Sujet Précédent Sujet Suivant

Virus/spyware ?

Fermé
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 - 28 août 2008 à 13:48
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 - 31 août 2008 à 22:59
Bonjour,
J'ai un virus/spyware dans mon autre ordi depuis hier et je n'arrive pas a la supprimer, j'ai fait un scan avast en mode sans echec mais il a "juste" trouvé 14204 fichiers infectés, mais le virus est tjrs là ... alors j'ai utiliser malwarebytes pour le virer mais il ne lance pas, j'ai utilisé spyhunter 3, il se lance fait un scan, trouve 180 fichiers infectés mais pour les supprimer je doit m'enregistrer mais le virus a bloqué ma connexion internet et en plus c'est pas payant, alors j'ai utilisé hijackthis, il s'installe mais ne se lance pas comme malwarebytes.
Je ne sais plus quoi faire ... Aidez moi siou plait !!
Merci !
A voir également:

119 réponses

Précédent
Réponse 41 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
28 août 2008 à 23:30
Alors j'ai fais un scan en mode sans echec et il a marché, ma donné ce rapport :


Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

22:50:01 28/08/2008
mbam-log-08-28-2008 (22-50-01).txt

Type de recherche: Examen rapide
Eléments examinés: 98343
Temps écoulé: 22 minute(s), 9 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 36
Valeur(s) du Registre infectée(s): 10
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 43

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e4c942f-e8bb-49c8-afb9-645ccd0c9630} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5e4c942f-e8bb-49c8-afb9-645ccd0c9630} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\acm.acmfactory.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{43382522-a846-46f4-ac57-1f71ae6e1086} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{572fb162-c0ba-4edf-8cff-e3846153b9b0} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72a836d1-bc00-43c0-a941-17960e4fb842} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf4bff2b-b9c5-4c11-ab65-b3baccbf2c6e} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ecd99db2-abfa-46ae-a7ee-16d0ddb78258} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{733E9132-53CA-4C97-9AC9-145C4502FA20} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6ca49fdd-4aeb-4f08-a394-c0a1f82caa16} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{48a7a70a-e118-4506-a373-c9d4e8a212a1} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a9aae1ab-9688-42c5-86f5-c12f6b9015ad} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7fbb2d91-9964-4196-bac5-d5e751762ec3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7fbb2d91-9964-4196-bac5-d5e751762ec3} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{df901432-1b9f-4f5b-9e56-301c553f9095} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{127df9b4-d75d-44a6-af78-8c3a8ceb03db} (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Safety Features (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Information Center (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Safety Alert (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Update (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\promoreg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc74fj0e56c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhc34fj0e56c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\some (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Video Add-on (Trojan.Zlob) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\trrcuk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nubphqhf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fhqhpbun.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dao2.dll (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jnxscoba.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qnmnnvnb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rhricvyi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\update2.408.0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\3RTQAYZ0\kb65666[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\JD05HCNE\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\LTH1RB63\kb671231[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temporary Internet Files\Content.IE5\SUA7A9JN\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\alt.exe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\faceback.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\crock+mock.config (Worm.Zhelatin) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM5b61ad01.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BM5b61ad01.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc74fj0e56c.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc74fj0e56c.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc74fj0e56c.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttAF.tmp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\dat6E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Laurent\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gael\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.


Maintenant l'ordi a redémarré et le message antivirus xp 2008 a disparru, le fond d'écran aussi, 2 messages d'erreur au demarage je fais ok c'est réglé, par contre tjrs pas internet ...
0
Réponse 42 / 119
Utilisateur anonyme
29 août 2008 à 00:23
réouvre malewarebyte
va sur quarantaine
supprime tout

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe




-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
Réponse 43 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 11:53
Bon l'ordi ne demarre pas en mode normal ( ça rame bcp trop ) donc je fais tout en mode sans echec, et la il a redémarré et combofix me prepare le rapport a son rythme ... ^^ donc j'attend j'attend ...
0
Réponse 44 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 12:15
Voila combofix a fini son rapport en mode sans echec que voici :

ComboFix 08-08-28.06 - Administrateur 2008-08-29 11:59:34.2 - NTFSx86 MINIMAL
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\akaya\Application Data\macromedia\Flash Player\#SharedObjects\HJYN2XNN\iforex.com
C:\Documents and Settings\akaya\Application Data\macromedia\Flash Player\#SharedObjects\HJYN2XNN\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\akaya\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\akaya\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\akaya\Cookies\akaya@clicksor[2].txt
C:\Documents and Settings\akaya\Cookies\akaya@edt02[1].txt
C:\Documents and Settings\akaya\new.txt
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Gael\new.txt
C:\Documents and Settings\Laurent\Application Data\Adobe\crc.dat
C:\Documents and Settings\Laurent\new.txt
C:\Documents and Settings\tiphaine\Application Data\macromedia\Flash Player\#SharedObjects\Q4QWWH99\bin.clearspring.com
C:\Documents and Settings\tiphaine\Application Data\macromedia\Flash Player\#SharedObjects\Q4QWWH99\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\tiphaine\Application Data\macromedia\Flash Player\#SharedObjects\Q4QWWH99\iforex.com
C:\Documents and Settings\tiphaine\Application Data\macromedia\Flash Player\#SharedObjects\Q4QWWH99\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\tiphaine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\tiphaine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\tiphaine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\tiphaine\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\tiphaine\Cookies\tiphaine@edt02[2].txt
C:\Documents and Settings\tiphaine\new.txt
C:\Program Files\Fichiers communs\WinSoftware
C:\WINDOWS\exefld
C:\WINDOWS\system32\a.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\urlmsnlink.dat
E:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_tdssserv


