Sujet Précédent Sujet Suivant

Spyware mechant , help

zassalamel Messages postés 77 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
mon PC est infecté par la fenetre "Adware.virtuMonde" "PrivacyRemover.M64"
j'ai tout essayer sans succés , aide svp
A voir également:

18 réponses

Réponse 1 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
bizarre ce message d erreur :s

Télécharge sur le bureau malwarebytes à cette adresse :

https://www.androidworld.fr/

Voici un tuto pour bien l installer et bien l utiliser :

https://www.androidworld.fr/

Après l analyse, redémarrer le pc et poste le rapport !!
1
Réponse 2 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Salut !!

Fais un rapport hijackthis pour que je puisses vérifier les infections de ton pc stp

Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

https://www.androidworld.fr/
0
Réponse 3 / 18
zassalamel Messages postés 77 Statut Membre 4
 
voici le rapport geo

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:00:50, on 25/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\csrss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\Explorer.EXE
c:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Kaspersky Lab xp\avp.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\nvsvc32.exe
I:\Program Files\Spyware Terminator\sp_rsser.exe
I:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Program Files\VDOTool\TBPanel.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
D:\Program Files\Kaspersky Lab xp\avp.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
I:\WINDOWS\System32\svchost.exe
D:\Program Files\Xfire\xfire.exe
I:\WINDOWS\System32\alg.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\a-squared Anti-Malware\a2scan.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Documents and Settings\B3AOU\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - c:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [WinampAgent] "c:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TBPanel] I:\Program Files\VDOTool\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab xp\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [SpywareTerminator] "I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [uTorrent] "I:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = I:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Startup: Registration SCRABBLE® Interactive 2007 EDITION.LNK = ?
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: ajouter à kaspersky anti-bannière - D:\Program Files\Kaspersky Lab xp\ie_banner_deny.htm
O8 - Extra context menu item: crawler search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab xp\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\adialhk.dll
O20 - Winlogon Notify: WinCtrl32 - I:\WINDOWS\SYSTEM32\WinCtrl32.dll
O23 - Service: a-squared Anti-Malware Service (a2antimalware) - Emsi Software GmbH - c:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Gestion d'applications AppMgmtEventSystem (AppMgmtEventSystem) - Unknown owner - .exe (file missing)
O23 - Service: Gestion d'applications AppMgmtEventSystem AppMgmtEventSystemAlerter (AppMgmtEventSystemAlerter) - Unknown owner - .exe (file missing)
O23 - Service: Audio Windows AudioSrvHTTPFilter (AudioSrvHTTPFilter) - Unknown owner - .exe (file missing)
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab xp\avp.exe
O23 - Service: Kaspersky Internet Security 7.0 AVPCryptSvcRasAuto (AVPCryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Service d'indexation CiSvcAVPCryptSvcRasAuto (CiSvcAVPCryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Services de cryptographie CryptSvcRasAuto (CryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de disque logique dmserverdmserverProtectedStorage (dmserverdmserverprotectedstorage) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de disque logique dmserverProtectedStorage (dmserverProtectedStorage) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de disque logique dmserverWLSetupSvc (dmserverWLSetupSvc) - Unknown owner - .exe (file missing)
