08.06 23:10:33 (CET)
Situation actuelle: terminé
Résultat: 0/36 (0%)
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.8.7.0 2008.08.06 -
AntiVir 7.8.1.19 2008.08.06 -
Authentium 5.1.0.4 2008.08.05 -
Avast 4.8.1195.0 2008.08.06 -
AVG 8.0.0.156 2008.08.06 -
BitDefender 7.2 2008.08.06 -
CAT-QuickHeal 9.50 2008.08.06 -
ClamAV 0.93.1 2008.08.06 -
DrWeb 4.44.0.09170 2008.08.06 -
eSafe 7.0.17.0 2008.08.06 -
eTrust-Vet 31.6.6015 2008.08.06 -
Ewido 4.0 2008.08.06 -
F-Prot 4.4.4.56 2008.08.06 -
F-Secure 7.60.13501.0 2008.08.06 -
Fortinet 3.14.0.0 2008.08.06 -
GData 2.0.7306.1023 2008.08.06 -
Ikarus T3.1.1.34.0 2008.08.06 -
K7AntiVirus 7.10.405 2008.08.06 -
Kaspersky 7.0.0.125 2008.08.06 -
McAfee 5355 2008.08.06 -
Microsoft 1.3807 2008.08.06 -
NOD32v2 3333 2008.08.06 -
Norman 5.80.02 2008.08.06 -
Panda 9.0.0.4 2008.08.06 -
PCTools 4.4.2.0 2008.08.06 -
Prevx1 V2 2008.08.06 -
Rising 20.56.22.00 2008.08.06 -
Sophos 4.31.0 2008.08.06 -
Sunbelt 3.1.1537.1 2008.08.06 -
Symantec 10 2008.08.06 -
TheHacker 6.2.96.393 2008.08.04 -
TrendMicro 8.700.0.1004 2008.08.06 -
VBA32 3.12.8.2 2008.08.06 -
ViRobot 2008.8.6.1326 2008.08.06 -
VirusBuster 4.5.11.0 2008.08.06 -
Webwasher-Gateway 6.6.2 2008.08.06 -
Information additionnelle
File size: 56 bytes
MD5...: 046f5256e4053f4dd064712ca3778c43
SHA1..: ea074dd8fb56e21cc79898170feb3d0e01778852
SHA256: 44ef1d440fb6122f655dbd278fa8f722357b66dba5abb906c86bda34f2d1995a
SHA512: 246f92f9db6dc1a2dc375ad75a023e14cc13779c87f4a09863a12823da6351ec
d88d055792550b0a5c336498625639d6ca2ef92779c1ff8e78147855de7eeb81
PEiD..: -
PEInfo: -

C:\WINDOWS\system32\Drivers\Winbw08.sys

C:\WINDOWS\system32\Drivers\Winor65.sys
0
Réponse 9 / 11
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
Rappel : une fois que ComboFix est lancé, il ne faut pas cliquer dans la fenêtre de ComboFix car cela pourrait entraîner un plantage du programme.
Il est recommandé de laisser l'outil analyser et nettoyer le PC sans utiliser quoi que ce soit d'autre...
Sélectionne le texte suivant (Ctrl+A): 
Driver::
Winbw08
Winor65
File::
C:\WINDOWS\Downloaded Program Files\installer2.dll
C:\WINDOWS\system32\nsfmdvyj.dll
C:\WINDOWS\system32\jyvdmfsn.ini
C:\WINDOWS\system32\jgmerrkn.ini
C:\WINDOWS\system32\nkrremgj.dll
C:\WINDOWS\system32\muvsljdy.ini
C:\WINDOWS\system32\apcorryc.ini
C:\WINDOWS\system32\anajaqhw.ini
C:\WINDOWS\system32\pbbfbkda.ini
C:\WINDOWS\system32\scvlpexk.ini
C:\WINDOWS\inf\SET101D.tmp
C:\WINDOWS\inf\SET1090.tmp
C:\WINDOWS\system32\Drivers\Winbw08.sys
C:\WINDOWS\system32\Drivers\Winor65.sys

