Spyware mechant , help

zassalamel Messages postés 77 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,
mon PC est infecté par la fenetre "Adware.virtuMonde" "PrivacyRemover.M64"
j'ai tout essayer sans succés , aide svp
Configuration: Windows XP
Internet Explorer 6.0

18 réponses

  1. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    bizarre ce message d erreur :s

    Télécharge sur le bureau malwarebytes à cette adresse :

    https://www.androidworld.fr/

    Voici un tuto pour bien l installer et bien l utiliser :

    https://www.androidworld.fr/

    Après l analyse, redémarrer le pc et poste le rapport !!
    1
  2. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Salut !!

    Fais un rapport hijackthis pour que je puisses vérifier les infections de ton pc stp

    Télécharge hijackthis à cette adresse, tout est expliqué pour bien l installer et pour savoir s'en servir :

    https://www.androidworld.fr/
    0
  3. zassalamel Messages postés 77 Statut Membre 4
     
    voici le rapport geo

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 06:00:50, on 25/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\csrss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\system32\LEXBCES.EXE
    I:\WINDOWS\system32\LEXPPS.EXE
    I:\WINDOWS\system32\spoolsv.exe
    I:\WINDOWS\Explorer.EXE
    c:\Program Files\a-squared Anti-Malware\a2service.exe
    D:\Program Files\Kaspersky Lab xp\avp.exe
    I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    I:\WINDOWS\system32\nvsvc32.exe
    I:\Program Files\Spyware Terminator\sp_rsser.exe
    I:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Winamp\winampa.exe
    I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    I:\Program Files\VDOTool\TBPanel.exe
    I:\WINDOWS\system32\RUNDLL32.EXE
    I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    D:\Program Files\Kaspersky Lab xp\avp.exe
    C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
    I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
    I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    I:\WINDOWS\System32\svchost.exe
    D:\Program Files\Xfire\xfire.exe
    I:\WINDOWS\System32\alg.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\a-squared Anti-Malware\a2scan.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
    I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    I:\Program Files\Internet Explorer\iexplore.exe
    I:\Documents and Settings\B3AOU\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - c:\PROGRA~1\eoRezo\EoAdv\EOREZO~1.DLL (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [WinampAgent] "c:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [TBPanel] I:\Program Files\VDOTool\TBPanel.exe /A
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab xp\avp.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
    O4 - HKLM\..\Run: [SpywareTerminator] "I:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKCU\..\Run: [swg] I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [uTorrent] "I:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.0.lnk = I:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
    O4 - Startup: Registration SCRABBLE® Interactive 2007 EDITION.LNK = ?
    O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: ajouter à kaspersky anti-bannière - D:\Program Files\Kaspersky Lab xp\ie_banner_deny.htm
    O8 - Extra context menu item: crawler search - tbr:iemenu
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab xp\SCIEPlgn.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - I:\PROGRA~1\Crawler\Toolbar\ctbr.dll
    O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\adialhk.dll
    O20 - Winlogon Notify: WinCtrl32 - I:\WINDOWS\SYSTEM32\WinCtrl32.dll
    O23 - Service: a-squared Anti-Malware Service (a2antimalware) - Emsi Software GmbH - c:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Gestion d'applications AppMgmtEventSystem (AppMgmtEventSystem) - Unknown owner - .exe (file missing)
    O23 - Service: Gestion d'applications AppMgmtEventSystem AppMgmtEventSystemAlerter (AppMgmtEventSystemAlerter) - Unknown owner - .exe (file missing)
    O23 - Service: Audio Windows AudioSrvHTTPFilter (AudioSrvHTTPFilter) - Unknown owner - .exe (file missing)
    O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab xp\avp.exe
    O23 - Service: Kaspersky Internet Security 7.0 AVPCryptSvcRasAuto (AVPCryptSvcRasAuto) - Unknown owner - .exe (file missing)
    O23 - Service: Service d'indexation CiSvcAVPCryptSvcRasAuto (CiSvcAVPCryptSvcRasAuto) - Unknown owner - .exe (file missing)
    O23 - Service: Services de cryptographie CryptSvcRasAuto (CryptSvcRasAuto) - Unknown owner - .exe (file missing)