O23 - Service: Client DNS DnscacheLexBceS (DnscacheLexBceS) - Unknown owner - .exe (file missing)
O23 - Service: Client DNS DnscacheLexBceS DnscacheLexBceSHidServDcomLaunch (DnscacheLexBceSHidServDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: Service de rapport d'erreurs ERSvcdmserverProtectedStorage (ERSvcdmserverProtectedStorage) - Unknown owner - .exe (file missing)
O23 - Service: Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityAlerter (FastUserSwitchingCompatibilityAlerter) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Google Updater Service gusvcHTTPFilter (gusvcHTTPFilter) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service gusvcNetman (gusvcNetman) - Unknown owner - .exe (file missing)
O23 - Service: Google Updater Service gusvcNetman gusvcNetmanmnmsrvc (gusvcNetmanmnmsrvc) - Unknown owner - .exe (file missing)
O23 - Service: Aide et support helpsvcSysmonLog (helpsvcSysmonLog) - Unknown owner - .exe (file missing)
O23 - Service: Accès du périphérique d'interface utilisateur HidServDcomLaunch (HidServDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InstallDriver Table Manager IDriverTRasAutoMDMSchedule (IDriverTRasAutoMDMSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Serveur lanmanserverWLSetupSvclanmanworkstation (lanmanserverWLSetupSvclanmanworkstation) - Unknown owner - .exe (file missing)
O23 - Service: Station de travail lanmanworkstationDnscacheLexBceSHidServDcomLaunch (lanmanworkstationDnscacheLexBceSHidServDcomLaunch) - Unknown owner - .exe (file missing)
O23 - Service: Station de travail lanmanworkstationVSS (lanmanworkstationvss) - Unknown owner - .exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LexBce Server LexBceSHTTPFilter (LexBceSHTTPFilter) - Unknown owner - .exe (file missing)
O23 - Service: LexBce Server LexBceSWmdmPmSNIDriverT (LexBceSWmdmPmSNIDriverT) - Unknown owner - .exe (file missing)
O23 - Service: LexBce Server LexBceSWmdmPmSNIDriverT LexBceSWmdmPmSNIDriverTRasAutoMDM (LexBceSWmdmPmSNIDriverTRasAutoMDM) - Unknown owner - .exe (file missing)
O23 - Service: Assistance TCP/IP NetBIOS LmHostsSchedule (LmHostsSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Assistance TCP/IP NetBIOS LmHostsSchedule LmHostsScheduleUPS (LmHostsScheduleUPS) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMdmadmin (MDMdmadmin) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMLexBceS (MDMLexBceS) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMLexBceS MDMLexBceSDnscacheLexBceS (mdmlexbcesdnscachelexbces) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMLexBceS MDMLexBceSW32Time (mdmlexbcesw32time) - Unknown owner - .exe (file missing)
O23 - Service: Machine Debug Manager MDMupnphostClipSrvNetlogon (MDMupnphostClipSrvNetlogon) - Unknown owner - .exe (file missing)
O23 - Service: Affichage des messages MessengerRemoteRegistry (MessengerRemoteRegistry) - Unknown owner - .exe (file missing)
O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcTrkWks (mnmsrvcTrkWks) - Unknown owner - .exe (file missing)
O23 - Service: DSDM DDE réseau NetDDEdsdmWebClientALG (NetDDEdsdmWebClientALG) - Unknown owner - .exe (file missing)
O23 - Service: DSDM DDE réseau NetDDEdsdmWebClientALG NetDDEdsdmWebClientALGlanmanserver (NetDDEdsdmWebClientALGlanmanserver) - Unknown owner - .exe (file missing)
O23 - Service: Ouverture de session réseau NetlogonBITS (NetlogonBITS) - Unknown owner - .exe (file missing)
O23 - Service: Ouverture de session réseau NetlogonSchedule (NetlogonSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog (NtLmSspEventlog) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog NtLmSspEventlogTlntSvr (NtLmSspEventlogTlntSvr) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog NtLmSspEventlogTlntSvr NtLmSspEventlogTlntSvrNetDDEdsdm (ntlmsspeventlogtlntsvrnetddedsdm) - Unknown owner - .exe (file missing)