((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-28 23:34 . 2008-08-28 23:34 <REP> d-------- C:\Program Files\RevoUninstaller
2008-08-28 22:26 . 2008-08-28 22:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-28 21:43 . 2008-08-28 23:34 <REP> d-------- C:\Program Files\VS Revo Group
2008-08-28 21:42 . 2008-08-28 21:42 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-08-28 16:13 . 2008-08-28 16:13 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Malwarebytes
2008-08-28 16:13 . 2008-08-28 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 12:49 . 2008-08-28 16:06 <REP> d-------- C:\Program Files\Trend Micro
2008-08-28 11:53 . 2008-08-28 12:22 <REP> d-------- C:\Program Files\Enigma Software Group
2008-08-27 13:18 . 2008-08-28 12:49 345 --ahs---- C:\WINDOWS\system32\jjkkj.ini
2008-08-27 13:13 . 2008-08-27 13:13 178,176 --a------ C:\WINDOWS\system32\drivers\NVNVRZRJ.sys
2008-08-27 13:13 . 2008-08-27 13:13 110,080 --a------ C:\WINDOWS\stfMeane1001186.exe
2008-08-27 13:13 . 2008-08-27 13:13 136 --a------ C:\WINDOWS\system32\C0.tmp
2008-08-27 13:13 . 2008-08-27 13:13 29 --a------ C:\WINDOWS\system32\ippffrri.tmp
2008-08-27 13:13 . 2008-08-27 13:13 18 --a------ C:\WINDOWS\system32\C6.tmp
2008-08-27 13:02 . 2008-08-27 13:52 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Azureus
2008-08-27 13:02 . 2008-08-27 13:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-13 22:45 . 2008-08-13 22:49 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\Program Files\Google
2008-08-03 12:46 . 2008-08-03 12:46 <REP> d-------- C:\Program Files\iPod
2008-08-01 16:40 . 2008-08-01 16:40 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Songbird2
2008-08-01 16:40 . 2008-08-01 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-08-01 16:35 . 2008-08-28 12:23 <REP> d-------- C:\Program Files\songbird

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 21:23 --------- d-----w C:\Documents and Settings\Laurent\Application Data\JustWrite Office
2008-08-28 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\OpenOffice.org2
2008-08-27 17:27 --------- d-----w C:\Program Files\PhotoFiltre
2008-08-27 17:26 --------- d-----w C:\Program Files\OpenOffice.org 2.1
2008-08-27 16:48 --------- d-----w C:\Program Files\Jargon Informatique
2008-08-27 14:43 --------- d-----w C:\Documents and Settings\Gael\Application Data\WTablet
2008-08-27 11:52 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\OpenOffice.org2
2008-08-25 16:38 --------- d-----w C:\Documents and Settings\Gael\Application Data\OpenOffice.org2
2008-08-22 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\Apple Computer
2008-08-16 13:07 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-16 13:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-11 15:23 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 10:02 --------- d-----w C:\Program Files\Java
2008-07-30 20:33 --------- d-----w C:\Documents and Settings\Gael\Application Data\Azureus
2008-07-26 18:32 79,608 ----a-w C:\Documents and Settings\Laurent\Application Data\GDIPFONTCACHEV1.DAT
2008-07-25 09:41 --------- d-----w C:\Program Files\Bonjour
2008-07-25 09:27 --------- d-----w C:\Program Files\Safari
2008-07-08 20:50 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\Apple Computer
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-06 13:54 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\Vso
2008-07-06 13:52 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\VSO_HWE
2008-07-03 20:37 --------- d-----w C:\Documents and Settings\Gael\Application Data\Vso
2008-07-03 20:36 --------- d-----w C:\Documents and Settings\Gael\Application Data\VSO_HWE
2008-07-03 12:25 --------- d-----w C:\Documents and Settings\Gael\Application Data\vlc
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-06 13:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-03 10:11 22,328 ----a-w C:\Documents and Settings\Gael\Application Data\PnkBstrK.sys
2008-04-22 17:51 81,568 ----a-w C:\Documents and Settings\Gael\Application Data\GDIPFONTCACHEV1.DAT
2008-04-13 14:23 81,568 ----a-w C:\Documents and Settings\tiphaine\Application Data\GDIPFONTCACHEV1.DAT
2007-10-22 16:42 76,304 ----a-w C:\Documents and Settings\akaya\Application Data\GDIPFONTCACHEV1.DAT
2007-02-18 19:16 54 ----a-w C:\Program Files\delir.gio
2006-05-21 08:22 31 -c--a-w C:\Documents and Settings\Laurent\getfile.dat
2006-05-19 19:08 31 -c--a-w C:\Documents and Settings\Gael\getfile.dat
2006-05-18 15:02 31 ----a-w C:\Documents and Settings\tiphaine\getfile.dat
2005-09-21 12:15 5,123,424 -c--a-w C:\Program Files\Firefox Setup 1.0.7.exe
2001-11-23 11:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2001-11-05 08:30 173,056 -c----w C:\Program Files\UNWISE.EXE
2006-06-05 05:48 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll
2005-07-01 21:45 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
2006-11-26 18:04 8 --sh--r C:\WINDOWS\system32\3E4521AF55.sys
2007-11-30 17:57 104 --sh--r C:\WINDOWS\system32\55AF21453E.sys
2008-01-04 19:18 5,746 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-20 01:10 514048 0956e00f2ba5b265362e59969671ce40 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\winlogon.exe