    O23 - Service: Gestionnaire de disque logique dmserverdmserverProtectedStorage (dmserverdmserverprotectedstorage) - Unknown owner - .exe (file missing)
    O23 - Service: Gestionnaire de disque logique dmserverProtectedStorage (dmserverProtectedStorage) - Unknown owner - .exe (file missing)
    O23 - Service: Gestionnaire de disque logique dmserverWLSetupSvc (dmserverWLSetupSvc) - Unknown owner - .exe (file missing)
    O23 - Service: Client DNS DnscacheLexBceS (DnscacheLexBceS) - Unknown owner - .exe (file missing)
    O23 - Service: Client DNS DnscacheLexBceS DnscacheLexBceSHidServDcomLaunch (DnscacheLexBceSHidServDcomLaunch) - Unknown owner - .exe (file missing)
    O23 - Service: Service de rapport d'erreurs ERSvcdmserverProtectedStorage (ERSvcdmserverProtectedStorage) - Unknown owner - .exe (file missing)
    O23 - Service: Compatibilité avec le Changement rapide d'utilisateur FastUserSwitchingCompatibilityAlerter (FastUserSwitchingCompatibilityAlerter) - Unknown owner - .exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Google Updater Service gusvcHTTPFilter (gusvcHTTPFilter) - Unknown owner - .exe (file missing)
    O23 - Service: Google Updater Service gusvcNetman (gusvcNetman) - Unknown owner - .exe (file missing)
    O23 - Service: Google Updater Service gusvcNetman gusvcNetmanmnmsrvc (gusvcNetmanmnmsrvc) - Unknown owner - .exe (file missing)
    O23 - Service: Aide et support helpsvcSysmonLog (helpsvcSysmonLog) - Unknown owner - .exe (file missing)
    O23 - Service: Accès du périphérique d'interface utilisateur HidServDcomLaunch (HidServDcomLaunch) - Unknown owner - .exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: InstallDriver Table Manager IDriverTRasAutoMDMSchedule (IDriverTRasAutoMDMSchedule) - Unknown owner - .exe (file missing)
    O23 - Service: Serveur lanmanserverWLSetupSvclanmanworkstation (lanmanserverWLSetupSvclanmanworkstation) - Unknown owner - .exe (file missing)
    O23 - Service: Station de travail lanmanworkstationDnscacheLexBceSHidServDcomLaunch (lanmanworkstationDnscacheLexBceSHidServDcomLaunch) - Unknown owner - .exe (file missing)
    O23 - Service: Station de travail lanmanworkstationVSS (lanmanworkstationvss) - Unknown owner - .exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - I:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LexBce Server LexBceSHTTPFilter (LexBceSHTTPFilter) - Unknown owner - .exe (file missing)
    O23 - Service: LexBce Server LexBceSWmdmPmSNIDriverT (LexBceSWmdmPmSNIDriverT) - Unknown owner - .exe (file missing)
    O23 - Service: LexBce Server LexBceSWmdmPmSNIDriverT LexBceSWmdmPmSNIDriverTRasAutoMDM (LexBceSWmdmPmSNIDriverTRasAutoMDM) - Unknown owner - .exe (file missing)
    O23 - Service: Assistance TCP/IP NetBIOS LmHostsSchedule (LmHostsSchedule) - Unknown owner - .exe (file missing)
    O23 - Service: Assistance TCP/IP NetBIOS LmHostsSchedule LmHostsScheduleUPS (LmHostsScheduleUPS) - Unknown owner - .exe (file missing)
    O23 - Service: Machine Debug Manager MDMdmadmin (MDMdmadmin) - Unknown owner - .exe (file missing)
    O23 - Service: Machine Debug Manager MDMLexBceS (MDMLexBceS) - Unknown owner - .exe (file missing)
    O23 - Service: Machine Debug Manager MDMLexBceS MDMLexBceSDnscacheLexBceS (mdmlexbcesdnscachelexbces) - Unknown owner - .exe (file missing)
    O23 - Service: Machine Debug Manager MDMLexBceS MDMLexBceSW32Time (mdmlexbcesw32time) - Unknown owner - .exe (file missing)
    O23 - Service: Machine Debug Manager MDMupnphostClipSrvNetlogon (MDMupnphostClipSrvNetlogon) - Unknown owner - .exe (file missing)
    O23 - Service: Affichage des messages MessengerRemoteRegistry (MessengerRemoteRegistry) - Unknown owner - .exe (file missing)
    O23 - Service: Partage de Bureau à distance NetMeeting mnmsrvcTrkWks (mnmsrvcTrkWks) - Unknown owner - .exe (file missing)
    O23 - Service: DSDM DDE réseau NetDDEdsdmWebClientALG (NetDDEdsdmWebClientALG) - Unknown owner - .exe (file missing)
    O23 - Service: DSDM DDE réseau NetDDEdsdmWebClientALG NetDDEdsdmWebClientALGlanmanserver (NetDDEdsdmWebClientALGlanmanserver) - Unknown owner - .exe (file missing)
    O23 - Service: Ouverture de session réseau NetlogonBITS (NetlogonBITS) - Unknown owner - .exe (file missing)
    O23 - Service: Ouverture de session réseau NetlogonSchedule (NetlogonSchedule) - Unknown owner - .exe (file missing)
    O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog (NtLmSspEventlog) - Unknown owner - .exe (file missing)
    O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog NtLmSspEventlogTlntSvr (NtLmSspEventlogTlntSvr) - Unknown owner - .exe (file missing)
    O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspEventlog NtLmSspEventlogTlntSvr NtLmSspEventlogTlntSvrNetDDEdsdm (ntlmsspeventlogtlntsvrnetddedsdm) - Unknown owner - .exe (file missing)