O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspNVSvc (NtLmSspNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine oseVSS (oseVSS) - Unknown owner - .exe (file missing)
O23 - Service: Services IPSEC PolicyAgentWLSetupSvc (PolicyAgentWLSetupSvc) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM (RasAutoMDM) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM RasAutoMDMCryptSvcRasAuto (RasAutoMDMCryptSvcRasAuto) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM RasAutoMDMSchedule (RasAutoMDMSchedule) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutomnmsrvc (RasAutomnmsrvc) - Unknown owner - .exe (file missing)
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance RDSessMgrTermServiceNtLmSsp (rdsessmgrtermservicentlmssp) - Unknown owner - .exe (file missing)
O23 - Service: Routage et accès distant RemoteAccessCiSvc (RemoteAccessCiSvc) - Unknown owner - .exe (file missing)
O23 - Service: QoS RSVP RSVPose (RSVPose) - Unknown owner - .exe (file missing)
O23 - Service: Planificateur de tâches ScheduleIDriverT (ScheduleIDriverT) - Unknown owner - .exe (file missing)
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage (stisvcERSvcdmserverProtectedStorage) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage stisvcERSvcdmserverProtectedStorageW32Time (stisvcERSvcdmserverProtectedStorageW32Time) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage stisvcERSvcdmserverProtectedStorageW32Time stisvcERSvcdmserverProtectedStorageW32TimeBrowser (stisvcERSvcdmserverProtectedStorageW32TimeBrowser) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcMDM (stisvcMDM) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcMSDTC (stisvcMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: Acquisition d'image Windows (WIA) stisvcMSDTC stisvcMSDTCMSDTC (stisvcMSDTCMSDTC) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvBITS (SwPrvBITS) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvVSS (SwPrvVSS) - Unknown owner - .exe (file missing)
O23 - Service: MS Software Shadow Copy Provider SwPrvVSS SwPrvVSSAppMgmt (SwPrvVSSAppMgmt) - Unknown owner - .exe (file missing)
O23 - Service: Services Terminal Server TermServiceNtLmSsp (TermServiceNtLmSsp) - Unknown owner - .exe (file missing)
O23 - Service: Services Terminal Server TermServiceWebClientUPS (TermServiceWebClientUPS) - Unknown owner - .exe (file missing)
O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostAppMgmtEventSystemAlerter (upnphostAppMgmtEventSystemAlerter) - Unknown owner - .exe (file missing)
O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostClipSrv (upnphostClipSrv) - Unknown owner - .exe (file missing)
O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostClipSrv upnphostClipSrvNetlogon (upnphostClipSrvNetlogon) - Unknown owner - .exe (file missing)
O23 - Service: User Privilege Service usprservHidServ (usprservHidServ) - Unknown owner - .exe (file missing)
O23 - Service: WebClient WebClientALG (WebClientALG) - Unknown owner - .exe (file missing)
O23 - Service: WebClient WebClientUPS (WebClientUPS) - Unknown owner - .exe (file missing)
O23 - Service: Windows Live Setup Service WLSetupSvclanmanworkstation (WLSetupSvclanmanworkstation) - Unknown owner - .exe (file missing)
O23 - Service: Windows Live Setup Service WLSetupSvclanmanworkstation WLSetupSvclanmanworkstationupnphostClipSrv (wlsetupsvclanmanworkstationupnphostclipsrv) - Unknown owner - .exe (file missing)
O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNIDriverT (WmdmPmSNIDriverT) - Unknown owner - .exe (file missing)
O23 - Service: Carte de performance WMI WmiApSrvNVSvc (WmiApSrvNVSvc) - Unknown owner - .exe (file missing)
O23 - Service: Carte de performance WMI WmiApSrvRSVPose (WmiApSrvRSVPose) - Unknown owner - .exe (file missing)
O23 - Service: Configuration automatique sans fil WZCSVCmnmsrvc (WZCSVCmnmsrvc) - Unknown owner - .exe (file missing)
0
Réponse 4 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
tu as des toolbars infectées...fais ceci stp :