2007-06-13 15:22 1044992 00a7b99e7feda4387bb6ae2fcab11586 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1044992 033e4e9d8461240d693d1be5bf4aa5bd C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1044992 973690a4e14b41d7d6907a27972bda37 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:22 1044992 52f289cafdc15d8a75503ed6b5439af2 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-20 01:09 23040 36469eb68fb925a61d7c47c3e7fc698d C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 23040 0a811c1dd0b94f6bbd24a3fbe3302313 C:\WINDOWS\system32\ctfmon.exe

2005-06-11 02:17 65536 44c884369d73b3d562e4193b3f7b6a37 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-20 01:10 65536 ee9e31776bc6f6dd43d2bda81dbaa74e C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-11 01:53 65536 563ca8ae085f4c4ee206ff108ef0bf71 C:\WINDOWS\system32\spoolsv.exe

2004-08-20 01:10 32768 e86be7428e5e0d6cb449c60dc8d1e73f C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-20 01:10 32768 cf32045823bb33d869319eb4dec974da C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 23040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 110080]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 156160]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 163840]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-11 21:08 28160]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 163840]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57 53248]
"avast!"="D:\Gael\Avast\ashDisp.exe" [2008-07-19 16:38 78008]
"eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 10:49 196608]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 57344]
"SMKRun"="C:\Program Files\JustWrite Office\ScreenMark.exe" [2007-01-08 06:07 126976]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="D:\Gael\itunes\Quicktime\QTTask.exe" [2008-05-27 10:50 421888]
"iTunesHelper"="D:\Gael\itunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"CHotkey"="mHotkey.exe" [2002-07-23 11:09 485888 C:\WINDOWS\mHotkey.exe]
"JWOSetup"="JWOSetup.exe" [2007-01-09 15:25 102400 C:\WINDOWS\JWOSetup.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 23040]

D:\Gael\Menu D‚marrer\Programmes\D‚marrage\
PowerReg Scheduler.exe [2007-07-28 13:57:51 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=trrcuk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"vidc.iv41"= ir41_32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.MJPG"= M3JPEG32.dll
"vidc.dmb1"= M3JPEG32.dll
"vidc.jpeg"= M3JPEG32.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gjl58.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Winter Fun Wallpaper Changer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Winter Fun Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

[HKLM\~\startupfolder\D:^Gael^Menu Démarrer^Programmes^Démarrage^Groom Agent.lnk]
path=D:\Gael\Menu Démarrer\Programmes\Démarrage\Groom Agent.lnk
backup=C:\WINDOWS\pss\Groom Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
--a------ 2005-01-10 09:35 81920 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-06-24 15:23 69632 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\CIMSVR.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\Gael\\battlefield 2\\BF2.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"D:\\Gael\\Mes Programmes\\azureus\\Azureus.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Gael\\Mes Programmes\\emule\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Gael\\Mes Programmes\\skype\\Phone\\Skype.exe"=
"D:\\Gael\\Mes Programmes\\adsltv\\adsltv.exe"=
"D:\\Gael\\Mes Programmes\\adsltv\\vlc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Gael\\itunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10520:TCP"= 10520:TCP:BitComet 10520 TCP
"10520:UDP"= 10520:UDP:BitComet 10520 UDP

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30]
S0 fbsbod;fbsbod;C:\WINDOWS\system32\drivers\nlcxgnww.sys []
S0 Gjl58;Gjl58;C:\WINDOWS\system32\Drivers\Gjl58.sys []
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S2 HDDTService;HDD Temperature;D:\Gael\Mes Programmes\HDDTSvc.exe []
S2 NVNVRZRJ;NVNVRZRJ;C:\WINDOWS\system32\drivers\NVNVRZRJ.sys [2008-08-27 13:13]
S3 856589ad-e131-4880-a696-13ccdd935925;856589ad-e131-4880-a696-13ccdd935925;J:\Player\cds300.dll []
S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2005-09-11 17:59]
S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-11-04 17:29]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 IACtrl;IA Analysing v2.0;D:\Gael\Mes Programmes\iA-FR\IACtrl.exe []
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 09:15]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-11-04 17:32]
S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 09:19]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 VVRUSB;VVRUSB Device;C:\WINDOWS\system32\DRIVERS\VVRUSB.sys [2002-01-20 10:02]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-28 C:\WINDOWS\Tasks\8766042391D9DE33.job
- c:\docume~1\laurent\applic~1\ballon~1\REFSIGNLONG.exe []