    O23 - Service: Fournisseur de la prise en charge de sécurité LM NT NtLmSspNVSvc (NtLmSspNVSvc) - Unknown owner - .exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Office Source Engine oseVSS (oseVSS) - Unknown owner - .exe (file missing)
    O23 - Service: Services IPSEC PolicyAgentWLSetupSvc (PolicyAgentWLSetupSvc) - Unknown owner - .exe (file missing)
    O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM (RasAutoMDM) - Unknown owner - .exe (file missing)
    O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM RasAutoMDMCryptSvcRasAuto (RasAutoMDMCryptSvcRasAuto) - Unknown owner - .exe (file missing)
    O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutoMDM RasAutoMDMSchedule (RasAutoMDMSchedule) - Unknown owner - .exe (file missing)
    O23 - Service: Gestionnaire de connexion automatique d'accès distant RasAutomnmsrvc (RasAutomnmsrvc) - Unknown owner - .exe (file missing)
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance RDSessMgrTermServiceNtLmSsp (rdsessmgrtermservicentlmssp) - Unknown owner - .exe (file missing)
    O23 - Service: Routage et accès distant RemoteAccessCiSvc (RemoteAccessCiSvc) - Unknown owner - .exe (file missing)
    O23 - Service: QoS RSVP RSVPose (RSVPose) - Unknown owner - .exe (file missing)
    O23 - Service: Planificateur de tâches ScheduleIDriverT (ScheduleIDriverT) - Unknown owner - .exe (file missing)
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - I:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage (stisvcERSvcdmserverProtectedStorage) - Unknown owner - .exe (file missing)
    O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage stisvcERSvcdmserverProtectedStorageW32Time (stisvcERSvcdmserverProtectedStorageW32Time) - Unknown owner - .exe (file missing)
    O23 - Service: Acquisition d'image Windows (WIA) stisvcERSvcdmserverProtectedStorage stisvcERSvcdmserverProtectedStorageW32Time stisvcERSvcdmserverProtectedStorageW32TimeBrowser (stisvcERSvcdmserverProtectedStorageW32TimeBrowser) - Unknown owner - .exe (file missing)
    O23 - Service: Acquisition d'image Windows (WIA) stisvcMDM (stisvcMDM) - Unknown owner - .exe (file missing)
    O23 - Service: Acquisition d'image Windows (WIA) stisvcMSDTC (stisvcMSDTC) - Unknown owner - .exe (file missing)
    O23 - Service: Acquisition d'image Windows (WIA) stisvcMSDTC stisvcMSDTCMSDTC (stisvcMSDTCMSDTC) - Unknown owner - .exe (file missing)
    O23 - Service: MS Software Shadow Copy Provider SwPrvBITS (SwPrvBITS) - Unknown owner - .exe (file missing)
    O23 - Service: MS Software Shadow Copy Provider SwPrvVSS (SwPrvVSS) - Unknown owner - .exe (file missing)
    O23 - Service: MS Software Shadow Copy Provider SwPrvVSS SwPrvVSSAppMgmt (SwPrvVSSAppMgmt) - Unknown owner - .exe (file missing)
    O23 - Service: Services Terminal Server TermServiceNtLmSsp (TermServiceNtLmSsp) - Unknown owner - .exe (file missing)
    O23 - Service: Services Terminal Server TermServiceWebClientUPS (TermServiceWebClientUPS) - Unknown owner - .exe (file missing)
    O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostAppMgmtEventSystemAlerter (upnphostAppMgmtEventSystemAlerter) - Unknown owner - .exe (file missing)
    O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostClipSrv (upnphostClipSrv) - Unknown owner - .exe (file missing)
    O23 - Service: Hôte de périphérique universel Plug-and-Play upnphostClipSrv upnphostClipSrvNetlogon (upnphostClipSrvNetlogon) - Unknown owner - .exe (file missing)
    O23 - Service: User Privilege Service usprservHidServ (usprservHidServ) - Unknown owner - .exe (file missing)
    O23 - Service: WebClient WebClientALG (WebClientALG) - Unknown owner - .exe (file missing)
    O23 - Service: WebClient WebClientUPS (WebClientUPS) - Unknown owner - .exe (file missing)
    O23 - Service: Windows Live Setup Service WLSetupSvclanmanworkstation (WLSetupSvclanmanworkstation) - Unknown owner - .exe (file missing)
    O23 - Service: Windows Live Setup Service WLSetupSvclanmanworkstation WLSetupSvclanmanworkstationupnphostClipSrv (wlsetupsvclanmanworkstationupnphostclipsrv) - Unknown owner - .exe (file missing)
    O23 - Service: Service de numéro de série du lecteur multimédia portable WmdmPmSNIDriverT (WmdmPmSNIDriverT) - Unknown owner - .exe (file missing)
    O23 - Service: Carte de performance WMI WmiApSrvNVSvc (WmiApSrvNVSvc) - Unknown owner - .exe (file missing)
    O23 - Service: Carte de performance WMI WmiApSrvRSVPose (WmiApSrvRSVPose) - Unknown owner - .exe (file missing)
    O23 - Service: Configuration automatique sans fil WZCSVCmnmsrvc (WZCSVCmnmsrvc) - Unknown owner - .exe (file missing)
    0
  4. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    tu as des toolbars infectées...fais ceci stp :