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau à cette adresse :

(c est le numéro 6 en bas de la page) : https://www.androidworld.fr/

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
zassalamel Messages postés 77 Statut Membre 4
 
ok ,
au fait depuis l'infection je ne peux plus me connecter a msn ni d'afficher la page hotmail.fr

voici le rapport TB

-----------\\ ToolBar S&D 1.1.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
BIOS : BIOS Date: 12/25/2006 Ver: 08.00.13
USER : B3AOU ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 7.0.0.124 (Activated)
Firewall : Kaspersky Internet Security 7.0.0.124 (Activated)

"I:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
Option : [1] ( 25/12/2006| 6:16 )

-----------\\ Recherche de Fichiers / Dossiers ...

I:\Program Files\Crawler
I:\Program Files\Crawler\Download
I:\Program Files\Crawler\Toolbar
I:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="I:\\WINDOWS\\system32\\blank.htm"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

--------------------\\ Recherche d'autres infections
0
Réponse 6 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok c est bien de le dire...fais ce qui suit stp :

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

ensuite :

télécharge combofix (par sUBs) à cette adresse :

(c est le numéro 5 en bas de la page) : https://www.androidworld.fr/

et enregistre le sur le Bureau.

désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/

ensuite envois le rapport stp
0
Réponse 7 / 18
zassalamel Messages postés 77 Statut Membre 4
 
alors la ce virus a tout fait:

il a desactiver le parefeu windows et je ne peu plus l'activer

je ne peu pa changer l'arriere plan qui contient la maudite fenetre

et si la mise en veille a lieu , le PC se plante directement

voici le nouveau rapport

-----------\\ ToolBar S&D 1.1.6 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
BIOS : BIOS Date: 12/25/2006 Ver: 08.00.13
USER : B3AOU ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Internet Security 7.0.0.124 (Activated)
Firewall : Kaspersky Internet Security 7.0.0.124 (Activated)

"I:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
Option : [2] ( 25/12/2006| 6:26 )

-----------\\ SUPPRESSION

Supprime! - I:\Program Files\Crawler\Download
Supprime! - I:\Program Files\Crawler\Toolbar
Supprime! - I:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
Supprime! - I:\Program Files\Crawler

-----------\\ Recherche de Fichiers / Dossiers ...
0
Réponse 8 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok maintenant fais combofix stp
0
Réponse 9 / 18
zassalamel Messages postés 77 Statut Membre 4
 
ca affiche un message d'erreur "data error" "check your settings"
0
Réponse 10 / 18
zassalamel Messages postés 77 Statut Membre 4
 
voila

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1092
Windows 5.1.2600 Service Pack 2

07:00:28 25/12/2006
mbam-log-12-25-2006 (07-00-28).txt

Type de recherche: Examen rapide
Eléments examinés: 50453
Temps écoulé: 5 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
I:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
I:\WINDOWS\system32\blphc53wj0eg63.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\adsndst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
I:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\system32\phc53wj0eg63.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
I:\WINDOWS\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
0
Réponse 11 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok...réessais combofix stp

et ensuite fais ceci :

Option 1 - Recherche :

télécharge smitfraudfix et enregistre le sur le bureau à cette adresse (c est le numéro 2 en bas de la page) :

https://www.androidworld.fr/

Ensuite double clique sur smitfraudfix puis exécuter

Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

copier/coller le rapport dans la réponse.
0
Réponse 12 / 18
zassalamel Messages postés 77 Statut Membre 4
 
ok , je vais faire ca mais avant il faut que je te dise , tout est redevenu normal maintenant sauf msn qui ne veu pa se connecter , j'utilise combofix commeme?
0
Réponse 13 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
oui fais combofix et ensuite smitfraudfix stp
0
Réponse 14 / 18
zassalamel Messages postés 77 Statut Membre 4
 
rien toujours "date error" "check your settings"
je ne voi pas le rapport avec la date , est ce que je dois changer la date systeme?
0
Réponse 15 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
non ne touche pas à la date systeme...fais smitfraudfix et ensuite on lancera un programme pour msn
0
zassalamel Messages postés 77 Statut Membre 4
 
ah dsl j'ai deja changer la date system et tu c quoi , ca a marché voici le rapport de combofix

ComboFix 08-08-28.04 - B3AOU 2008-08-28 8:18:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.586 [GMT 2:00]
Endroit: I:\Documents and Settings\B3AOU\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\bin.clearspring.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\bin.clearspring.com\clearspring.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com\v1.0.0290\v\swf\qplayer.swf\qplayer.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com\v1.0.0293\v\swf\qplayer.swf\qplayer.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
I:\WINDOWS\system32\AutoRun.inf
I:\WINDOWS\system32\dao350.dll
i:\windows\system32\Drivers\Winfm20.sys
I:\WINDOWS\system32\kakle.dll
I:\WINDOWS\system32\mdm.exe
I:\WINDOWS\system32\MSINET.oca
I:\WINDOWS\system32\WinCtrl32.dl_
I:\WINDOWS\system32\WinCtrl32.dll
I:\WINDOWS\system32\winitn.dll
I:\WINDOWS\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINFM20
-------\Service_Winfm20


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
.