2008-08-28 C:\WINDOWS\Tasks\AEBB77B49184F480.job
- c:\docume~1\gael\applic~1\ballon~1\REFSIGNLONG.exe []

2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-28 C:\WINDOWS\Tasks\F24E101B90DDFAE7.job
- c:\docume~1\tiphaine\applic~1\ballon~1\REFSIGNLONG.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{66C2FF28-9CD1-83A8-8D50-950AEA564FB3} - C:\DOCUME~1\tiphaine\APPLIC~1\REGS16~1\Bat loud.exe
HKLM-Run-Windows - C:\WINDOWS\WinSecurity\services.exe
HKLM-Run-58529e9d - C:\WINDOWS\system32\nubphqhf.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-Run-CorelDRAW Graphics Suite 11b - (no file)
Notify-iifgfdd - iifgfdd.dll
MSConfigStartUp-HP Component Manager - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-HP Software Update - C:\Documents and Settings\tiphaine\Mes documents\Mes images\appareil photos\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-I downloaded pirated Software from P2P - C:\WINDOWS\system32\Roller Coaster Tycoon 3 soaked .exe
MSConfigStartUp-MoneyAgent - C:\Program Files\Microsoft Money\System\mnyexpr.exe
MSConfigStartUp-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-Wallpaper - D:\Gael\Mes Programmes\wallpaper\Wallpaper.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\w3rzrkji.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 12:05:11
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
" Windows"="C:\\WINDOWS\\WinSecurity\\services.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\HDDTService]
"ImagePath"="D:\Gael\Mes Programmes\HDDTSvc.exe /startedbyscm:916B11C7-40E287F3-HDDTService"
.
Temps d'accomplissement: 2008-08-29 12:12:08
ComboFix-quarantined-files.txt 2008-08-29 10:11:09

Pre-Run: 28,423,114,752 octets libres
Post-Run: 28,406,034,432 octets libres

305 --- E O F --- 2008-08-13 20:49:22
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 13:11
bon l'ordi ne démarre plus du tout en mode normal, la fenetre avec les différents comptes souvre, et puis voila, je clic sur un compte et ça ne fait rien mm le bouton en bas a gauche ( arreter le systeme ) ne marche pas ...
0
Réponse 46 / 119
Utilisateur anonyme
29 août 2008 à 14:48
C LA galere le mode sans echec est ok lui ?

si oui o, continue le nettoyage (car il en reste) et apres on va fait une restauration si encore soucis

dis moi si t es ok STP
0
Réponse 47 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 14:51
En mode sans echec ça marche nickel mais jpeut pas ouvrir le mode normal ...
Je continu en mode sans echec a faire le nettoyage avec qui ?
0
Réponse 48 / 119
Utilisateur anonyme
29 août 2008 à 15:01
avec moi je suis là tout l apres midi

on finit le nettoyage apre on soccupe du dysfonctionnement


Télécharge HijackThis ici :

-> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
-> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
-> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

-> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

-> Clique sur Install ensuite sur I Accept

-> Clique sur Do a scan system and save log file

-> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
0
Réponse 49 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 15:16
voici le log :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:14:42, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.hugedomains.com/domain_profile.cfm?d=antivirgear&e=com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [ Windows] C:\WINDOWS\WinSecurity\services.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [avast!] D:\Gael\Avast\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Gael\itunes\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Gael\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKPHALKM] %systemroot%\HKPHALKM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28805E8B-A507-48A9-B96E-FE2BDC1399A5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{30921518-B0FB-4716-A461-0331E3459A7D}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C11A8CE-C3DE-4036-BA56-B1E8FBC7303B}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B48026-EEB7-4744-B309-6960BFEBC5CF}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD02D15F-883F-4C51-8739-6AB736997AD5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDCCA0A7-3A75-42BA-81B4-43E6F577A408}: NameServer = 81.210.20.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: trrcuk.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Gael\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Gael\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Gael\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Gael\Avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HDD Temperature (HDDTService) - Unknown owner - D:\Gael\Mes Programmes\HDDTSvc.exe (file missing)
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: IA Analysing v2.0 (IACtrl) - Unknown owner - D:\Gael\Mes Programmes\iA-FR\IACtrl.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 50 / 119
Utilisateur anonyme
29 août 2008 à 15:29
* Télécharge FixWareout de ce site sur le bureau:
http://download.bleepingcomputer.com/lonny/Fixwareout.exe


* Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)
0
Réponse 51 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 15:44
Voila le log :

Username "Administrateur" - 29/08/2008 15:33:06 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check