    Télécharge Toolbar-S&D (Team IDN) sur ton Bureau à cette adresse :

    (c est le numéro 6 en bas de la page) : https://www.androidworld.fr/

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. zassalamel Messages postés 77 Statut Membre 4
     
    ok ,
    au fait depuis l'infection je ne peux plus me connecter a msn ni d'afficher la page hotmail.fr

    voici le rapport TB

    -----------\\ ToolBar S&D 1.1.6 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
    BIOS : BIOS Date: 12/25/2006 Ver: 08.00.13
    USER : B3AOU ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Internet Security 7.0.0.124 (Activated)
    Firewall : Kaspersky Internet Security 7.0.0.124 (Activated)

    "I:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
    Option : [1] ( 25/12/2006| 6:16 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    I:\Program Files\Crawler
    I:\Program Files\Crawler\Download
    I:\Program Files\Crawler\Toolbar
    I:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="I:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="https://www.google.com/?gws_rd=ssl"
    "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
    "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"

    --------------------\\ Recherche d'autres infections
    0
  7. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok c est bien de le dire...fais ce qui suit stp :

    Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
    ! Ne ferme pas la fenêtre lors de la suppression !
    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.

    ensuite :

    télécharge combofix (par sUBs) à cette adresse :

    (c est le numéro 5 en bas de la page) : https://www.androidworld.fr/

    et enregistre le sur le Bureau.

    désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)

    Voici un tuto pour bien l'installer et savoir l utiliser : https://www.androidworld.fr/

    ensuite envois le rapport stp
    0
  8. zassalamel Messages postés 77 Statut Membre 4
     
    alors la ce virus a tout fait:

    il a desactiver le parefeu windows et je ne peu plus l'activer

    je ne peu pa changer l'arriere plan qui contient la maudite fenetre

    et si la mise en veille a lieu , le PC se plante directement

    voici le nouveau rapport

    -----------\\ ToolBar S&D 1.1.6 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
    X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) D CPU 3.33GHz )
    BIOS : BIOS Date: 12/25/2006 Ver: 08.00.13
    USER : B3AOU ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Internet Security 7.0.0.124 (Activated)
    Firewall : Kaspersky Internet Security 7.0.0.124 (Activated)

    "I:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
    Option : [2] ( 25/12/2006| 6:26 )

    -----------\\ SUPPRESSION

    Supprime! - I:\Program Files\Crawler\Download
    Supprime! - I:\Program Files\Crawler\Toolbar
    Supprime! - I:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Barre d'outils Crawler
    Supprime! - I:\Program Files\Crawler

    -----------\\ Recherche de Fichiers / Dossiers ...
    0
  9. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok maintenant fais combofix stp
    0
  10. zassalamel Messages postés 77 Statut Membre 4
     
    ca affiche un message d'erreur "data error" "check your settings"
    0
  11. zassalamel Messages postés 77 Statut Membre 4
     
    voila

    Malwarebytes' Anti-Malware 1.25
    Version de la base de données: 1092
    Windows 5.1.2600 Service Pack 2

    07:00:28 25/12/2006
    mbam-log-12-25-2006 (07-00-28).txt

    Type de recherche: Examen rapide
    Eléments examinés: 50453
    Temps écoulé: 5 minute(s), 3 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 2
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 29

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    I:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    I:\WINDOWS\system32\blphc53wj0eg63.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\adsndst.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> Delete on reboot.
    I:\WINDOWS\system32\WinCtrl32.dl_ (Trojan.Agent) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\Documents and Settings\B3AOU\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\WINDOWS\system32\phc53wj0eg63.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    I:\WINDOWS\Temp\BN6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
    I:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    I:\WINDOWS\Temp\.ttD.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    0
  12. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...réessais combofix stp

    et ensuite fais ceci :

    Option 1 - Recherche :

    télécharge smitfraudfix et enregistre le sur le bureau à cette adresse (c est le numéro 2 en bas de la page) :

    https://www.androidworld.fr/

    Ensuite double clique sur smitfraudfix puis exécuter

    Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

    copier/coller le rapport dans la réponse.
    0
  13. zassalamel Messages postés 77 Statut Membre 4
     
    ok , je vais faire ca mais avant il faut que je te dise , tout est redevenu normal maintenant sauf msn qui ne veu pa se connecter , j'utilise combofix commeme?
    0
  14. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    oui fais combofix et ensuite smitfraudfix stp
    0
  15. zassalamel Messages postés 77 Statut Membre 4
     
    rien toujours "date error" "check your settings"
    je ne voi pas le rapport avec la date , est ce que je dois changer la date systeme?
    0
  16. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    non ne touche pas à la date systeme...fais smitfraudfix et ensuite on lancera un programme pour msn
    0
    1. zassalamel Messages postés 77 Statut Membre 4
       
      ah dsl j'ai deja changer la date system et tu c quoi , ca a marché voici le rapport de combofix

      ComboFix 08-08-28.04 - B3AOU 2008-08-28 8:18:20.1 - NTFSx86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.586 [GMT 2:00]
      Endroit: I:\Documents and Settings\B3AOU\Bureau\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .

      (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
      .

      I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\bin.clearspring.com
      I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\bin.clearspring.com\clearspring.sol
      I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com
      I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com\v1.0.0290\v\swf\qplayer.swf\qplayer.sol
      I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\#SharedObjects\7L4DWM4F\static.youku.com\v1.0.0293\v\swf\qplayer.swf\qplayer.sol
      I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
      I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
      I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com
      I:\Documents and Settings\B3AOU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youku.com\settings.sol
      I:\WINDOWS\system32\AutoRun.inf
      I:\WINDOWS\system32\dao350.dll
      i:\windows\system32\Drivers\Winfm20.sys
      I:\WINDOWS\system32\kakle.dll
      I:\WINDOWS\system32\mdm.exe
      I:\WINDOWS\system32\MSINET.oca
      I:\WINDOWS\system32\WinCtrl32.dl_
      I:\WINDOWS\system32\WinCtrl32.dll
      I:\WINDOWS\system32\winitn.dll
      I:\WINDOWS\winhelp.ini

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_WINFM20
      -------\Service_Winfm20


      ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-28 ))))))))))))))))))))))))))))))))))))
      .