2008-08-28 12:39 . 2008-08-28 12:39 203,776 --a--c--- I:\WINDOWS\system32\drivers\234.exe
2008-08-28 11:14 . 2006-12-25 08:25 0 --a--c--- I:\WINDOWS\system32\drivers\857a4e0f.sys
2008-08-27 22:29 . 2008-08-27 22:29 203,776 --a--c--- I:\WINDOWS\system32\drivers\[u]0[/u].exe
2008-08-27 19:12 . 2008-08-27 19:12 203,776 --a--c--- I:\WINDOWS\system32\drivers\421.exe
2008-08-27 17:47 . 2008-08-27 17:47 203,776 --a--c--- I:\WINDOWS\system32\drivers\765.exe
2008-08-27 17:30 . 2008-08-27 17:30 203,776 --a--c--- I:\WINDOWS\system32\drivers\31.exe
2008-08-27 11:13 . 2008-08-27 11:13 203,776 --a--c--- I:\WINDOWS\system32\drivers\875.exe
2008-08-26 20:57 . 2008-08-26 20:57 203,776 --a--c--- I:\WINDOWS\system32\drivers\484.exe
2008-08-23 18:00 . 2008-08-23 18:00 <REP> d----c--- I:\Documents and Settings\All Users\Application Data\VistaCodecs
2008-08-16 12:14 . 2006-12-25 06:05 0 --a--c--- I:\WINDOWS\system32\1033n.sys
2008-08-09 18:19 . 2008-08-09 18:19 244 --ah-c--- I:\sqmnoopt12.sqm
2008-08-09 18:19 . 2008-08-09 18:19 232 --ah-c--- I:\sqmdata12.sqm
2008-08-09 17:51 . 2008-08-09 17:51 268 --ah-c--- I:\sqmdata11.sqm
2008-08-09 17:51 . 2008-08-09 17:51 244 --ah-c--- I:\sqmnoopt11.sqm
2008-08-09 13:29 . 2008-08-09 13:29 268 --ah-c--- I:\sqmdata10.sqm
2008-08-09 13:29 . 2008-08-09 13:29 244 --ah-c--- I:\sqmnoopt10.sqm
2008-08-09 08:41 . 2008-08-09 08:41 268 --ah-c--- I:\sqmdata09.sqm
2008-08-09 08:41 . 2008-08-09 08:41 244 --ah-c--- I:\sqmnoopt09.sqm
2008-08-09 08:30 . 2008-08-09 08:30 1,007,616 --a--c--- I:\WINDOWS\system32\VSFilter.dll
2008-08-09 00:17 . 2008-08-09 00:17 268 --ah-c--- I:\sqmdata08.sqm
2008-08-09 00:17 . 2008-08-09 00:17 244 --ah-c--- I:\sqmnoopt08.sqm
2008-08-08 20:33 . 2008-08-08 20:33 268 --ah-c--- I:\sqmdata07.sqm
2008-08-08 20:33 . 2008-08-08 20:33 244 --ah-c--- I:\sqmnoopt07.sqm
2008-08-08 17:12 . 2008-08-08 17:12 268 --ah-c--- I:\sqmdata06.sqm
2008-08-08 17:12 . 2008-08-08 17:12 244 --ah-c--- I:\sqmnoopt06.sqm
2008-08-08 14:36 . 2008-08-08 14:36 268 --ah-c--- I:\sqmdata05.sqm
2008-08-08 14:36 . 2008-08-08 14:36 244 --ah-c--- I:\sqmnoopt05.sqm
2008-08-08 12:35 . 2008-08-08 12:35 <REP> d----c--- I:\Program Files\QuickTime
2008-08-08 02:15 . 2008-08-08 02:15 268 --ah-c--- I:\sqmdata04.sqm
2008-08-08 02:15 . 2008-08-08 02:15 244 --ah-c--- I:\sqmnoopt04.sqm
2008-08-07 23:42 . 2008-08-07 23:42 268 --ah-c--- I:\sqmdata03.sqm
2008-08-07 23:42 . 2008-08-07 23:42 244 --ah-c--- I:\sqmnoopt03.sqm
2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a--c--- I:\WINDOWS\system32\xfcodec.dll
2008-08-04 09:51 . 2006-12-25 06:17 31,545,427 --ahsc--- I:\WINDOWS\system32\adsndsto.sys
2008-08-04 09:37 . 2006-12-25 08:10 284 --a-sc--- I:\WINDOWS\system32\3692391039.dat
2008-08-04 00:14 . 2008-08-04 00:14 130,712 --a--c--- I:\Documents and Settings\B3AOU\S87ekhV.exe
2008-08-03 11:29 . 2008-08-03 11:32 <REP> d----c--- I:\WINDOWS\system32\Adobe
2008-08-03 11:02 . 2006-04-18 23:56 441,856 --a--c--- I:\WINDOWS\system32\mailingbuilder.dll
2008-08-03 11:02 . 2004-08-04 06:00 128,000 --a--c--- I:\WINDOWS\system32\DHTMLED.OCX
2008-07-30 18:37 . 2008-07-30 18:37 <REP> d--hsc--- I:\WINDOWS\ftpcache
2008-07-28 01:12 . 2008-07-28 01:12 <REP> d----c--- I:\Documents and Settings\All Users\Application Data\Adobe Systems