System was rebooted successfully.

~~~~~ Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
"LVCOMS"="C:\\Program Files\\Fichiers communs\\Logitech\\QCDriver2\\LVCOMS.EXE"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\jusched.exe\""
"PestPatrol Control Center"="C:\\PROGRA~1\\PESTPA~1\\PPControl.exe"
"PPMemCheck"="C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe"
" Windows"="C:\\WINDOWS\\WinSecurity\\services.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"LogitechGalleryRepair"="C:\\Program Files\\Logitech\\ImageStudio\\ISStart.exe"
"LogitechImageStudioTray"="C:\\Program Files\\Logitech\\ImageStudio\\LogiTray.exe"
"avast!"="D:\\Gael\\Avast\\ashDisp.exe"
"eCarteBleue-LP-P1"="\"C:\\Program Files\\e-Carte Bleue\\LA POSTE\\CVD ADESIO\\ECB.exe\" /dontopenmycards"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"JWOSetup"="JWOSetup.exe -en"
"SMKRun"="C:\\Program Files\\JustWrite Office\\ScreenMark.exe -i"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
"AppleSyncNotifier"="C:\\Program Files\\Fichiers communs\\Apple\\Mobile Device Support\\bin\\AppleSyncNotifier.exe"
"QuickTime Task"="\"D:\\Gael\\itunes\\Quicktime\\QTTask.exe\" -atboottime"
"iTunesHelper"="\"D:\\Gael\\itunes\\iTunesHelper.exe\""
"HKPHALKM"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,48,4b,50,48,41,4c,4b,\
4d,2e,65,78,65,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
0
Réponse 52 / 119
Utilisateur anonyme
29 août 2008 à 15:58
Copie le texte ci-dessous :


File::
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\system32\drivers\NVNVRZRJ.sys
C:\WINDOWS\imsins.BAK
C:\Program Files\delir.gio
C:\WINDOWS\system32\drivers\nlcxgnww.sys
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\system32\es.dll
C:\WINDOWS\system32\Drivers\Gjl58.sys
D:\Gael\Mes Programmes\iA-FR\IACtrl.exe
D:\Gael\Mes Programmes\HDDTSvc.exe
C:\WINDOWS\WinSecurity\services.exe
C:\WINDOWS\JWOSetup.exe
C:\WINDOWS\stfMeane1001186.exe
C:\WINDOWS\system32\C0.tmp
C:\WINDOWS\system32\ippffrri.tmp
C:\WINDOWS\system32\C6.tmp

Folder::
C:\Program Files\delir.gio
C:\WINDOWS\WinSecurity
D:\Gael\Mes Programmes\iA-FR
C:\Program Files\Fichiers communs\BOONTY Shared

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gjl58.sys]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows"=-
"JWOSetup"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
" Windows"=-

Driver::
fbsbod
Gjl58
Boonty Games
HDDTService
IACtrl

DirLook::
C:\Documents and Settings\Gael\Application Data\Vso
C:\Documents and Settings\Gael\Application Data\VSO_HWE





Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.


0
Réponse 53 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 16:24
bon combofix est en train de préparer le log mais avant il a démarré en mode normal, et je pouvais cliquer sur les différents comptes, j'ai d'ailleurs redémarré l'ordi avec le bouton en bas a gauche qui a marché, et ce n'était pas lent, mais j'ai préférer redémarrer en mode sans echec pour finir le travail.
0
Réponse 54 / 119
Utilisateur anonyme
29 août 2008 à 16:29
oki

le soucis étai là:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBo­ot\Minimal\Gjl58.sys]
0
Réponse 55 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 16:44
bon le rapport hijackthis est fait par contre combofix n'a jamais voulu me donner ce log alors j'ai redémarré et j'ai relancé un scan.
0
Réponse 56 / 119
Utilisateur anonyme
29 août 2008 à 16:49
OK , je m absente 30 min et j eregarde tes rapports
0
Réponse 57 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 16:51
Vas-y , le combofix il n'a jamais voulu le pondre alors jte met le hijackthis ( tu veux le combofix ? ) :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39, on 2008-08-29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.hugedomains.com/domain_profile.cfm?d=antivirgear&e=com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [avast!] D:\Gael\Avast\ashDisp.exe
O4 - HKLM\..\Run: [eCarteBleue-LP-P1] "C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" /dontopenmycards
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SMKRun] C:\Program Files\JustWrite Office\ScreenMark.exe -i
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Gael\itunes\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Gael\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HKPHALKM] %systemroot%\HKPHALKM.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: e-Carte Bleue La Banque Postale.lnk = C:\Program Files\e-Carte Bleue La Banque Postale\ecbl-lbp.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28805E8B-A507-48A9-B96E-FE2BDC1399A5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{30921518-B0FB-4716-A461-0331E3459A7D}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C11A8CE-C3DE-4036-BA56-B1E8FBC7303B}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{96B48026-EEB7-4744-B309-6960BFEBC5CF}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{AD02D15F-883F-4C51-8739-6AB736997AD5}: NameServer = 81.210.20.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{BDCCA0A7-3A75-42BA-81B4-43E6F577A408}: NameServer = 81.210.20.254