Copie le texte sélectionné (CTRL+C).
Ouvre le Bloc-notes (Démarrer/Tous les programmes/Accessoires/Bloc-notes).
Colle le texte copié dans ce Bloc-notes (CTRL+V).
Sauvegarde ce fichier sur ton Bureau sous le nom de CFScript.txt (CFScript)
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Comme l'image le montre, fait glisser CFScript.txt sur ComboFix.exe(ComboFix)
Une fenêtre à fond bleu va s'ouvrir: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Laisse ComboFix travailler
Patiente le temps de l'analyse. Le Bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le nettoyage n'est pas terminé.
Un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, tu le trouves ici, à la racine de ton Système, en principe : C:\ComboFix.txt (C:\ComboFix)
0
Réponse 10 / 11
jphil069
 
ComboFix 08-08-04.07 - xxxxxxx 2008-08-07 16:17:33.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.494 [GMT 2:00]
Endroit: C:\Documents and Settings\xxxxxxx\Bureau\Logiciels Système\ComboFix.exe
Command switches used :: C:\Documents and Settings\ANDRIOT\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\Downloaded Program Files\installer2.dll
C:\WINDOWS\inf\SET101D.tmp
C:\WINDOWS\inf\SET1090.tmp
C:\WINDOWS\system32\anajaqhw.ini
C:\WINDOWS\system32\apcorryc.ini
C:\WINDOWS\system32\Drivers\Winbw08.sys
C:\WINDOWS\system32\Drivers\Winor65.sys
C:\WINDOWS\system32\jgmerrkn.ini
C:\WINDOWS\system32\jyvdmfsn.ini
C:\WINDOWS\system32\muvsljdy.ini
C:\WINDOWS\system32\nkrremgj.dll
C:\WINDOWS\system32\nsfmdvyj.dll
C:\WINDOWS\system32\pbbfbkda.ini
C:\WINDOWS\system32\scvlpexk.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\installer2.dll
C:\WINDOWS\inf\SET101D.tmp
C:\WINDOWS\inf\SET1090.tmp
C:\WINDOWS\system32\anajaqhw.ini
C:\WINDOWS\system32\apcorryc.ini
C:\WINDOWS\system32\jgmerrkn.ini
C:\WINDOWS\system32\jyvdmfsn.ini
C:\WINDOWS\system32\muvsljdy.ini
C:\WINDOWS\system32\nkrremgj.dll
C:\WINDOWS\system32\nsfmdvyj.dll
C:\WINDOWS\system32\pbbfbkda.ini
C:\WINDOWS\system32\scvlpexk.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Winbw08
-------\Service_Winor65

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-07 to 2008-08-07 ))))))))))))))))))))))))))))))))))))
.