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 06:28 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\uTorrent
2008-08-28 06:27 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\AdobeUM
2008-08-28 06:26 24,084,512 -csha-w I:\WINDOWS\system32\drivers\fidbox.dat
2008-08-28 06:24 83,132 -csha-w I:\WINDOWS\system32\drivers\fidbox2.idx
2008-08-28 06:24 808,992 -csha-w I:\WINDOWS\system32\drivers\fidbox2.dat
2008-08-28 06:24 329,852 -csha-w I:\WINDOWS\system32\drivers\fidbox.idx
2008-08-17 14:01 38,472 -c--a-w I:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-17 14:01 17,144 -c--a-w I:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 22:54 --------- dc--a-w I:\Documents and Settings\All Users\Application Data\TEMP
2008-08-09 16:25 --------- dc-h--w I:\Program Files\InstallShield Installation Information
2008-07-30 08:01 --------- dc----w I:\Program Files\Ubisoft
2008-07-30 08:01 --------- dc----w I:\Documents and Settings\All Users\Application Data\Ubisoft
2008-07-28 11:00 --------- dc----w I:\Program Files\HP
2008-07-28 11:00 --------- dc----w I:\Documents and Settings\All Users\Application Data\HP
2008-07-27 23:18 --------- dc----w I:\Program Files\Fichiers communs\Adobe
2008-07-27 22:41 344,064 -c--a-w I:\WINDOWS\system32\dkll.dll
2008-07-27 22:41 196,608 -c--a-w I:\WINDOWS\system32\maag.dll
2008-07-27 22:41 1,986,560 -c--a-w I:\WINDOWS\system32\akll.dll
2008-07-27 22:41 1,212,416 -c--a-w I:\WINDOWS\system32\ckll.dll
2008-07-25 10:14 --------- dc----w I:\Program Files\Java
2008-07-25 10:02 --------- dc----w I:\Program Files\Fichiers communs\Java
2008-07-23 10:28 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\Ashampoo
2008-07-23 10:27 --------- dc----w I:\Program Files\Ashampoo
2008-07-19 20:28 --------- dc----w I:\Program Files\ReflexiveArcade
2008-07-18 11:05 444,952 -c--a-w I:\WINDOWS\system32\wrap_oal.dll
2008-07-18 11:05 109,080 -c--a-w I:\WINDOWS\system32\OpenAL32.dll
2008-07-18 10:28 107,888 -c--a-w I:\WINDOWS\system32\CmdLineExt.dll
2008-07-12 23:41 --------- dc----w I:\Program Files\Common Files
2008-07-12 22:23 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\InstallShield
2008-07-11 15:43 --------- dc----w I:\Program Files\uTorrent
2008-07-11 08:24 --------- dc----w I:\Documents and Settings\All Users\Application Data\GlobalSCAPE
2008-07-09 21:14 --------- dc----w I:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-09 14:23 --------- dcsh--w I:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-09 13:19 --------- dc----w I:\Program Files\Windows Live
2008-07-08 17:26 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\HP
2008-07-08 17:26 --------- dc----w I:\Documents and Settings\All Users\Application Data\WEBREG
2008-07-08 17:22 --------- dc----w I:\Program Files\Fichiers communs\HP
2008-07-08 17:16 --------- dc----w I:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-07-06 16:54 --------- dc----w I:\Program Files\Fichiers communs\Blizzard Entertainment
2008-07-06 10:56 --------- dc----w I:\Program Files\Google
2008-07-02 22:45 --------- dc----w I:\Documents and Settings\LocalService\Application Data\Xfire
2008-07-02 21:50 --------- dc----w I:\Documents and Settings\NetworkService\Application Data\Xfire
2008-07-01 08:11 --------- dc----w I:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-28 18:52 --------- dc----w I:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-06-12 18:36 7,680 -c--a-w I:\WINDOWS\system32\ff_vfw.dll
2006-12-25 04:17 31,545,427 -csha-w I:\WINDOWS\system32\adsndsto.sys
.