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Gael\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Gael\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Gael\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Gael\Avast\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Task Manager service (RTM) - Unknown owner - C:\Program Files\Remote Task Manager\RTMService.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\Win32\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2007.SP1\RpcSandraSrv.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 58 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 17:09
voila le log combofix mais après redémarrage de l'ordi, pas a juste après le scan avec le fichier que j'ai du faire glisser :

ComboFix 08-08-28.06 - Administrateur 2008-08-29 16:53:13.5 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.753 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\delir.gio
C:\Program Files\delir.gio\
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\WINDOWS\imsins.BAK
C:\WINDOWS\JWOSetup.exe
C:\WINDOWS\stfMeane1001186.exe
C:\WINDOWS\system32\C0.tmp
C:\WINDOWS\system32\C6.tmp
C:\WINDOWS\system32\drivers\NVNVRZRJ.sys
C:\WINDOWS\system32\es.dll
C:\WINDOWS\system32\ippffrri.tmp
C:\WINDOWS\system32\jjkkj.ini
C:\WINDOWS\WinSecurity
C:\WINDOWS\WinSecurity\mssock1.dli
C:\WINDOWS\WinSecurity\mssock2.dli
C:\WINDOWS\WinSecurity\mssock3.dli
C:\WINDOWS\WinSecurity\socket1.ifo
C:\WINDOWS\WinSecurity\socket2.ifo
C:\WINDOWS\WinSecurity\socket3.ifo
C:\WINDOWS\WinSecurity\starter.run
C:\WINDOWS\WinSecurity\sysonce.tst
C:\WINDOWS\WinSecurity\winmem1.ory
C:\WINDOWS\WinSecurity\winmem2.ory
C:\WINDOWS\WinSecurity\winmem3.ory

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 15:32 . 2008-08-29 15:42 <REP> d-------- C:\fixwareout
2008-08-28 23:34 . 2008-08-28 23:34 <REP> d-------- C:\Program Files\RevoUninstaller
2008-08-28 22:26 . 2008-08-28 22:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-28 21:43 . 2008-08-28 23:34 <REP> d-------- C:\Program Files\VS Revo Group
2008-08-28 21:42 . 2008-08-28 21:42 <REP> d-------- C:\Program Files\RogueRemover FREE
2008-08-28 16:13 . 2008-08-28 16:13 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Malwarebytes
2008-08-28 16:13 . 2008-08-28 16:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-28 12:49 . 2008-08-29 15:13 <REP> d-------- C:\Program Files\Trend Micro
2008-08-28 11:53 . 2008-08-28 12:22 <REP> d-------- C:\Program Files\Enigma Software Group
2008-08-27 13:02 . 2008-08-27 13:52 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Azureus
2008-08-27 13:02 . 2008-08-27 13:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-08-03 16:24 . 2008-08-03 16:24 <REP> d-------- C:\Program Files\Google
2008-08-03 12:46 . 2008-08-03 12:46 <REP> d-------- C:\Program Files\iPod
2008-08-01 16:40 . 2008-08-01 16:40 <REP> d-------- C:\Documents and Settings\Laurent\Application Data\Songbird2
2008-08-01 16:40 . 2008-08-01 16:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SongbirdVLC
2008-08-01 16:35 . 2008-08-28 12:23 <REP> d-------- C:\Program Files\songbird

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 21:23 --------- d-----w C:\Documents and Settings\Laurent\Application Data\JustWrite Office
2008-08-28 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\OpenOffice.org2
2008-08-27 17:27 --------- d-----w C:\Program Files\PhotoFiltre
2008-08-27 17:26 --------- d-----w C:\Program Files\OpenOffice.org 2.1
2008-08-27 16:48 --------- d-----w C:\Program Files\Jargon Informatique
2008-08-27 14:43 --------- d-----w C:\Documents and Settings\Gael\Application Data\WTablet
2008-08-27 11:52 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\OpenOffice.org2
2008-08-25 16:38 --------- d-----w C:\Documents and Settings\Gael\Application Data\OpenOffice.org2
2008-08-22 13:52 --------- d-----w C:\Documents and Settings\Laurent\Application Data\Apple Computer
2008-08-16 13:07 137,968 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-08-16 13:02 111,928 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-08-11 15:23 --------- d-----w C:\Program Files\Apple Software Update
2008-08-09 10:02 --------- d-----w C:\Program Files\Java
2008-07-30 20:33 --------- d-----w C:\Documents and Settings\Gael\Application Data\Azureus
2008-07-26 18:32 79,608 ----a-w C:\Documents and Settings\Laurent\Application Data\GDIPFONTCACHEV1.DAT
2008-07-25 09:41 --------- d-----w C:\Program Files\Bonjour
2008-07-25 09:27 --------- d-----w C:\Program Files\Safari
2008-07-08 20:50 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\Apple Computer
2008-07-06 13:54 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\Vso
2008-07-06 13:52 --------- d-----w C:\Documents and Settings\tiphaine\Application Data\VSO_HWE
2008-07-03 20:37 --------- d-----w C:\Documents and Settings\Gael\Application Data\Vso
2008-07-03 20:36 --------- d-----w C:\Documents and Settings\Gael\Application Data\VSO_HWE
2008-07-03 12:25 --------- d-----w C:\Documents and Settings\Gael\Application Data\vlc
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-06 13:52 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-06-03 10:11 22,328 ----a-w C:\Documents and Settings\Gael\Application Data\PnkBstrK.sys
2008-04-22 17:51 81,568 ----a-w C:\Documents and Settings\Gael\Application Data\GDIPFONTCACHEV1.DAT