      2008-08-28 12:39 . 2008-08-28 12:39 203,776 --a--c--- I:\WINDOWS\system32\drivers\234.exe
      2008-08-28 11:14 . 2006-12-25 08:25 0 --a--c--- I:\WINDOWS\system32\drivers\857a4e0f.sys
      2008-08-27 22:29 . 2008-08-27 22:29 203,776 --a--c--- I:\WINDOWS\system32\drivers\[u]0[/u].exe
      2008-08-27 19:12 . 2008-08-27 19:12 203,776 --a--c--- I:\WINDOWS\system32\drivers\421.exe
      2008-08-27 17:47 . 2008-08-27 17:47 203,776 --a--c--- I:\WINDOWS\system32\drivers\765.exe
      2008-08-27 17:30 . 2008-08-27 17:30 203,776 --a--c--- I:\WINDOWS\system32\drivers\31.exe
      2008-08-27 11:13 . 2008-08-27 11:13 203,776 --a--c--- I:\WINDOWS\system32\drivers\875.exe
      2008-08-26 20:57 . 2008-08-26 20:57 203,776 --a--c--- I:\WINDOWS\system32\drivers\484.exe
      2008-08-23 18:00 . 2008-08-23 18:00 <REP> d----c--- I:\Documents and Settings\All Users\Application Data\VistaCodecs
      2008-08-16 12:14 . 2006-12-25 06:05 0 --a--c--- I:\WINDOWS\system32\1033n.sys
      2008-08-09 18:19 . 2008-08-09 18:19 244 --ah-c--- I:\sqmnoopt12.sqm
      2008-08-09 18:19 . 2008-08-09 18:19 232 --ah-c--- I:\sqmdata12.sqm
      2008-08-09 17:51 . 2008-08-09 17:51 268 --ah-c--- I:\sqmdata11.sqm
      2008-08-09 17:51 . 2008-08-09 17:51 244 --ah-c--- I:\sqmnoopt11.sqm
      2008-08-09 13:29 . 2008-08-09 13:29 268 --ah-c--- I:\sqmdata10.sqm
      2008-08-09 13:29 . 2008-08-09 13:29 244 --ah-c--- I:\sqmnoopt10.sqm
      2008-08-09 08:41 . 2008-08-09 08:41 268 --ah-c--- I:\sqmdata09.sqm
      2008-08-09 08:41 . 2008-08-09 08:41 244 --ah-c--- I:\sqmnoopt09.sqm
      2008-08-09 08:30 . 2008-08-09 08:30 1,007,616 --a--c--- I:\WINDOWS\system32\VSFilter.dll
      2008-08-09 00:17 . 2008-08-09 00:17 268 --ah-c--- I:\sqmdata08.sqm
      2008-08-09 00:17 . 2008-08-09 00:17 244 --ah-c--- I:\sqmnoopt08.sqm
      2008-08-08 20:33 . 2008-08-08 20:33 268 --ah-c--- I:\sqmdata07.sqm
      2008-08-08 20:33 . 2008-08-08 20:33 244 --ah-c--- I:\sqmnoopt07.sqm
      2008-08-08 17:12 . 2008-08-08 17:12 268 --ah-c--- I:\sqmdata06.sqm
      2008-08-08 17:12 . 2008-08-08 17:12 244 --ah-c--- I:\sqmnoopt06.sqm
      2008-08-08 14:36 . 2008-08-08 14:36 268 --ah-c--- I:\sqmdata05.sqm
      2008-08-08 14:36 . 2008-08-08 14:36 244 --ah-c--- I:\sqmnoopt05.sqm
      2008-08-08 12:35 . 2008-08-08 12:35 <REP> d----c--- I:\Program Files\QuickTime
      2008-08-08 02:15 . 2008-08-08 02:15 268 --ah-c--- I:\sqmdata04.sqm
      2008-08-08 02:15 . 2008-08-08 02:15 244 --ah-c--- I:\sqmnoopt04.sqm
      2008-08-07 23:42 . 2008-08-07 23:42 268 --ah-c--- I:\sqmdata03.sqm
      2008-08-07 23:42 . 2008-08-07 23:42 244 --ah-c--- I:\sqmnoopt03.sqm
      2008-08-06 02:26 . 2008-08-06 02:26 42,320 --a--c--- I:\WINDOWS\system32\xfcodec.dll
      2008-08-04 09:51 . 2006-12-25 06:17 31,545,427 --ahsc--- I:\WINDOWS\system32\adsndsto.sys
      2008-08-04 09:37 . 2006-12-25 08:10 284 --a-sc--- I:\WINDOWS\system32\3692391039.dat
      2008-08-04 00:14 . 2008-08-04 00:14 130,712 --a--c--- I:\Documents and Settings\B3AOU\S87ekhV.exe
      2008-08-03 11:29 . 2008-08-03 11:32 <REP> d----c--- I:\WINDOWS\system32\Adobe
      2008-08-03 11:02 . 2006-04-18 23:56 441,856 --a--c--- I:\WINDOWS\system32\mailingbuilder.dll
      2008-08-03 11:02 . 2004-08-04 06:00 128,000 --a--c--- I:\WINDOWS\system32\DHTMLED.OCX
      2008-07-30 18:37 . 2008-07-30 18:37 <REP> d--hsc--- I:\WINDOWS\ftpcache
      2008-07-28 01:12 . 2008-07-28 01:12 <REP> d----c--- I:\Documents and Settings\All Users\Application Data\Adobe Systems