------- Sigcheck -------

2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 I:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 I:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 I:\WINDOWS\system32\dllcache\tcpip.sys
2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 I:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 14:17 68856]
"MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"uTorrent"="I:\Program Files\uTorrent\uTorrent.exe" [2008-08-14 12:02 267056]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 16:53 307200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"TBPanel"="I:\Program Files\VDOTool\TBPanel.exe" [2008-01-29 11:19 2157096]
"NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2008-01-08 19:53 8523776]
"NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2008-01-08 19:53 81920]
"Sony Ericsson PC Suite"="I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384]
"QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2008-08-08 12:35 413696]
"a-squared"="C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-07-31 15:46 2131600]
"AVP"="D:\Program Files\Kaspersky Lab xp\avp.exe" [2007-06-26 16:53 218376]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-02 17:02 16377344 I:\WINDOWS\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2008-01-08 19:53 1626112 I:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\PROGRA~1\KASPER~1\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"msacm.divxa32"= divxa32.acm
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
"I:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Program Files\\Xfire\\xfire.exe"=
"D:\\Program Files\\Prey\\prey.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"I:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 klim5;Kaspersky Anti-Virus NDIS Filter;I:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S1 857a4e0f;857a4e0f;I:\WINDOWS\system32\drivers\857a4e0f.sys [2006-12-25 08:25]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);I:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;I:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;I:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);I:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;I:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10192-f133-11dc-b1ac-806d6172696f}]
\Shell\AutoRun\command - E:\ntde1ect.com
\Shell\explore\Command - E:\ntde1ect.com
\Shell\open\Command - E:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10193-f133-11dc-b1ac-806d6172696f}]
\Shell\AutoRun\command - F:\ntde1ect.com
\Shell\explore\Command - F:\ntde1ect.com
\Shell\open\Command - F:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10194-f133-11dc-b1ac-806d6172696f}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e07823-f5ef-11dc-b1bd-001921b35837}]
\Shell\AutoRun\command - O:\u2.cmd
\Shell\explore\Command - O:\u2.cmd
\Shell\open\Command - O:\u2.cmd

*Newly Created Service* - SHAREDACCESSDNSCACHELEXBCES
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
HKLM-Run-EoSudoku - (no file)
Notify-AtiExtEvent - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R0 -: HKLM-Main,Window Title =
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: crawler search - tbr:iemenu
O8 -: Download ALL with IDA
O8 -: Download with IDA
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-28 08:27:48
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmtEventSystem]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmtEventSystemAlerter]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrvHTTPFilter]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVPCryptSvcRasAuto]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcAVPCryptSvcRasAuto]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvcRasAuto]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverdmserverprotectedstorage]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverProtectedStorage]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverWLSetupSvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DnscacheLexBceS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DnscacheLexBceSHidServDcomLaunch]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvcdmserverProtectedStorage]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityAlerter]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityAlerterClipSrv]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcHTTPFilter]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcNetman]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcNetmanmnmsrvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvcSysmonLog]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServDcomLaunch]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverTRasAutoMDMSchedule]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserverWLSetupSvclanmanworkstation]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationDnscacheLexBceSHidServDcomLaunch]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationDnscacheLexBceSHidServDcomLaunchNtLmSspEventlogTlntSvr]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationvss]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSHTTPFilter]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSWmdmPmSNIDriverT]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSWmdmPmSNIDriverTRasAutoMDM]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHostsSchedule]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHostsScheduleUPS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMdmadmin]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMLexBceS]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmlexbcesdnscachelexbces]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmlexbcesw32time]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMupnphostClipSrvNetlogon]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerRemoteRegistry]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcTrkWks]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmWebClientALG]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmWebClientALGlanmanserver]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonBITS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonSchedule]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspEventlog]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspEventlogTlntSvr]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntlmsspeventlogtlntsvrnetddedsdm]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspNVSvc]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntlmsspnvsvcavp]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oseVSS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgentWLSetupSvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDM]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDMCryptSvcRasAuto]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDMSchedule]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutomnmsrvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdsessmgrtermservicentlmssp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessCiSvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVPose]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScheduleIDriverT]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessDnscacheLexBceS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorage]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorageW32Time]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorageW32TimeBrowser]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMDM]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMSDTC]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMSDTCMSDTC]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvBITS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvVSS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvVSSAppMgmt]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceNtLmSsp]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceWebClientUPS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostAppMgmtEventSystemAlerter]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostClipSrv]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostClipSrvNetlogon]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usprservHidServ]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientALG]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientUPS]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvclanmanworkstation]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wlsetupsvclanmanworkstationupnphostclipsrv]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNIDriverT]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvNVSvc]
"ImagePath"=" srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvRSVPose]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCmnmsrvc]
"ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
.
------------------------ Other Running Processes ------------------------
.
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
I:\WINDOWS\system32\wscntfy.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
I:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-28 8:33:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 06:32:57

Pre-Run: 61,849,600 octets libres
Post-Run: 115,523,584 octets libres

422 --- E O F --- 2008-07-05 20:30:52
0
Réponse 16 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok lol...fais quand meme smitfraudfix pour vérifier stp
0
Réponse 17 / 18
zassalamel Messages postés 77 Statut Membre 4
 
voila pour le dernier rapport et merci, msn marche aussi ^^

SmitFraudFix v2.342

Rapport fait à 10:06:03,12, 28/08/2008
Executé à partir de I:\Documents and Settings\B3AOU\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\LEXBCES.EXE
I:\WINDOWS\system32\LEXPPS.EXE
I:\WINDOWS\system32\spoolsv.exe
c:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Kaspersky Lab xp\avp.exe
I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
I:\WINDOWS\system32\nvsvc32.exe
I:\WINDOWS\RTHDCPL.EXE
I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\WINDOWS\system32\wscntfy.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
I:\WINDOWS\explorer.exe
I:\Program Files\Internet Explorer\IEXPLORE.EXE
I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
I:\Program Files\Windows Live\Messenger\msnmsgr.exe
I:\Documents and Settings\B3AOU\Bureau\SmitfraudFix\Policies.exe
I:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» I:\

»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\B3AOU

»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\B3AOU\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» I:\DOCUME~1\B3AOU\Favoris

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» I:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="D:\\PROGRA~1\\KASPER~1\\adialhk.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="I:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» RK

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin
0
Réponse 18 / 18
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
ok...tu avais fais une analyse rapide avec malwarebytes....maintenant fais une complete stp

et ensuite refais un nouveau rapport hijackthis
0

Discussions similaires

qui est le docteur gang ? (MAD)...
the-frag -
LilaSolie -

7 réponses