2008-08-05 22:13 . 2008-08-05 22:13 <REP> d-------- C:\WINDOWS\ERUNT
2008-08-05 22:13 . 2008-08-05 22:13 579,584 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-08-05 19:10 . 2008-08-05 19:10 <REP> d-------- C:\VundoFix Backups
2008-08-03 11:54 . 2008-08-03 11:54 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-03 11:54 . 2008-08-03 12:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Documents and Settings\xxxxxxx\Application Data\Malwarebytes
2008-08-02 23:20 . 2008-08-02 23:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-02 23:20 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-02 23:20 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-02 16:36 . 2000-12-08 21:59 122,880 --a------ C:\WINDOWS\UnGins.exe
2008-07-27 10:14 . 2008-07-27 14:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-27 10:12 . 2008-07-27 10:12 65,536 ---hs---- C:\Documents and Settings\xxxxxxx\ThatShit.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 16:22 --------- d-----w C:\Program Files\Wanadoo
2008-08-07 14:12 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-08-07 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-03 11:58 --------- d-----w C:\Program Files\eMule
2008-08-02 19:40 --------- d-----w C:\Program Files\Google
2008-08-02 14:36 1,599 ----a-w C:\Program Files\INSTALL.LOG
2008-08-01 23:37 --------- d-----w C:\Program Files\Free FLV Converter
2008-08-01 22:14 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-07-28 10:12 --------- d-----w C:\Program Files\Norton SystemWorks
2008-07-27 17:23 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\Skype
2008-07-27 10:30 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\uTorrent
2008-07-27 10:23 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\Lavasoft
2008-07-27 09:38 --------- d-----w C:\Program Files\24-FR
2008-07-23 11:08 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2008-07-23 11:08 --------- d-----w C:\Program Files\1&1 Internet AG
2008-07-16 16:59 --------- d-----w C:\Program Files\Avanquest update
2008-07-15 08:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-07-13 18:10 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-07-13 18:07 0 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2008-07-12 02:52 233,472 ----a-w C:\WINDOWS\system32\TubeFinder.exe
2008-07-09 19:02 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\U3
2008-07-02 21:41 --------- d-----w C:\Program Files\Canon PhotoStitch
2008-06-28 16:17 381,724 ----a-w C:\Documents and Settings\xxxxxxx\Application Data\mdbu.bin
2008-06-24 22:33 --------- d-----w C:\Documents and Settings\xxxxxxx\Application Data\CamfrogWEB
2008-06-21 16:56 --------- d-----w C:\Program Files\Fnac
2008-06-20 18:39 --------- d-----w C:\Program Files\LETMIN
2008-06-20 18:39 --------- d-----w C:\Program Files\Icone
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 15:52 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-13 12:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 12:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2008-06-13 12:14 31,280 ----a-w C:\WINDOWS\system32\drivers\SymIM.sys
2008-06-13 12:14 13,093 ----a-w C:\WINDOWS\system32\drivers\SymRedir.cat
2008-06-13 12:14 1,611 ----a-w C:\WINDOWS\system32\drivers\SymRedir.inf
2008-06-13 12:13 96,432 ----a-w C:\WINDOWS\system32\drivers\symfw.sys
2008-06-13 12:13 41,008 ----a-w C:\WINDOWS\system32\drivers\symndisv.sys
2008-06-13 12:13 38,576 ----a-w C:\WINDOWS\system32\drivers\symids.sys
2008-06-13 12:13 37,424 ----a-w C:\WINDOWS\system32\drivers\symndis.sys
2008-06-13 12:13 22,320 ----a-w C:\WINDOWS\system32\drivers\symredrv.sys
2008-06-13 12:13 184,240 ----a-w C:\WINDOWS\system32\drivers\symtdi.sys
2008-06-13 12:13 13,616 ----a-w C:\WINDOWS\system32\drivers\symdns.sys
2008-06-07 10:35 --------- d-----w C:\Program Files\iTunes
2008-06-07 10:35 --------- d-----w C:\Program Files\iPod
2008-06-07 10:35 --------- d-----w C:\Program Files\Bonjour
2008-06-03 09:48 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-16 22:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLeh.DAT
2006-01-01 17:08 5,984 ----a-w C:\Documents and Settings\xxxxxxx\Application Data\wklnhst.dat
2003-08-19 00:04 1,024,512 ----a-w C:\Program Files\zeropop.exe
2005-12-27 21:30 56 --sha-r C:\WINDOWS\system32\7F29E3841A.sys
.