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-08-28 06:28 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\uTorrent
      2008-08-28 06:27 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\AdobeUM
      2008-08-28 06:26 24,084,512 -csha-w I:\WINDOWS\system32\drivers\fidbox.dat
      2008-08-28 06:24 83,132 -csha-w I:\WINDOWS\system32\drivers\fidbox2.idx
      2008-08-28 06:24 808,992 -csha-w I:\WINDOWS\system32\drivers\fidbox2.dat
      2008-08-28 06:24 329,852 -csha-w I:\WINDOWS\system32\drivers\fidbox.idx
      2008-08-17 14:01 38,472 -c--a-w I:\WINDOWS\system32\drivers\mbamswissarmy.sys
      2008-08-17 14:01 17,144 -c--a-w I:\WINDOWS\system32\drivers\mbam.sys
      2008-08-10 22:54 --------- dc--a-w I:\Documents and Settings\All Users\Application Data\TEMP
      2008-08-09 16:25 --------- dc-h--w I:\Program Files\InstallShield Installation Information
      2008-07-30 08:01 --------- dc----w I:\Program Files\Ubisoft
      2008-07-30 08:01 --------- dc----w I:\Documents and Settings\All Users\Application Data\Ubisoft
      2008-07-28 11:00 --------- dc----w I:\Program Files\HP
      2008-07-28 11:00 --------- dc----w I:\Documents and Settings\All Users\Application Data\HP
      2008-07-27 23:18 --------- dc----w I:\Program Files\Fichiers communs\Adobe
      2008-07-27 22:41 344,064 -c--a-w I:\WINDOWS\system32\dkll.dll
      2008-07-27 22:41 196,608 -c--a-w I:\WINDOWS\system32\maag.dll
      2008-07-27 22:41 1,986,560 -c--a-w I:\WINDOWS\system32\akll.dll
      2008-07-27 22:41 1,212,416 -c--a-w I:\WINDOWS\system32\ckll.dll
      2008-07-25 10:14 --------- dc----w I:\Program Files\Java
      2008-07-25 10:02 --------- dc----w I:\Program Files\Fichiers communs\Java
      2008-07-23 10:28 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\Ashampoo
      2008-07-23 10:27 --------- dc----w I:\Program Files\Ashampoo
      2008-07-19 20:28 --------- dc----w I:\Program Files\ReflexiveArcade
      2008-07-18 11:05 444,952 -c--a-w I:\WINDOWS\system32\wrap_oal.dll
      2008-07-18 11:05 109,080 -c--a-w I:\WINDOWS\system32\OpenAL32.dll
      2008-07-18 10:28 107,888 -c--a-w I:\WINDOWS\system32\CmdLineExt.dll
      2008-07-12 23:41 --------- dc----w I:\Program Files\Common Files
      2008-07-12 22:23 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\InstallShield
      2008-07-11 15:43 --------- dc----w I:\Program Files\uTorrent
      2008-07-11 08:24 --------- dc----w I:\Documents and Settings\All Users\Application Data\GlobalSCAPE
      2008-07-09 21:14 --------- dc----w I:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-07-09 14:23 --------- dcsh--w I:\Program Files\Fichiers communs\WindowsLiveInstaller
      2008-07-09 13:19 --------- dc----w I:\Program Files\Windows Live
      2008-07-08 17:26 --------- dc----w I:\Documents and Settings\B3AOU\Application Data\HP
      2008-07-08 17:26 --------- dc----w I:\Documents and Settings\All Users\Application Data\WEBREG
      2008-07-08 17:22 --------- dc----w I:\Program Files\Fichiers communs\HP
      2008-07-08 17:16 --------- dc----w I:\Documents and Settings\All Users\Application Data\Hewlett-Packard
      2008-07-06 16:54 --------- dc----w I:\Program Files\Fichiers communs\Blizzard Entertainment
      2008-07-06 10:56 --------- dc----w I:\Program Files\Google
      2008-07-02 22:45 --------- dc----w I:\Documents and Settings\LocalService\Application Data\Xfire
      2008-07-02 21:50 --------- dc----w I:\Documents and Settings\NetworkService\Application Data\Xfire
      2008-07-01 08:11 --------- dc----w I:\Documents and Settings\All Users\Application Data\nView_Profiles
      2008-06-28 18:52 --------- dc----w I:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
      2008-06-12 18:36 7,680 -c--a-w I:\WINDOWS\system32\ff_vfw.dll
      2006-12-25 04:17 31,545,427 -csha-w I:\WINDOWS\system32\adsndsto.sys
      .