2008-04-13 14:23 81,568 ----a-w C:\Documents and Settings\tiphaine\Application Data\GDIPFONTCACHEV1.DAT
2007-10-22 16:42 76,304 ----a-w C:\Documents and Settings\akaya\Application Data\GDIPFONTCACHEV1.DAT
2006-05-21 08:22 31 -c--a-w C:\Documents and Settings\Laurent\getfile.dat
2006-05-19 19:08 31 -c--a-w C:\Documents and Settings\Gael\getfile.dat
2006-05-18 15:02 31 ----a-w C:\Documents and Settings\tiphaine\getfile.dat
2005-09-21 12:15 5,123,424 -c--a-w C:\Program Files\Firefox Setup 1.0.7.exe
2001-11-23 11:08 712,704 -c--a-w C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
2001-11-05 08:30 173,056 -c----w C:\Program Files\UNWISE.EXE
2006-06-05 05:48 614,400 ----a-w C:\Program Files\mozilla firefox\plugins\MannequinPlayer2.dll
2005-07-01 21:45 8,192 -csha-w C:\WINDOWS\o2cLicStore.bin
2006-11-26 18:04 8 --sh--r C:\WINDOWS\system32\3E4521AF55.sys
2007-11-30 17:57 104 --sh--r C:\WINDOWS\system32\55AF21453E.sys
2008-01-04 19:18 5,746 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

2005-03-02 20:10 578048 0df75fb73f705b011630159a43d7c354 C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll
2005-03-02 20:20 578048 c34920eb988ce98910bd6b0417f334eb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\ServicePackFiles\i386\user32.dll
2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 c08f070bfd33ba831f3f77c1f2564e90 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-20 01:10 514048 0956e00f2ba5b265362e59969671ce40 C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2004-08-20 01:10 506368 0a1a19fffc1467de5085d1b66c929e38 C:\WINDOWS\system32\winlogon.exe

2007-06-13 15:22 1044992 00a7b99e7feda4387bb6ae2fcab11586 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1044992 033e4e9d8461240d693d1be5bf4aa5bd C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 15:22 1044992 973690a4e14b41d7d6907a27972bda37 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2007-06-13 15:22 1044992 52f289cafdc15d8a75503ed6b5439af2 C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-20 01:09 23040 36469eb68fb925a61d7c47c3e7fc698d C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2004-08-20 01:09 23040 0a811c1dd0b94f6bbd24a3fbe3302313 C:\WINDOWS\system32\ctfmon.exe

2005-06-11 02:17 65536 44c884369d73b3d562e4193b3f7b6a37 C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-20 01:10 65536 ee9e31776bc6f6dd43d2bda81dbaa74e C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2005-06-11 01:53 65536 563ca8ae085f4c4ee206ff108ef0bf71 C:\WINDOWS\system32\spoolsv.exe

2004-08-20 01:10 32768 e86be7428e5e0d6cb449c60dc8d1e73f C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2004-08-20 01:10 32768 cf32045823bb33d869319eb4dec974da C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((( snapshot@2008-08-29_12.10.40.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-10-20 18:02:28 174,592 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 06:00:00 98,816 ----a-w C:\WINDOWS\sed.exe
+ 2000-08-31 06:00:00 106,496 ----a-w C:\WINDOWS\sed.exe
- 2008-08-29 09:49:05 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-08-29 14:37:26 16,384 -c--a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-08-29 09:49:05 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-08-29 14:37:26 32,768 -c--a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-08-29 09:49:05 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-29 14:37:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 23040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2002-09-20 15:16 98304]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"PestPatrol Control Center"="C:\PROGRA~1\PESTPA~1\PPControl.exe" [2004-11-15 11:49 110080]
"PPMemCheck"="C:\PROGRA~1\PESTPA~1\PPMemCheck.exe" [2003-04-19 07:53 156160]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 163840]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2006-04-11 21:08 28160]
"LogitechGalleryRepair"="C:\Program Files\Logitech\ImageStudio\ISStart.exe" [2002-09-11 12:58 163840]
"LogitechImageStudioTray"="C:\Program Files\Logitech\ImageStudio\LogiTray.exe" [2002-09-11 12:57 53248]
"avast!"="D:\Gael\Avast\ashDisp.exe" [2008-07-19 16:38 78008]
"eCarteBleue-LP-P1"="C:\Program Files\e-Carte Bleue\LA POSTE\CVD ADESIO\ECB.exe" [2002-12-20 10:49 196608]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 57344]
"SMKRun"="C:\Program Files\JustWrite Office\ScreenMark.exe" [2007-01-08 06:07 126976]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
"QuickTime Task"="D:\Gael\itunes\Quicktime\QTTask.exe" [2008-05-27 10:50 421888]
"iTunesHelper"="D:\Gael\itunes\iTunesHelper.exe" [2008-07-30 10:47 289064]
"CHotkey"="mHotkey.exe" [2002-07-23 11:09 485888 C:\WINDOWS\mHotkey.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 23040]

D:\Gael\Menu D‚marrer\Programmes\D‚marrage\
PowerReg Scheduler.exe [2007-07-28 13:57:51 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"vidc.iv41"= ir41_32.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.MJPG"= M3JPEG32.dll
"vidc.dmb1"= M3JPEG32.dll
"vidc.jpeg"= M3JPEG32.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gjl58.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide du logiciel HP Image Zone.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide du logiciel HP Image Zone.lnk