((((((((((((((((((((((((((((( snapshot@2008-08-05_22.10.41.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-03 02:05:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-08-05 20:13:04 14,696,448 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-05 20:13:04 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-08-03 02:05:39 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-08-05 20:13:03 14,696,448 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-08-05 20:13:03 241,664 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\[u]0[/u]0000002\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-28 16:54 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-10-13 18:20 20058152]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2004-09-07 12:55 1871872]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 16:18 405583]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 14:50 122880]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2008-02-20 17:19 360448]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 10:42 202088]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UVS10 Preload"="C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe" [2006-03-07 01:52 36864]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-12 00:10 4583424]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"m6"="C:\Program Files\M6 Video\M6video.exe" [2007-07-24 11:13 1444352]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 09:50 139264]
"EEventManager"="C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-04-08 15:09 102400]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 03:10 409600]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 02:01 86016]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 11:43 57344]
"CTDVDDET"="C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2008-01-31 14:15 51048]
"WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 14:49 20480]
"WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 16:55 32768]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-08-28 23:27 185632]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-08-24 22:53 714608]
"Microsoft Works Update Detection"="C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 18:49 50688]
"RemoteControl"="C:\WINDOWS\system32\rmctrl.exe" [2000-10-16 10:37 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"nwiz"="nwiz.exe" [2005-10-10 21:49 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2004-11-12 00:10 86016 C:\WINDOWS\system32\nvmctray.dll]
"CTHelper"="CTHELPER.EXE" [2004-03-11 16:50 28672 C:\WINDOWS\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUoNGYr]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"MSACM.CEGSM"= mobilev.acm
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP31"= vp31vfw.dll
"VIDC.MPG4"= msmpeg4.dll
"VIDC.MP42"= msmpeg4.dll
"VIDC.MP43"= msmpeg4.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"msacm.imc"= imc32.acm
"msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winap78.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbw08.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winem74.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winor65.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winti72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwg34.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\M6 Video\\M6video.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\xxxxxxx\\Bureau\\Logiciels Internet\\utorrent.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager 1.0\\MediaManager.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-18 13:43]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-01-31 14:15]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-18 13:44]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 17:42]
S3 papycpu;papycpu;C:\WINDOWS\system32\drivers\papycpu.sys [1998-09-11 11:27]
S3 PID_0920;Logitech QuickCam Express(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS [2005-01-31 12:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4331d970-db01-11db-829b-00123f6c5d86}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3db9665-e917-11db-82a1-00123f6c5d86}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{baa125a4-a0d4-11dc-8301-00123f6c5d86}]
\Shell\AutoRun\command - T:\InstallTomTomHOME.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - PGFILTER
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-07-28 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job
- C:\Program Files\Norton SystemWorks\OBC.exe [2005-12-01 14:27]

2008-08-06 C:\WINDOWS\Tasks\Symantec Drmc.job
- C:\Program Files\Fichiers communs\Symantec Shared\SymDrmc.exe [2005-10-26 19:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - (no file)
BHO-{5C95CA56-F0B6-42CF-A4FB-7E90C25552F3} - (no file)
BHO-{9DB52845-8972-463D-AAFA-21DDF38BE89C} - (no file)
BHO-{BD6E8F2F-2C8A-4C1E-98CA-D82B7494AED6} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 18:22:37
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s:

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\nview.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\zeropop.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\SYSDOC32.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\system32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-07 18:25:24 - machine was rebooted [ANDRIOT]
ComboFix-quarantined-files.txt 2008-08-07 16:25:15
ComboFix2.txt 2008-08-06 18:05:43
ComboFix3.txt 2008-08-05 20:11:30

Pre-Run: 294,496,526,336 octets libres
Post-Run: 294,683,951,104 octets libres

322 --- E O F --- 2008-07-27 10:33:41
0
Réponse 11 / 11
papyber Messages postés 6430 Statut Contributeur sécurité 257
 
des soucis encore?
Faire un Scan antivirus en ligne avec Internet explorer et accepter l'ActiveX
poster le rapport ici ensuite
https://www.bitdefender.fr/
0

Discussions similaires

Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
bazfile -

18 réponses
Comment lire un DVD avec un pop-up mobile external DVD-RW
Anna -
Anna -

2 réponses
Freebox pop
Kuza -
CCMBot -

1 réponse
Notifications pop UP sous Android 14
Mich -
Panth33ra -

5 réponses
Freebox Pop Démarrer télé avec une seule télécommande
JOHN6733 -
JOHN6733 -

2 réponses