      ------- Sigcheck -------

      2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 I:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2gdr\tcpip.sys
      2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 I:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\sp2qfe\tcpip.sys
      2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 I:\WINDOWS\system32\dllcache\tcpip.sys
      2004-08-03 23:14 359040 1745b00fc1141404b28f4b94f69a8871 I:\WINDOWS\system32\drivers\tcpip.sys
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-22 14:17 68856]
      "MsnMsgr"="I:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
      "uTorrent"="I:\Program Files\uTorrent\uTorrent.exe" [2008-08-14 12:02 267056]
      "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 16:53 307200]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "WinampAgent"="c:\Program Files\Winamp\winampa.exe" [2007-10-10 07:28 36352]
      "SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
      "TBPanel"="I:\Program Files\VDOTool\TBPanel.exe" [2008-01-29 11:19 2157096]
      "NvCplDaemon"="I:\WINDOWS\system32\NvCpl.dll" [2008-01-08 19:53 8523776]
      "NvMediaCenter"="I:\WINDOWS\system32\NvMcTray.dll" [2008-01-08 19:53 81920]
      "Sony Ericsson PC Suite"="I:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-05-28 10:14 528384]
      "QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2008-08-08 12:35 413696]
      "a-squared"="C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" [2008-07-31 15:46 2131600]
      "AVP"="D:\Program Files\Kaspersky Lab xp\avp.exe" [2007-06-26 16:53 218376]
      "RTHDCPL"="RTHDCPL.EXE" [2007-07-02 17:02 16377344 I:\WINDOWS\RTHDCPL.EXE]
      "nwiz"="nwiz.exe" [2008-01-08 19:53 1626112 I:\WINDOWS\system32\nwiz.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="I:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360]

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
      "NoDispBackgroundPage"= 1 (0x1)
      "NoDispScrSavPage"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=D:\PROGRA~1\KASPER~1\adialhk.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "vidc.DIV3"= DIVXc32.dll
      "vidc.DIV4"= DIVXc32f.dll
      "msacm.divxa32"= divxa32.acm
      "msacm.l3fhg"= mp3fhg.acm
      "VIDC.X264"= x264vfw.dll
      "VIDC.HFYU"= huffyuv.dll
      "vidc.i263"= i263_32.drv
      "VIDC.YV12"= yv12vfw.dll
      "VIDC.XFR1"= xfcodec.dll

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
      SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "I:\\WINDOWS\\system32\\LEXPPS.EXE"=
      "C:\\Program Files\\Microsoft Visual Studio\\VB98\\VB6.EXE"=
      "I:\\Program Files\\Messenger\\msmsgs.exe"=
      "D:\\Program Files\\Xfire\\xfire.exe"=
      "D:\\Program Files\\Prey\\prey.exe"=
      "I:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "I:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "I:\\Program Files\\uTorrent\\uTorrent.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

      R3 klim5;Kaspersky Anti-Virus NDIS Filter;I:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
      S1 857a4e0f;857a4e0f;I:\WINDOWS\system32\drivers\857a4e0f.sys [2006-12-25 08:25]
      S3 s125bus;Sony Ericsson Device 125 driver (WDM);I:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 11:33]
      S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;I:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 11:33]
      S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;I:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 11:33]
      S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);I:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 11:33]
      S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;I:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 11:33]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10192-f133-11dc-b1ac-806d6172696f}]
      \Shell\AutoRun\command - E:\ntde1ect.com
      \Shell\explore\Command - E:\ntde1ect.com
      \Shell\open\Command - E:\ntde1ect.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10193-f133-11dc-b1ac-806d6172696f}]
      \Shell\AutoRun\command - F:\ntde1ect.com
      \Shell\explore\Command - F:\ntde1ect.com
      \Shell\open\Command - F:\ntde1ect.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10d10194-f133-11dc-b1ac-806d6172696f}]
      \Shell\AutoRun\command - G:\ntde1ect.com
      \Shell\explore\Command - G:\ntde1ect.com
      \Shell\open\Command - G:\ntde1ect.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56e07823-f5ef-11dc-b1bd-001921b35837}]
      \Shell\AutoRun\command - O:\u2.cmd
      \Shell\explore\Command - O:\u2.cmd
      \Shell\open\Command - O:\u2.cmd

      *Newly Created Service* - SHAREDACCESSDNSCACHELEXBCES
      .
      Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
      .
      - - - - ORPHANS REMOVED - - - -

      URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll
      HKLM-Run-EoSudoku - (no file)
      Notify-AtiExtEvent - (no file)


      .
      ------- Supplementary Scan -------
      .
      R0 -: HKCU-Main,Start Page = www.google.com/
      R0 -: HKCU-Main,Search Page = hxxp://www.google.com
      R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
      R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
      R0 -: HKLM-Main,Window Title =
      R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
      R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
      R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
      O8 -: crawler search - tbr:iemenu
      O8 -: Download ALL with IDA
      O8 -: Download with IDA
      O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-08-28 08:27:48
      Windows 5.1.2600 Service Pack 2 NTFS

      Balayage processus cach‚s ...

      Balayage cach‚ autostart entries ...

      Balayage des fichiers cach‚s ...

      Scan termin‚ avec succŠs
      Les fichiers cach‚s: 0

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmtEventSystem]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmtEventSystemAlerter]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrvHTTPFilter]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AVPCryptSvcRasAuto]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvcAVPCryptSvcRasAuto]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvcRasAuto]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverdmserverprotectedstorage]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverProtectedStorage]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserverWLSetupSvc]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DnscacheLexBceS]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DnscacheLexBceSHidServDcomLaunch]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvcdmserverProtectedStorage]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityAlerter]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibilityAlerterClipSrv]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcHTTPFilter]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcNetman]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvcNetmanmnmsrvc]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvcSysmonLog]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServDcomLaunch]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverTRasAutoMDMSchedule]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserverWLSetupSvclanmanworkstation]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationDnscacheLexBceSHidServDcomLaunch]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationDnscacheLexBceSHidServDcomLaunchNtLmSspEventlogTlntSvr]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstationvss]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSHTTPFilter]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSWmdmPmSNIDriverT]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LexBceSWmdmPmSNIDriverTRasAutoMDM]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHostsSchedule]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHostsScheduleUPS]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMdmadmin]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMLexBceS]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmlexbcesdnscachelexbces]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmlexbcesw32time]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDMupnphostClipSrvNetlogon]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MessengerRemoteRegistry]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvcTrkWks]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmWebClientALG]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdmWebClientALGlanmanserver]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonBITS]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetlogonSchedule]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspEventlog]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspEventlogTlntSvr]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntlmsspeventlogtlntsvrnetddedsdm]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSspNVSvc]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ntlmsspnvsvcavp]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\oseVSS]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgentWLSetupSvc]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDM]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDMCryptSvcRasAuto]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutoMDMSchedule]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAutomnmsrvc]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdsessmgrtermservicentlmssp]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccessCiSvc]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVPose]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScheduleIDriverT]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccessDnscacheLexBceS]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorage]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorageW32Time]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcERSvcdmserverProtectedStorageW32TimeBrowser]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMDM]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMSDTC]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvcMSDTCMSDTC]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvBITS]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvVSS]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrvVSSAppMgmt]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceNtLmSsp]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermServiceWebClientUPS]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostAppMgmtEventSystemAlerter]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostClipSrv]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphostClipSrvNetlogon]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usprservHidServ]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientALG]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClientUPS]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvclanmanworkstation]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wlsetupsvclanmanworkstationupnphostclipsrv]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSNIDriverT]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvNVSvc]
      "ImagePath"=" srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrvRSVPose]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"

      [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVCmnmsrvc]
      "ImagePath"="\[u]0[/u]1\[u]0[/u]9 srv"
      .
      ------------------------ Other Running Processes ------------------------
      .
      I:\WINDOWS\system32\LEXBCES.EXE
      I:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\a-squared Anti-Malware\a2service.exe
      I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      I:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      I:\WINDOWS\system32\wscntfy.exe
      I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
      I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
      I:\WINDOWS\system32\imapi.exe
      .
      **************************************************************************
      .
      Temps d'accomplissement: 2008-08-28 8:33:10 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-08-28 06:32:57

      Pre-Run: 61,849,600 octets libres
      Post-Run: 115,523,584 octets libres

      422 --- E O F --- 2008-07-05 20:30:52
      0
  17. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok lol...fais quand meme smitfraudfix pour vérifier stp
    0
  18. zassalamel Messages postés 77 Statut Membre 4
     
    voila pour le dernier rapport et merci, msn marche aussi ^^

    SmitFraudFix v2.342

    Rapport fait à 10:06:03,12, 28/08/2008
    Executé à partir de I:\Documents and Settings\B3AOU\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    I:\WINDOWS\System32\smss.exe
    I:\WINDOWS\system32\winlogon.exe
    I:\WINDOWS\system32\services.exe
    I:\WINDOWS\system32\lsass.exe
    I:\WINDOWS\system32\svchost.exe
    I:\WINDOWS\System32\svchost.exe
    I:\WINDOWS\system32\LEXBCES.EXE
    I:\WINDOWS\system32\LEXPPS.EXE
    I:\WINDOWS\system32\spoolsv.exe
    c:\Program Files\a-squared Anti-Malware\a2service.exe
    D:\Program Files\Kaspersky Lab xp\avp.exe
    I:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    I:\WINDOWS\system32\nvsvc32.exe
    I:\WINDOWS\RTHDCPL.EXE
    I:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    I:\WINDOWS\system32\wscntfy.exe
    I:\WINDOWS\System32\svchost.exe
    I:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    I:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    I:\WINDOWS\explorer.exe
    I:\Program Files\Internet Explorer\IEXPLORE.EXE
    I:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    I:\Program Files\Windows Live\Messenger\msnmsgr.exe
    I:\Documents and Settings\B3AOU\Bureau\SmitfraudFix\Policies.exe
    I:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» I:\

    »»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\B3AOU

    »»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\B3AOU\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» I:\DOCUME~1\B3AOU\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» I:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    AntiXPVSTFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="D:\\PROGRA~1\\KASPER~1\\adialhk.dll"

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="I:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» RK

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.2.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{2AF9FAF0-500D-4405-9BCA-5242FF83C321}: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  19. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    ok...tu avais fais une analyse rapide avec malwarebytes....maintenant fais une complete stp

    et ensuite refais un nouveau rapport hijackthis
    0