backup=C:\WINDOWS\pss\Démarrage rapide du logiciel HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Winter Fun Wallpaper Changer.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Winter Fun Wallpaper Changer.lnk
backup=C:\WINDOWS\pss\Winter Fun Wallpaper Changer.lnkCommon Startup

[HKLM\~\startupfolder\D:^Gael^Menu Démarrer^Programmes^Démarrage^Groom Agent.lnk]
path=D:\Gael\Menu Démarrer\Programmes\Démarrage\Groom Agent.lnk
backup=C:\WINDOWS\pss\Groom Agent.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CookiePatrol]
--a------ 2005-01-10 09:35 81920 C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2003-06-24 15:23 69632 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\CIMSVR.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"D:\\Gael\\battlefield 2\\BF2.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\sandra.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\RpcSandraSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2007.SP1\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"D:\\Gael\\Mes Programmes\\azureus\\Azureus.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Gael\\Mes Programmes\\emule\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Gael\\Mes Programmes\\skype\\Phone\\Skype.exe"=
"D:\\Gael\\Mes Programmes\\adsltv\\adsltv.exe"=
"D:\\Gael\\Mes Programmes\\adsltv\\vlc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"D:\\Gael\\itunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10520:TCP"= 10520:TCP:BitComet 10520 TCP
"10520:UDP"= 10520:UDP:BitComet 10520 UDP

R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
R3 wacommousefilter;Wacom Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 21:12]
R3 wacomvhid;Wacom Virtual Hid Driver;C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2007-02-16 20:30]
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S2 NVNVRZRJ;NVNVRZRJ;C:\WINDOWS\system32\drivers\NVNVRZRJ.sys []
S3 856589ad-e131-4880-a696-13ccdd935925;856589ad-e131-4880-a696-13ccdd935925;J:\Player\cds300.dll []
S3 Cap7134;MEDION (7134) WDM Video Capture;C:\WINDOWS\system32\DRIVERS\Cap7134.sys [2002-11-04 17:29]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-09-20 09:15]
S3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;C:\WINDOWS\system32\DRIVERS\PhTVTune.sys [2002-11-04 17:32]
S3 PID_0960_V;Logitech ClickSmart 420(PID_0960_V);C:\WINDOWS\system32\DRIVERS\LVVIMULB.SYS [2002-09-20 09:19]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 VVRUSB;VVRUSB Device;C:\WINDOWS\system32\DRIVERS\VVRUSB.sys [2002-01-20 10:02]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-28 C:\WINDOWS\Tasks\8766042391D9DE33.job
- c:\docume~1\laurent\applic~1\ballon~1\REFSIGNLONG.exe []

2008-08-28 C:\WINDOWS\Tasks\AEBB77B49184F480.job
- c:\docume~1\gael\applic~1\ballon~1\REFSIGNLONG.exe []

2008-08-27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-08-28 C:\WINDOWS\Tasks\F24E101B90DDFAE7.job
- c:\docume~1\tiphaine\applic~1\ballon~1\REFSIGNLONG.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\w3rzrkji.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 16:55:39
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...


**************************************************************************
.
Temps d'accomplissement: 2008-08-29 17:00:43
ComboFix-quarantined-files.txt 2008-08-29 14:59:41
ComboFix2.txt 2008-08-29 10:12:09

Pre-Run: 27,818,983,424 octets libres
Post-Run: 27,800,674,304 octets libres

279 --- E O F --- 2008-08-13 20:49:22
0
Réponse 59 / 119
Utilisateur anonyme
29 août 2008 à 17:15
* Télécharge SDFix depuis ce lien : http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Enregistre SDFix sur ton bureau
* Double-clique sur l'icone SDFix
* Une fenêtre s'ouvre, laisse les options telles quelles puis clique sur le bouton InstallSDFix .

Pour la suite le nettoyage se fait en mode sans échec.

Pour redémarrer en mode sans échec :

* Redémarre ton PC, avant le logo Windows et après le changement du premier écran
* Tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuie sur la touche entrée du clavier.
* Pour plus d'informations, voir la page comment redémarrer en mode sans échec

* Une fois en mode sans échec, clique sur le menu Démarrer puis Exécuter et colle la commande suivant :
C:\SDFix\RunThis.bat
* Cliquez sur OK.
* Une fenêtre noire s'ouvre vous donnant la version du Fix.
* Appuyez sur la touche Y (pour yes) du clavier et appuyez sur Entrée

*A ce moment le bureau (Menu Démarrer etc.) va disparaître.

* Le Fix commence son travail, cela peut durer une trentaines de minutes
* Une fois les opérations de nettoyage effectuées... SDFix signale que l'ordinateur doit être redémarré :

>>>The PC Will now restart

* Appuie sur une touche du clavier

* L'ordinateur va redémarrer normalement.
* Avant d'arriver sur le bureau, une nouvelle fenêtre de SDFix va s'ouvrir. Ca peut durer cinq minutes...

>> Le rapport SDFix s'ouvre alors fais un copier coller et envoi le.

0
Réponse 60 / 119
gael31390 Messages postés 719 Date d'inscription lundi 2 avril 2007 Statut Membre Dernière intervention 2 avril 2011 75
29 août 2008 à 17:36
je fais ça en mode normal ( mtn qui remarche ) et je coupe avast, ou je fais ça en mode sans echec ?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses