Help j'ai beaucoup de virus sur mon ordi
truze
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour,
mon ordi est plein de virus et de spyware , alors j'ai fait un scan avec hijackthis dont voila le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:21, on 06-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Cpl32ver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\lphcpqlj0ejdc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\BitComet\BitComet.exe
D:\rav.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: 127.0.,0
O1 - Hosts: 127.0.01222.volumeplay1.com
O1 - Hosts: 127.0.0.3adlaji.cn
O1 - Hosts: 127.0.0.lwww.xxie.net
O1 - Hosts: 127.0.01www.gfrgfrsa.cn
O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 www.aujoy.cn
O1 - Hosts: 203.208.35.101 www.hao601.cn
O1 - Hosts: 203.208.35.101 www.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 www.xdj2008.com
O1 - Hosts: 63.175.76.152 www.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 www.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 72.14.235.147 www.infomt.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 www.haoaoao.cn
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [inrhctqlj0ejdc] C:\Documents and Settings\Administrateur\Local Settings\temp\.tt9F.tmp.exe /CR=E08AC8ADEEC613C39E30C48EA611036B6638CC61F70D6BA59452C665D156F15FE6CB1FABE850274C371C0178B7293BA9DEC8CAA5B36662888345D0E8ACCEF85C9475649B29D02CA2D105A54BC19DDA731BF244DC06DA7A
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Cpl32ver] C:\WINDOWS\System32\Cpl32ver.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [lphcpqlj0ejdc] C:\WINDOWS\system32\lphcpqlj0ejdc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Service] spoolsc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A32DBB0-6091-4AF3-AF71-29ABFA148741}: NameServer = 212.217.0.13 212.217.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll
O20 - Winlogon Notify: dactnrv - C:\WINDOWS\SYSTEM32\dactnrv.dll
O21 - SSODL: sysocmgr - {DA1DE019-A6A8-ED40-4B87-248B2A93DE99} - C:\WINDOWS\sysocmgr.dll
O21 - SSODL: adsntzt.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll (file missing)
O21 - SSODL: twainyy.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\twainyy.dll (file missing)
O21 - SSODL: avicapwm.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll (file missing)
O21 - SSODL: dispexcb.dll - {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll (file missing)
O21 - SSODL: pxnblwzb.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pxnblwzb.dll (file missing)
O21 - SSODL: mstimewd.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll (file missing)
O21 - SSODL: xolehlpjh.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll (file missing)
O21 - SSODL: slbiopfs2.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll (file missing)
O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll (file missing)
O21 - SSODL: cliconfgzx.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll (file missing)
O21 - SSODL: bootvidgj.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll (file missing)
O21 - SSODL: lweurqhx.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\system32\lweurqhx.dll (file missing)
O21 - SSODL: certmgrkd.dll - {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll (file missing)
O21 - SSODL: inetresdxc.dll - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 12188 bytes
mon ordi est plein de virus et de spyware , alors j'ai fait un scan avec hijackthis dont voila le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:13:21, on 06-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Cpl32ver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\lphcpqlj0ejdc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\BitComet\BitComet.exe
D:\rav.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: 127.0.,0
O1 - Hosts: 127.0.01222.volumeplay1.com
O1 - Hosts: 127.0.0.3adlaji.cn
O1 - Hosts: 127.0.0.lwww.xxie.net
O1 - Hosts: 127.0.01www.gfrgfrsa.cn
O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 www.aujoy.cn
O1 - Hosts: 203.208.35.101 www.hao601.cn
O1 - Hosts: 203.208.35.101 www.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 www.xdj2008.com
O1 - Hosts: 63.175.76.152 www.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 www.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 72.14.235.147 www.infomt.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 www.haoaoao.cn
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [inrhctqlj0ejdc] C:\Documents and Settings\Administrateur\Local Settings\temp\.tt9F.tmp.exe /CR=E08AC8ADEEC613C39E30C48EA611036B6638CC61F70D6BA59452C665D156F15FE6CB1FABE850274C371C0178B7293BA9DEC8CAA5B36662888345D0E8ACCEF85C9475649B29D02CA2D105A54BC19DDA731BF244DC06DA7A
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Cpl32ver] C:\WINDOWS\System32\Cpl32ver.exe
O4 - HKLM\..\Run: [sysrest32.exe] C:\WINDOWS\system32\sysrest32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [lphcpqlj0ejdc] C:\WINDOWS\system32\lphcpqlj0ejdc.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Service] spoolsc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A32DBB0-6091-4AF3-AF71-29ABFA148741}: NameServer = 212.217.0.13 212.217.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll
O20 - Winlogon Notify: dactnrv - C:\WINDOWS\SYSTEM32\dactnrv.dll
O21 - SSODL: sysocmgr - {DA1DE019-A6A8-ED40-4B87-248B2A93DE99} - C:\WINDOWS\sysocmgr.dll
O21 - SSODL: adsntzt.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll (file missing)
O21 - SSODL: twainyy.dll - {434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - C:\WINDOWS\system32\twainyy.dll (file missing)
O21 - SSODL: avicapwm.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll (file missing)
O21 - SSODL: dispexcb.dll - {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll (file missing)
O21 - SSODL: pxnblwzb.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pxnblwzb.dll (file missing)
O21 - SSODL: mstimewd.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll (file missing)
O21 - SSODL: xolehlpjh.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll (file missing)
O21 - SSODL: slbiopfs2.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll (file missing)
O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll (file missing)
O21 - SSODL: cliconfgzx.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll (file missing)
O21 - SSODL: bootvidgj.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll (file missing)
O21 - SSODL: lweurqhx.dll - {71A78CD4-E470-4a18-8457-E0E0283DD507} - C:\WINDOWS\system32\lweurqhx.dll (file missing)
O21 - SSODL: certmgrkd.dll - {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll (file missing)
O21 - SSODL: inetresdxc.dll - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 12188 bytes
Configuration: Windows XP Internet Explorer 6.0
20 réponses
-
Salut,
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.exe
Exécute le, Double click sur Smitfraudfix.exe choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
-
merci pour votre rapide intervention,et voila le rapport de SmitFraudFix v2.346:
SmitFraudFix v2.346
Rapport fait à 16:38:11.32, Sat 09/06/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Cpl32ver.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\lphcpqlj0ejdc.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\BitComet\BitComet.exe
C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\Cpl32ver.exe PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Antivirus XP 2008 PRESENT !
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\Antivirus XP 2008.lnk PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
C:\DOCUME~1\ALLUSE~1\Bureau\Antivirus XP 2008.lnk PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 212.217.0.13
DNS Server Search Order: 212.217.1.17
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5A32DBB0-6091-4AF3-AF71-29ABFA148741}: NameServer=212.217.0.13 212.217.1.17
HKLM\SYSTEM\CS1\Services\Tcpip\..\{5A32DBB0-6091-4AF3-AF71-29ABFA148741}: NameServer=212.217.0.13 212.217.1.17
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin -
Télécharge cet outil de SiRi:
http://siri.urz.free.fr/Softs/RHosts.exe
http://siri.urz.free.fr/RHosts.php
Double cliquer dessus pour l'exécuter
et cliquer sur " Restore original Hosts "
ps : c est normal que rien ne se passe
# Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
# Relance le programme Smitfraud :
Cette fois choisit l’option 2, répond oui a tous ;
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum -
bonjour,j'ai fait ce que tu/vous m'a demandé et voila le rapport que j'ai eu:
SmitFraudFix v2.346
Rapport fait à 17:29:13.59, Sat 09/06/2008
Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5A32DBB0-6091-4AF3-AF71-29ABFA148741}: NameServer=212.217.0.13 212.217.1.17
»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
Nettoyage terminé.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin -
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question -
Telecharge malwarebytes
-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l´instale; le programme va se mettre automatiquement a jour.
Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des elements on ete trouvés > click sur supprimer la selection.
si il t´es demandé de redemarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log -
rebonjour;
j'ai fait un examen complet dont voila le rapport:
Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1120
Windows 5.1.2600 Service Pack 2
06-09-2008 18:14:45
mbam-log-2008-09-06 (18-14-45).txt
Type de recherche: Examen rapide
Eléments examinés: 44652
Temps écoulé: 8 minute(s), 47 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 11
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 12
Fichier(s) infecté(s): 14
Processus mémoire infecté(s):
C:\WINDOWS\system32\lphcpqlj0ejdc.exe (Trojan.FakeAlert) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\blphcpqlj0ejdc.scr (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7914e0aa-eccb-4311-b584-c49538227824} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{da1de019-a6a8-ed40-4b87-248b2a93de99} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{da191de0-aa86-4ed0-4b87-292a3d48be99} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73ae86e6-7f03-4c3b-8980-fb1da157d3c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{71a78cd4-e470-4a18-8457-e0e0283dd507} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{434fa69c-5f0a-42e1-82b8-10af2c8e53c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhctqlj0ejdc (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhctqlj0ejdc (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysocmgr (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\lweurqhx.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\twainyy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3PMmUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcpqlj0ejdc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\inrhctqlj0ejdc (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
C:\Program Files\rhctqlj0ejdc (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Application Data\rhctqlj0ejdc\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
Fichier(s) infecté(s):
C:\WINDOWS\system32\blphcpqlj0ejdc.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\sysocmgr.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zlcdps.dll.vir (Trojan.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\cdralw.sys (Trojan.Alman) -> Quarantined and deleted successfully.
C:\Program Files\rhctqlj0ejdc\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhctqlj0ejdc\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhctqlj0ejdc\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhctqlj0ejdc\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhctqlj0ejdc\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhctqlj0ejdc\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhctqlj0ejdc\rhctqlj0ejdc.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrateur\Local Settings\temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcpqlj0ejdc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. -
réouvre malewarebyte
va sur quarantaine
supprime tout
refais un scan hijackthis et post le raport -
voila le rapprt de hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:30:35, on 06-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\TEMP\bwe4E.tmp
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [lphcpqlj0ejdc] C:\WINDOWS\system32\lphcpqlj0ejdc.exe
O4 - HKLM\..\Run: [inrhctqlj0ejdc] C:\WINDOWS\temp\.tt5D.tmp.exe /CR=E08AC8ADEEC613C39E30C48EA611036B6638CC61F70D6BA59452C665D156F15FE6CB1FABE850274C371C0178B7293BA9DEC8CAA5B36662888345D0E8ACCEF85C9475649B29D02CA2D105A54BC19DDA731BF244DC06DA7A
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Service] spoolsc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A32DBB0-6091-4AF3-AF71-29ABFA148741}: NameServer = 212.217.0.13 212.217.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll
O20 - Winlogon Notify: dactnrv - C:\WINDOWS\SYSTEM32\dactnrv.dll
O21 - SSODL: adsntzt.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll (file missing)
O21 - SSODL: avicapwm.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll (file missing)
O21 - SSODL: dispexcb.dll - {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll (file missing)
O21 - SSODL: pxnblwzb.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pxnblwzb.dll (file missing)
O21 - SSODL: mstimewd.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll (file missing)
O21 - SSODL: xolehlpjh.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll (file missing)
O21 - SSODL: slbiopfs2.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll (file missing)
O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll (file missing)
O21 - SSODL: cliconfgzx.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll (file missing)
O21 - SSODL: bootvidgj.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll (file missing)
O21 - SSODL: certmgrkd.dll - {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll (file missing)
O21 - SSODL: inetresdxc.dll - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
-
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:50, on 06-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\TEMP\bwe4E.tmp
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - C:\PROGRA~1\DAP\SBSearch.dll (file missing)
R3 - URLSearchHook: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Gossiper Toolbar - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - C:\Program Files\Gossiper\tbGoss.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [lphcpqlj0ejdc] C:\WINDOWS\system32\lphcpqlj0ejdc.exe
O4 - HKLM\..\Run: [inrhctqlj0ejdc] C:\WINDOWS\temp\.tt5D.tmp.exe /CR=E08AC8ADEEC613C39E30C48EA611036B6638CC61F70D6BA59452C665D156F15FE6CB1FABE850274C371C0178B7293BA9DEC8CAA5B36662888345D0E8ACCEF85C9475649B29D02CA2D105A54BC19DDA731BF244DC06DA7A
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Service] spoolsc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A32DBB0-6091-4AF3-AF71-29ABFA148741}: NameServer = 212.217.0.13 212.217.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll
O20 - Winlogon Notify: dactnrv - C:\WINDOWS\SYSTEM32\dactnrv.dll
O21 - SSODL: adsntzt.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll (file missing)
O21 - SSODL: avicapwm.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll (file missing)
O21 - SSODL: dispexcb.dll - {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll (file missing)
O21 - SSODL: pxnblwzb.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pxnblwzb.dll (file missing)
O21 - SSODL: mstimewd.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll (file missing)
O21 - SSODL: xolehlpjh.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll (file missing)
O21 - SSODL: slbiopfs2.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll (file missing)
O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll (file missing)
O21 - SSODL: cliconfgzx.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll (file missing)
O21 - SSODL: bootvidgj.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll (file missing)
O21 - SSODL: certmgrkd.dll - {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll (file missing)
O21 - SSODL: inetresdxc.dll - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
-
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Avant d'utiliser ComboFix :
-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. -
slt,voila le rapport de combofix:
ComboFix 08-07-26.1 - Administrateur 09/06/2008 19:52:42.7 - NTFSx86
Endroit: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Ares\My Shared Folder\combofix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
- FONCTIONNALITES REDUITES -
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\mshta.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 17:21 118,784 ----a-w C:\WINDOWS\system32\blphcpqlj0ejdc.scr
2008-09-06 17:20 203,776 ----a-w C:\WINDOWS\system32\lphcpqlj0ejdc.exe
2008-09-06 16:59 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 16:29 3,680 ----a-w C:\WINDOWS\system32\tmp.reg
2008-09-06 14:50 --------- d-----w C:\Program Files\NoAdware5.0
2008-09-06 00:31 --------- d-----w C:\Program Files\Panda Security
2008-09-06 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-09-05 15:33 28,672 ----a-w C:\WINDOWS\system32\thermaltinc.dll
2008-09-05 15:33 28,672 ----a-w C:\WINDOWS\system32\lensch.dll
2008-09-05 15:33 28,672 ----a-w C:\WINDOWS\system32\cmbdaf.dll
2008-09-05 15:33 24,576 ----a-w C:\WINDOWS\system32\johandy.dll
2008-09-05 15:31 28,672 ----a-w C:\WINDOWS\system32\mcromv.dll
2008-09-05 15:30 28,672 ----a-w C:\WINDOWS\system32\qxfel.dll
2008-09-05 15:00 15,872 ----a-w C:\WINDOWS\system32\lenschk.exe
2008-09-04 22:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 22:13 58,880 ----a-w C:\WINDOWS\system32\spoolsc.exe.vir
2008-09-04 21:41 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-09-04 21:26 28,672 ----a-w C:\WINDOWS\system32\aotoppt.dll
2008-09-04 21:25 11,776 ----a-w C:\WINDOWS\system32\qxfelk.exe
2008-09-04 21:17 --------- d-----w C:\Program Files\Trojan Remover
2008-09-04 19:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-09-04 15:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-09-04 15:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-04 15:02 --------- d-----w C:\Program Files\Smart Projects
2008-09-04 14:48 --------- d-----w C:\Program Files\vcmm
2008-09-04 14:43 --------- d-----w C:\Program Files\Moray For Windows
2008-09-04 14:42 --------- d-----w C:\Program Files\Creative
2008-09-04 14:41 --------- d-----w C:\Program Files\Google
2008-09-04 14:21 21,504 ----a-w C:\WINDOWS\system32\dactnrv.dll
2008-09-03 19:56 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-09-03 15:03 1,248 --sha-w C:\jdzjaw3o.sys
2008-09-02 22:58 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-02 15:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe
2008-09-02 14:32 --------- d-----w C:\Program Files\EA SPORTS
2008-09-01 23:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 23:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 19:17 --------- d-----w C:\Program Files\free-downloads.net
2008-09-01 19:16 --------- d-----w C:\Program Files\Alcohol Soft
2008-09-01 18:51 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-31 18:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon
2008-08-29 22:28 --------- d-----w C:\Program Files\Watanabe-Production and TYPE-MOON
2008-08-28 21:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-08-21 21:11 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-08-21 20:48 --------- d-----w C:\Program Files\Gossiper
2008-08-21 20:48 --------- d-----w C:\Program Files\Conduit
2008-08-20 20:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nokia Multimedia Player
2008-08-20 19:55 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nokia
2008-08-20 11:15 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-08-20 11:15 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-08-20 11:14 --------- d-----w C:\Program Files\Nokia
2008-08-19 16:27 --------- d-----w C:\Program Files\Mobile Connect
2008-08-18 11:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-16 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-08-16 20:30 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-16 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-15 22:27 --------- d-----w C:\Program Files\Pizzicato 3.3
2008-08-15 22:19 --------- d-----w C:\Program Files\Macromedia
2008-08-15 21:29 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Blender Foundation
2008-08-15 21:28 --------- d-----w C:\Program Files\Blender Foundation
2008-08-15 21:23 --------- d-----w C:\Program Files\Eltima Software
2008-08-14 22:09 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-14 22:09 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-14 21:58 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-14 21:58 --------- d-----w C:\Program Files\DIFX
2008-08-14 21:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PC Suite
2008-08-14 21:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Datalayer
2008-08-14 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-14 20:31 --------- d-----w C:\Program Files\Pinnacle
2008-08-14 15:44 --------- d-----w C:\Program Files\KONAMI
2008-08-11 23:16 --------- d-----w C:\Program Files\BitComet
2008-08-11 22:12 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-08-11 17:45 --------- d-----w C:\Program Files\Rockstar Games
2008-08-10 14:33 --------- d-----w C:\Program Files\Bonjour
2008-08-10 14:29 --------- d-----w C:\Program Files\QuickTime
2008-08-10 14:29 --------- d-----w C:\Program Files\iTunes
2008-08-10 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-08-10 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-09 23:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-08-09 23:52 --------- d-----w C:\Program Files\iPod
2008-08-09 23:46 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-08-09 23:18 --------- d-----w C:\Program Files\ATP
2008-08-09 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-09 17:15 36,864 ----a-w C:\WINDOWS\system32\mssetd.dll.vir
2008-08-09 17:14 28,672 ----a-w C:\WINDOWS\system32\cmonos.dll.vir
2008-08-09 17:14 24,576 ----a-w C:\WINDOWS\system32\squalle.dll.vir
2008-08-09 17:14 24,576 ----a-w C:\WINDOWS\system32\offscrl.dll
2008-08-09 15:53 --------- d-----w C:\Program Files\Uniblue
2008-08-08 23:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-08 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-08 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-08 20:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Registry Booster
2008-08-08 16:00 --------- d-----w C:\Program Files\ArcSoft
2008-08-08 15:58 --------- d-----w C:\Program Files\GTA3Mods
2008-08-05 22:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-08-05 20:25 --------- d-----w C:\Program Files\eRightSoft
2008-08-05 18:36 --------- d-----w C:\Program Files\ESET
2008-08-05 18:22 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-08-05 18:21 --------- d-----w C:\Program Files\SAGEM
2008-08-05 17:40 --------- d-----w C:\Program Files\Symantec
.
((((((((((((((((((((((((((((( snapshot@Sat 09-06-2008_14.32.43.83 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-07-31 17:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
+ 2008-05-18 20:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
- 2008-09-06 13:25:30 224,776 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-09-06 17:18:06 224,778 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2003-06-05 20:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
+ 2006-04-27 16:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2007-09-05 23:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2007-10-03 23:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"= "C:\PROGRA~1\DAP\SBSearch.dll" [BU]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"= "C:\Program Files\Gossiper\tbGoss.dll" [07/10/2008 02:04 PM 1600024]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [02/14/2008 02:54 PM 1555480]
[HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
07/10/2008 02:04 PM 1600024 --a------ C:\Program Files\Gossiper\tbGoss.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
02/14/2008 02:54 PM 1555480 --a------ C:\Program Files\free-downloads.net\tbfree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"= "C:\Program Files\Gossiper\tbGoss.dll" [07/10/2008 02:04 PM 1600024]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [02/14/2008 02:54 PM 1555480]
[HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0A452A47-C5A8-4854-A237-4B9B06B376F0}"= "C:\Program Files\Gossiper\tbGoss.dll" [07/10/2008 02:04 PM 1600024]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "C:\Program Files\free-downloads.net\tbfree.dll" [02/14/2008 02:54 PM 1555480]
[HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/19/2004 05:09 PM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [02/24/2008 07:20 PM 185896]
"PrnSys Executable"="C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe" [08/01/2002 01:03 PM 36864]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/08/2006 01:27 PM 222208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/03/2004 11:32 PM 208952]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [09/01/2003 12:42 PM 176128]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [06/10/2008 06:52 PM 1447168]
"lphcpqlj0ejdc"="C:\WINDOWS\system32\lphcpqlj0ejdc.exe" [09/06/2008 06:20 PM 203776]
"inrhctqlj0ejdc"="C:\WINDOWS\temp\.tt5D.tmp.exe" [BU]
"SoundMan"="SOUNDMAN.EXE" [09/27/2002 07:44 AM 47104 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/19/2004 05:09 PM 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1634304]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Service"="spoolsc.exe" [BU]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}"= "C:\WINDOWS\system32\inetresdxc.dll" [BU]
"{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}"= "C:\WINDOWS\system32\certmgrkd.dll" [BU]
"{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}"= "C:\WINDOWS\system32\cliconfgzx.dll" [BU]
"{76D44356-B494-443a-BEDC-AA68DE4255E6}"= "C:\WINDOWS\system32\dispexcb.dll" [BU]
"{D3112B69-A745-4805-874E-ABD480EA1299}"= "C:\WINDOWS\system32\bootvidgj.dll" [BU]
"{EB9660D8-E1CD-4ff0-B4A9-00CD907F928A}"= "C:\WINDOWS\system32\slbiopfs2.dll" [BU]
"{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}"= "C:\WINDOWS\system32\tscfgwmijxsj.dll" [BU]
"{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}"= "C:\WINDOWS\system32\pxnblwzb.dll" [BU]
"{F0930A2F-D971-4828-8209-B7DFD266ED44}"= "C:\WINDOWS\system32\xolehlpjh.dll" [BU]
"{65056902-6E7B-4bd7-95BA-688DB5FA5BEB}"= "C:\WINDOWS\system32\mstimewd.dll" [BU]
"{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}"= "C:\WINDOWS\system32\adsntzt.dll" [BU]
"{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}"= "C:\WINDOWS\system32\avicapwm.dll" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"adsntzt.dll"= {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll [BU]
"avicapwm.dll"= {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll [BU]
"dispexcb.dll"= {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll [BU]
"pxnblwzb.dll"= {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pxnblwzb.dll [BU]
"mstimewd.dll"= {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll [BU]
"xolehlpjh.dll"= {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll [BU]
"slbiopfs2.dll"= {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll [BU]
"tscfgwmijxsj.dll"= {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll [BU]
"cliconfgzx.dll"= {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll [BU]
"bootvidgj.dll"= {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll [BU]
"certmgrkd.dll"= {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll [BU]
"inetresdxc.dll"= {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dactnrv]
09/04/2008 03:21 PM 21504 C:\WINDOWS\system32\dactnrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dim62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Glp16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmr37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jos48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pty04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Puy83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rva61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Syd40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txd26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbg72.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 11:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 03/14/2005 12:37 AM 1057280 C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 08/11/2008 11:15 PM 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 08/30/2008 07:17 PM 916560 C:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Documents and Settings\\Administrateur\\Mes documents\\My Completed Downloads\\gta3\\gtaTClient.exe"=
"C:\\Documents and Settings\\Administrateur\\Mes documents\\samples\\NESTCL95.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Watanabe-Production and TYPE-MOON\\Melty Blood Re-ACT Final Tuned\\mbr_net_b7v2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Port DCOM (135)
"12863:TCP"= 12863:TCP:BitComet 12863 TCP
"12863:UDP"= 12863:UDP:BitComet 12863 UDP
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [06/19/2008 05:24 PM]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [06/10/2008 06:56 PM]
S0 Bgk37;Bgk37;C:\WINDOWS\system32\Drivers\Bgk37.sys []
S0 Dim62;Dim62;C:\WINDOWS\system32\Drivers\Dim62.sys []
S0 Glp16;Glp16;C:\WINDOWS\system32\Drivers\Glp16.sys []
S0 Hmr37;Hmr37;C:\WINDOWS\system32\Drivers\Hmr37.sys []
S0 Jos48;Jos48;C:\WINDOWS\system32\Drivers\Jos48.sys []
S0 Pty04;Pty04;C:\WINDOWS\system32\Drivers\Pty04.sys []
S0 Puy83;Puy83;C:\WINDOWS\system32\Drivers\Puy83.sys []
S0 Qva05;Qva05;C:\WINDOWS\system32\Drivers\Qva05.sys []
S0 Rva61;Rva61;C:\WINDOWS\system32\Drivers\Rva61.sys []
S0 Syd40;Syd40;C:\WINDOWS\system32\Drivers\Syd40.sys []
S0 Txd26;Txd26;C:\WINDOWS\system32\Drivers\Txd26.sys []
S0 Vbf62;Vbf62;C:\WINDOWS\system32\Drivers\Vbf62.sys []
S0 Vbg72;Vbg72;C:\WINDOWS\system32\Drivers\Vbg72.sys []
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\WINDOWS\system32\DRIVERS\evserial.sys [05/19/2008 04:01 PM]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [02/01/2008 04:17 PM]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [02/01/2008 04:17 PM]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys []
S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\WINDOWS\system32\DRIVERS\evsbc.sys [05/19/2008 04:01 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{052ef872-46b0-11dd-9f0a-00eeb0011c79}]
\Shell\AutoRun\command - G:\hgu.bat
\Shell\explore\Command - G:\hgu.bat
\Shell\open\Command - G:\hgu.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c654b6d-f297-11dc-9d73-4d6564696130}]
\Shell\AutoRun\command - G:\hgu.bat
\Shell\explore\Command - G:\hgu.bat
\Shell\open\Command - G:\hgu.bat
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0 []
.
- - - - ORPHANS REMOVED - - - -
ShellExecuteHooks-{71A78CD4-E470-4a18-8457-E0E0283DD507} - (no file)
ShellExecuteHooks-{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - (no file)
.
------- Supplementary Scan -------
.
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 -: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 17:53:28
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\dactnrv.dll
.
Temps d'accomplissement: 09/06/2008 17:59:52
ComboFix-quarantined-files.txt 2008-09-06 16:59:11
ComboFix2.txt 2008-09-06 13:58:22
ComboFix3.txt 2008-08-08 23:40:30
Pre-Run: 5,001,625,600 octets libres
Post-Run: 4,994,658,304 octets libres
333 --- E O F --- 2008-09-06 13:10:02 -
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\blphcpqlj0ejdc.scr
C:\WINDOWS\system32\lphcpqlj0ejdc.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\lenschk.exe
C:\WINDOWS\system32\spoolsc.exe.vir
C:\PROGRA~1\DAP\SBSearch.dll
C:\jdzjaw3o.sys
C:\WINDOWS\system32\AntiXPVSTFix.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\temp\.tt5D.tmp.exe
C:\WINDOWS\system32\dactnrv.dll
Folder::
C:\Program Files\free-downloads.net
C:\Program Files\NoAdware5.0
C:\Program Files\Gossiper
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{F4F10C1D-87C7-404A-B4B3-000000000000}"=-
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=-
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=-
[-HKEY_CLASSES_ROOT\clsid\{f4f10c1d-87c7-404a-b4b3-000000000000}]
[-HKEY_CLASSES_ROOT\SearchHook.SrchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{95EFB171-F3DF-4BEC-9EF7-829A800203E6}]
[-HKEY_CLASSES_ROOT\SearchHook.SrchHook]
[-HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0a452a47-c5a8-4854-a237-4b9b06b376f0}"=
"{ecdee021-0d17-467f-a1ff-c7a115230949}"=
[-HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0A452A47-C5A8-4854-A237-4B9B06B376F0}"=-
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"=-
[-HKEY_CLASSES_ROOT\clsid\{0a452a47-c5a8-4854-a237-4b9b06b376f0}]
[-HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphcpqlj0ejdc"=-
"inrhctqlj0ejdc"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{BB4E3499-0132-4d3f-849A-2BE1B26D84E1}"=-
"{9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5}"=-
"{7A6DF30E-D0F2-446f-B4F0-BF4232D60E07}"=-
"{76D44356-B494-443a-BEDC-AA68DE4255E6}"=-
"{D3112B69-A745-4805-874E-ABD480EA1299}"=-
"{EB9660D8-E1CD-4ff0-B4A9-00CD907F928A}"=-
"{2CB77746-8ECC-40ca-8217-10CA8BE5EFC8}"=-
"{21BE5FDF-D4CB-4850-AD99-21E68B50BF3F}"=-
"{F0930A2F-D971-4828-8209-B7DFD266ED44}"=-
"{65056902-6E7B-4bd7-95BA-688DB5FA5BEB}"=-
"{E0F3526A-4165-4589-80CD-50B6FBAC3BDA}"=-
"{6B9FEAD7-4319-4312-AB05-D8C9CD255BFE}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dactnrv]
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
-
dsl pour le retard,voila le rapport de combofix:
ComboFix 08-07-26.1 - Administrateur 09/06/2008 20:36:15.8 - NTFSx86
Endroit: C:\Documents and Settings\Administrateur\Bureau\combofix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
- FONCTIONNALITES REDUITES -
FILE ::
C:\jdzjaw3o.sys
C:\PROGRA~1\DAP\SBSearch.dll
C:\WINDOWS\system32\AntiXPVSTFix.exe
C:\WINDOWS\system32\blphcpqlj0ejdc.scr
C:\WINDOWS\system32\dactnrv.dll
C:\WINDOWS\system32\lenschk.exe
C:\WINDOWS\system32\lphcpqlj0ejdc.exe
C:\WINDOWS\system32\spoolsc.exe.vir
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\temp\.tt5D.tmp.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\jdzjaw3o.sys
C:\Program Files\free-downloads.net
C:\Program Files\free-downloads.net\INSTALL.LOG
C:\Program Files\free-downloads.net\tbfree.dll
C:\Program Files\free-downloads.net\toolbar.cfg
C:\Program Files\free-downloads.net\UNWISE.EXE
C:\Program Files\Gossiper
C:\Program Files\Gossiper\GossiperToolbarHelper.exe
C:\Program Files\Gossiper\INSTALL.LOG
C:\Program Files\Gossiper\tbGoss.dll
C:\Program Files\Gossiper\toolbar.cfg
C:\Program Files\Gossiper\UNWISE.EXE
C:\Program Files\NoAdware5.0
C:\Program Files\NoAdware5.0\noadware4_090608.na
C:\WINDOWS\system32\AntiXPVSTFix.exe
C:\WINDOWS\system32\dactnrv.dll
C:\WINDOWS\system32\lenschk.exe
C:\WINDOWS\system32\lphcpqlj0ejdc.exe
C:\WINDOWS\system32\spoolsc.exe.vir
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier cr‚‚ dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 16:59 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 00:31 --------- d-----w C:\Program Files\Panda Security
2008-09-06 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-09-04 22:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 21:17 --------- d-----w C:\Program Files\Trojan Remover
2008-09-04 19:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-09-04 15:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-09-04 15:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-04 15:02 --------- d-----w C:\Program Files\Smart Projects
2008-09-04 14:48 --------- d-----w C:\Program Files\vcmm
2008-09-04 14:43 --------- d-----w C:\Program Files\Moray For Windows
2008-09-04 14:42 --------- d-----w C:\Program Files\Creative
2008-09-04 14:41 --------- d-----w C:\Program Files\Google
2008-09-03 19:56 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-09-02 14:32 --------- d-----w C:\Program Files\EA SPORTS
2008-09-01 23:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 23:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 19:16 --------- d-----w C:\Program Files\Alcohol Soft
2008-09-01 18:51 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-31 18:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon
2008-08-29 22:28 --------- d-----w C:\Program Files\Watanabe-Production and TYPE-MOON
2008-08-21 21:11 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-08-21 20:48 --------- d-----w C:\Program Files\Conduit
2008-08-20 20:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nokia Multimedia Player
2008-08-20 19:55 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nokia
2008-08-20 11:15 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-08-20 11:15 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-08-20 11:14 --------- d-----w C:\Program Files\Nokia
2008-08-19 16:27 --------- d-----w C:\Program Files\Mobile Connect
2008-08-16 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-08-16 20:30 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-16 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-15 22:27 --------- d-----w C:\Program Files\Pizzicato 3.3
2008-08-15 22:19 --------- d-----w C:\Program Files\Macromedia
2008-08-15 21:29 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Blender Foundation
2008-08-15 21:28 --------- d-----w C:\Program Files\Blender Foundation
2008-08-15 21:23 --------- d-----w C:\Program Files\Eltima Software
2008-08-14 22:09 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-14 22:09 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-14 21:58 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-14 21:58 --------- d-----w C:\Program Files\DIFX
2008-08-14 21:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PC Suite
2008-08-14 21:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Datalayer
2008-08-14 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-14 20:31 --------- d-----w C:\Program Files\Pinnacle
2008-08-14 15:44 --------- d-----w C:\Program Files\KONAMI
2008-08-11 23:16 --------- d-----w C:\Program Files\BitComet
2008-08-11 17:45 --------- d-----w C:\Program Files\Rockstar Games
2008-08-10 14:33 --------- d-----w C:\Program Files\Bonjour
2008-08-10 14:29 --------- d-----w C:\Program Files\QuickTime
2008-08-10 14:29 --------- d-----w C:\Program Files\iTunes
2008-08-10 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-08-10 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-09 23:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-08-09 23:52 --------- d-----w C:\Program Files\iPod
2008-08-09 23:46 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-08-09 23:18 --------- d-----w C:\Program Files\ATP
2008-08-09 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-09 15:53 --------- d-----w C:\Program Files\Uniblue
2008-08-08 23:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-08 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-08 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-08 20:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Registry Booster
2008-08-08 16:00 --------- d-----w C:\Program Files\ArcSoft
2008-08-08 15:58 --------- d-----w C:\Program Files\GTA3Mods
2008-08-05 22:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-08-05 20:25 --------- d-----w C:\Program Files\eRightSoft
2008-08-05 18:36 --------- d-----w C:\Program Files\ESET
2008-08-05 18:22 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-08-05 18:21 --------- d-----w C:\Program Files\SAGEM
2008-08-05 17:40 --------- d-----w C:\Program Files\Symantec
2008-08-05 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-05 16:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-08-05 16:43 --------- d-----w C:\Program Files\CryDe
2008-08-05 13:13 --------- d-----w C:\Program Files\Dragon Systems
2008-08-05 13:13 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-08-02 20:31 --------- d-----w C:\Program Files\AnMing
2008-07-24 12:03 --------- d-----w C:\Program Files\Microsoft Games
2008-07-20 17:32 --------- d-----w C:\Program Files\LG Electronics
2008-07-16 20:22 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\MegauploadToolbar
2008-07-16 14:58 --------- d-----w C:\Program Files\Windows Live
2008-07-09 23:09 --------- d-----w C:\Program Files\Kaspersky Lab
2008-07-07 15:45 --------- d-----w C:\Program Files\Need For Speed 5 - Porsche Unleashed
2001-08-29 11:04 967 ----a-w C:\Program Files\setup.PIF
.
((((((((((((((((((((((((((((( snapshot@Sat 09-06-2008_14.32.43.83 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-18 11:19:03 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
- 2008-09-06 13:07:23 118,784 ----a-w C:\WINDOWS\system32\blphcpqlj0ejdc.scr
+ 2008-09-06 17:21:01 118,784 ----a-w C:\WINDOWS\system32\blphcpqlj0ejdc.scr
+ 2004-07-31 17:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
+ 2008-08-28 21:36:57 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
+ 2008-05-18 20:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
- 2008-09-06 13:25:30 224,776 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-09-06 17:40:00 224,776 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2003-06-05 20:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
+ 2006-04-27 16:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2007-09-05 23:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2007-10-03 23:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/19/2004 05:09 PM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [02/24/2008 07:20 PM 185896]
"PrnSys Executable"="C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe" [08/01/2002 01:03 PM 36864]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/08/2006 01:27 PM 222208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/03/2004 11:32 PM 208952]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [09/01/2003 12:42 PM 176128]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [06/10/2008 06:52 PM 1447168]
"SoundMan"="SOUNDMAN.EXE" [09/27/2002 07:44 AM 47104 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/19/2004 05:09 PM 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1634304]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Service"="spoolsc.exe" [BU]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"adsntzt.dll"= {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll [BU]
"avicapwm.dll"= {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll [BU]
"dispexcb.dll"= {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll [BU]
"pxnblwzb.dll"= {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pxnblwzb.dll [BU]
"mstimewd.dll"= {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll [BU]
"xolehlpjh.dll"= {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll [BU]
"slbiopfs2.dll"= {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll [BU]
"tscfgwmijxsj.dll"= {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll [BU]
"cliconfgzx.dll"= {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll [BU]
"bootvidgj.dll"= {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll [BU]
"certmgrkd.dll"= {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll [BU]
"inetresdxc.dll"= {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dim62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Glp16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmr37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jos48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pty04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Puy83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rva61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Syd40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txd26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbg72.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 11:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 03/14/2005 12:37 AM 1057280 C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 08/11/2008 11:15 PM 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 08/30/2008 07:17 PM 916560 C:\Program Files\Trojan Remover\Trjscan.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Documents and Settings\\Administrateur\\Mes documents\\My Completed Downloads\\gta3\\gtaTClient.exe"=
"C:\\Documents and Settings\\Administrateur\\Mes documents\\samples\\NESTCL95.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Watanabe-Production and TYPE-MOON\\Melty Blood Re-ACT Final Tuned\\mbr_net_b7v2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Port DCOM (135)
"12863:TCP"= 12863:TCP:BitComet 12863 TCP
"12863:UDP"= 12863:UDP:BitComet 12863 UDP
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [06/19/2008 05:24 PM]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [06/10/2008 06:56 PM]
S0 Bgk37;Bgk37;C:\WINDOWS\system32\Drivers\Bgk37.sys []
S0 Dim62;Dim62;C:\WINDOWS\system32\Drivers\Dim62.sys []
S0 Glp16;Glp16;C:\WINDOWS\system32\Drivers\Glp16.sys []
S0 Hmr37;Hmr37;C:\WINDOWS\system32\Drivers\Hmr37.sys []
S0 Jos48;Jos48;C:\WINDOWS\system32\Drivers\Jos48.sys []
S0 Pty04;Pty04;C:\WINDOWS\system32\Drivers\Pty04.sys []
S0 Puy83;Puy83;C:\WINDOWS\system32\Drivers\Puy83.sys []
S0 Qva05;Qva05;C:\WINDOWS\system32\Drivers\Qva05.sys []
S0 Rva61;Rva61;C:\WINDOWS\system32\Drivers\Rva61.sys []
S0 Syd40;Syd40;C:\WINDOWS\system32\Drivers\Syd40.sys []
S0 Txd26;Txd26;C:\WINDOWS\system32\Drivers\Txd26.sys []
S0 Vbf62;Vbf62;C:\WINDOWS\system32\Drivers\Vbf62.sys []
S0 Vbg72;Vbg72;C:\WINDOWS\system32\Drivers\Vbg72.sys []
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\WINDOWS\system32\DRIVERS\evserial.sys [05/19/2008 04:01 PM]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [02/01/2008 04:17 PM]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [02/01/2008 04:17 PM]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys []
S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\WINDOWS\system32\DRIVERS\evsbc.sys [05/19/2008 04:01 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{052ef872-46b0-11dd-9f0a-00eeb0011c79}]
\Shell\AutoRun\command - G:\hgu.bat
\Shell\explore\Command - G:\hgu.bat
\Shell\open\Command - G:\hgu.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c654b6d-f297-11dc-9d73-4d6564696130}]
\Shell\AutoRun\command - G:\hgu.bat
\Shell\explore\Command - G:\hgu.bat
\Shell\open\Command - G:\hgu.bat
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0 []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 20:40:05
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
.
**************************************************************************
.
Temps d'accomplissement: 09/06/2008 16:50:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 17:50:10
ComboFix2.txt 2008-09-06 16:59:53
ComboFix3.txt 2008-09-06 13:58:22
ComboFix4.txt 2008-08-08 23:40:30
Pre-Run: 4,973,989,888 octets libres
Post-Run: 4,961,304,576 octets libres
308 --- E O F --- 2008-09-06 13:10:02
et voila le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:08, on 06-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SoftwareDistribution\Download\c754b0ae7006467484ddc341ab515bda\update\update.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Service] spoolsc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A32DBB0-6091-4AF3-AF71-29ABFA148741}: NameServer = 212.217.0.13 212.217.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll
O21 - SSODL: adsntzt.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll (file missing)
O21 - SSODL: avicapwm.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll (file missing)
O21 - SSODL: dispexcb.dll - {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll (file missing)
O21 - SSODL: pxnblwzb.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pxnblwzb.dll (file missing)
O21 - SSODL: mstimewd.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll (file missing)
O21 - SSODL: xolehlpjh.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll (file missing)
O21 - SSODL: slbiopfs2.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll (file missing)
O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll (file missing)
O21 - SSODL: cliconfgzx.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll (file missing)
O21 - SSODL: bootvidgj.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll (file missing)
O21 - SSODL: certmgrkd.dll - {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll (file missing)
O21 - SSODL: inetresdxc.dll - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
-
-
Copie le texte ci-dessous :
File::
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\blphcpqlj0ejdc.scr
C:\WINDOWS\system32\blphcpqlj0ejdc.scr
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\inetsrv\MetaBase.bin
C:\WINDOWS\system32\inetsrv\MetaBase.bin
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\drivers\pavboot.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\Drivers\Bgk37.sys
C:\WINDOWS\system32\Drivers\Dim62.sys
C:\WINDOWS\system32\Drivers\Glp16.sys
C:\WINDOWS\system32\Drivers\Hmr37.sys
C:\WINDOWS\system32\Drivers\Jos48.sys
C:\WINDOWS\system32\Drivers\Pty04.sys
C:\WINDOWS\system32\Drivers\Puy83.sys
C:\WINDOWS\system32\Drivers\Qva05.sys
C:\WINDOWS\system32\Drivers\Rva61.sys
C:\WINDOWS\system32\Drivers\Syd40.sys
C:\WINDOWS\system32\Drivers\Txd26.sys
C:\WINDOWS\system32\Drivers\Vbf62.sys
C:\WINDOWS\system32\Drivers\Vbg72.sys
C:\WINDOWS\system32\sysrest.sys
G:\hgu.bat
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"adsntzt.dll"=-
"avicapwm.dll"=-
"dispexcb.dll"=-
"pxnblwzb.dll"=-
"mstimewd.dll"=-
"xolehlpjh.dll"=-
"slbiopfs2.dll"=-
"tscfgwmijxsj.dll"=-
"cliconfgzx.dll"=-
"bootvidgj.dll"=-
"certmgrkd.dll"=-
"inetresdxc.dll"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{052ef872-46b0-11dd-9f0a-00eeb0011c79}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c654b6d-f297-11dc-9d73-4d6564696130}]
Driver::
sysrest.sys
pavboot
epfwtdir
Bgk37
Dim62
Glp16
Hmr37
Jos48
Pty04
Puy83
Qva05
Rva61
Syd40
Txd26
Vbf62
Vbg72
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
-
voila le rapport combofix:
ComboFix 08-07-26.1 - Administrateur 09/06/2008 21:47:04.9 - NTFSx86
Endroit: C:\Documents and Settings\Administrateur\Bureau\combofix.exe
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration
* Resident AV is active
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
- FONCTIONNALITES REDUITES -
.
((((((((((((((((((((((((((((( Fichiers créés 2008-08-06 to 2008-09-06 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-06 20:44 8,224 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-06 20:44 1,108 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-06 20:43 96,559 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-09-06 20:43 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-09-06 20:41 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-06 20:41 32 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-06 20:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-06 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-06 17:21 118,784 ----a-w C:\WINDOWS\system32\blphcpqlj0ejdc.scr
2008-09-06 16:59 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 00:31 --------- d-----w C:\Program Files\Panda Security
2008-09-06 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ashampoo
2008-09-05 15:33 28,672 ----a-w C:\WINDOWS\system32\thermaltinc.dll
2008-09-05 15:33 28,672 ----a-w C:\WINDOWS\system32\lensch.dll
2008-09-05 15:33 28,672 ----a-w C:\WINDOWS\system32\cmbdaf.dll
2008-09-05 15:33 24,576 ----a-w C:\WINDOWS\system32\johandy.dll
2008-09-05 15:31 28,672 ----a-w C:\WINDOWS\system32\mcromv.dll
2008-09-05 15:30 28,672 ----a-w C:\WINDOWS\system32\qxfel.dll
2008-09-04 22:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-04 21:41 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-09-04 21:26 28,672 ----a-w C:\WINDOWS\system32\aotoppt.dll
2008-09-04 21:25 11,776 ----a-w C:\WINDOWS\system32\qxfelk.exe
2008-09-04 21:17 --------- d-----w C:\Program Files\Trojan Remover
2008-09-04 19:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-04 15:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-09-04 15:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-09-04 15:11 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-09-04 15:02 --------- d-----w C:\Program Files\Smart Projects
2008-09-04 14:48 --------- d-----w C:\Program Files\vcmm
2008-09-04 14:43 --------- d-----w C:\Program Files\Moray For Windows
2008-09-04 14:42 --------- d-----w C:\Program Files\Creative
2008-09-04 14:41 --------- d-----w C:\Program Files\Google
2008-09-03 19:56 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Skype
2008-09-02 14:32 --------- d-----w C:\Program Files\EA SPORTS
2008-09-01 23:16 38,528 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-01 23:16 17,200 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-09-01 19:16 --------- d-----w C:\Program Files\Alcohol Soft
2008-09-01 18:51 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-31 18:19 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Canon
2008-08-29 22:28 --------- d-----w C:\Program Files\Watanabe-Production and TYPE-MOON
2008-08-28 21:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe
2008-08-21 21:11 --------- d-----w C:\Program Files\Bitcomet Ultra Accelerator
2008-08-21 20:48 --------- d-----w C:\Program Files\Conduit
2008-08-20 20:00 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nokia Multimedia Player
2008-08-20 19:55 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Nokia
2008-08-20 11:15 --------- d-----w C:\Program Files\Fichiers communs\PCSuite
2008-08-20 11:15 --------- d-----w C:\Program Files\Fichiers communs\Nokia
2008-08-20 11:14 --------- d-----w C:\Program Files\Nokia
2008-08-19 16:27 --------- d-----w C:\Program Files\Mobile Connect
2008-08-18 11:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe
2008-08-16 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nokia
2008-08-16 20:30 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-16 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Installations
2008-08-15 22:27 --------- d-----w C:\Program Files\Pizzicato 3.3
2008-08-15 22:19 --------- d-----w C:\Program Files\Macromedia
2008-08-15 21:29 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Blender Foundation
2008-08-15 21:28 --------- d-----w C:\Program Files\Blender Foundation
2008-08-15 21:23 --------- d-----w C:\Program Files\Eltima Software
2008-08-14 22:09 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-14 22:09 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-08-14 21:58 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-08-14 21:58 --------- d-----w C:\Program Files\DIFX
2008-08-14 21:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\PC Suite
2008-08-14 21:52 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Datalayer
2008-08-14 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-08-14 20:31 --------- d-----w C:\Program Files\Pinnacle
2008-08-14 15:44 --------- d-----w C:\Program Files\KONAMI
2008-08-11 23:16 --------- d-----w C:\Program Files\BitComet
2008-08-11 22:12 2,560 ----a-w C:\WINDOWS\system32\bitcometres.dll
2008-08-11 17:45 --------- d-----w C:\Program Files\Rockstar Games
2008-08-10 14:33 --------- d-----w C:\Program Files\Bonjour
2008-08-10 14:29 --------- d-----w C:\Program Files\QuickTime
2008-08-10 14:29 --------- d-----w C:\Program Files\iTunes
2008-08-10 14:29 --------- d-----w C:\Program Files\Apple Software Update
2008-08-10 14:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-09 23:53 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-08-09 23:52 --------- d-----w C:\Program Files\iPod
2008-08-09 23:46 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-08-09 23:18 --------- d-----w C:\Program Files\ATP
2008-08-09 17:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-09 17:15 36,864 ----a-w C:\WINDOWS\system32\mssetd.dll.vir
2008-08-09 17:14 28,672 ----a-w C:\WINDOWS\system32\cmonos.dll.vir
2008-08-09 17:14 24,576 ----a-w C:\WINDOWS\system32\squalle.dll.vir
2008-08-09 17:14 24,576 ----a-w C:\WINDOWS\system32\offscrl.dll
2008-08-09 15:53 --------- d-----w C:\Program Files\Uniblue
2008-08-08 23:24 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-08 20:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-08 20:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-08 20:36 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Registry Booster
2008-08-08 16:00 --------- d-----w C:\Program Files\ArcSoft
2008-08-08 15:58 --------- d-----w C:\Program Files\GTA3Mods
2008-08-05 22:18 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
2008-08-05 20:25 --------- d-----w C:\Program Files\eRightSoft
2008-08-05 18:36 --------- d-----w C:\Program Files\ESET
2008-08-05 18:22 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-08-05 18:21 --------- d-----w C:\Program Files\SAGEM
2008-08-05 17:40 --------- d-----w C:\Program Files\Symantec
2008-08-05 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-05 16:59 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-08-05 16:43 --------- d-----w C:\Program Files\CryDe
.
((((((((((((((((((((((((((((( snapshot@Sat 09-06-2008_14.32.43.83 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-21 17:34:36 121,872 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
+ 2008-01-29 17:29:38 32,784 ----a-w C:\WINDOWS\system32\drivers\klbg.sys
+ 2008-09-06 20:40:43 213,008 ----a-w C:\WINDOWS\system32\drivers\klif.sys
+ 2008-04-30 17:06:48 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
+ 2008-07-29 19:20:00 24,774 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
+ 2004-07-31 17:50:36 51,200 ----a-w C:\WINDOWS\system32\dumphive.exe
+ 2008-05-18 20:40:35 82,944 ----a-w C:\WINDOWS\system32\IEDFix.exe
- 2008-09-06 13:25:30 224,776 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-09-06 18:15:53 224,774 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin
+ 2008-07-29 19:21:42 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
+ 2003-06-05 20:13:00 53,248 ----a-w C:\WINDOWS\system32\Process.exe
+ 2006-04-27 16:49:30 288,417 ----a-w C:\WINDOWS\system32\SrchSTS.exe
+ 2007-09-05 23:22:23 289,144 ----a-w C:\WINDOWS\system32\VCCLSID.exe
+ 2007-10-03 23:36:46 25,600 ----a-w C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [08/19/2004 05:09 PM 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [02/24/2008 07:20 PM 185896]
"PrnSys Executable"="C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe" [08/01/2002 01:03 PM 36864]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [11/08/2006 01:27 PM 222208]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [08/03/2004 11:32 PM 208952]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [09/01/2003 12:42 PM 176128]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [06/10/2008 06:52 PM 1447168]
"SoundMan"="SOUNDMAN.EXE" [09/27/2002 07:44 AM 47104 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [08/19/2004 05:09 PM 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [11/09/2006 05:15 PM 1634304]
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"NT Printing Service"="spoolsc.exe" [BU]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"adsntzt.dll"= {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll [BU]
"avicapwm.dll"= {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll [BU]
"dispexcb.dll"= {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll [BU]
"pxnblwzb.dll"= {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pxnblwzb.dll [BU]
"mstimewd.dll"= {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll [BU]
"xolehlpjh.dll"= {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll [BU]
"slbiopfs2.dll"= {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll [BU]
"tscfgwmijxsj.dll"= {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll [BU]
"cliconfgzx.dll"= {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll [BU]
"bootvidgj.dll"= {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll [BU]
"certmgrkd.dll"= {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll [BU]
"inetresdxc.dll"= {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll [BU]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Bgk37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dim62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Glp16.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Hmr37.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Jos48.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pty04.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Puy83.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Qva05.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rva61.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Syd40.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Txd26.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbf62.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vbg72.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 07/09/2001 11:50 AM 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperCopier2.exe]
--a------ 03/14/2005 12:37 AM 1057280 C:\Program Files\SuperCopier2\SuperCopier2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 08/11/2008 11:15 PM 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
--a------ 08/30/2008 07:17 PM 916560 C:\Program Files\Trojan Remover\Trjscan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Documents and Settings\\Administrateur\\Mes documents\\My Completed Downloads\\gta3\\gtaTClient.exe"=
"C:\\Documents and Settings\\Administrateur\\Mes documents\\samples\\NESTCL95.EXE"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Program Files\\Watanabe-Production and TYPE-MOON\\Melty Blood Re-ACT Final Tuned\\mbr_net_b7v2.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Port DCOM (135)
"12863:TCP"= 12863:TCP:BitComet 12863 TCP
"12863:UDP"= 12863:UDP:BitComet 12863 UDP
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [06/19/2008 05:24 PM]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [06/10/2008 06:56 PM]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [04/30/2008 06:06 PM]
S0 Bgk37;Bgk37;C:\WINDOWS\system32\Drivers\Bgk37.sys []
S0 Dim62;Dim62;C:\WINDOWS\system32\Drivers\Dim62.sys []
S0 Glp16;Glp16;C:\WINDOWS\system32\Drivers\Glp16.sys []
S0 Hmr37;Hmr37;C:\WINDOWS\system32\Drivers\Hmr37.sys []
S0 Jos48;Jos48;C:\WINDOWS\system32\Drivers\Jos48.sys []
S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [01/29/2008 06:29 PM]
S0 Pty04;Pty04;C:\WINDOWS\system32\Drivers\Pty04.sys []
S0 Puy83;Puy83;C:\WINDOWS\system32\Drivers\Puy83.sys []
S0 Qva05;Qva05;C:\WINDOWS\system32\Drivers\Qva05.sys []
S0 Rva61;Rva61;C:\WINDOWS\system32\Drivers\Rva61.sys []
S0 Syd40;Syd40;C:\WINDOWS\system32\Drivers\Syd40.sys []
S0 Txd26;Txd26;C:\WINDOWS\system32\Drivers\Txd26.sys []
S0 Vbf62;Vbf62;C:\WINDOWS\system32\Drivers\Vbf62.sys []
S0 Vbg72;Vbg72;C:\WINDOWS\system32\Drivers\Vbg72.sys []
S2 cdralw;NVIDIA Compatible Windows Miniport Driver;C:\WINDOWS\system32\DRIVERS\nvmini.sys []
S3 evserial;Virtual Serial Ports Driver (Eltima Softwate);C:\WINDOWS\system32\DRIVERS\evserial.sys [05/19/2008 04:01 PM]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [02/01/2008 04:17 PM]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [02/01/2008 04:17 PM]
S3 sysrest.sys;sysrest.sys;C:\WINDOWS\system32\sysrest.sys []
S3 VSBC;Virtual Serial Bus Enumerator (Eltima Software);C:\WINDOWS\system32\DRIVERS\evsbc.sys [05/19/2008 04:01 PM]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{052ef872-46b0-11dd-9f0a-00eeb0011c79}]
\Shell\AutoRun\command - G:\hgu.bat
\Shell\explore\Command - G:\hgu.bat
\Shell\open\Command - G:\hgu.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c654b6d-f297-11dc-9d73-4d6564696130}]
\Shell\AutoRun\command - G:\hgu.bat
\Shell\explore\Command - G:\hgu.bat
\Shell\open\Command - G:\hgu.bat
*Newly Created Service* - AVP
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-09 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - s!:C:\Program Files\Apple Software Update\SoftwareUpdate.exe-taskSYSTEM0 []
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-06 21:48:12
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 09/06/2008 21:55:38
ComboFix-quarantined-files.txt 2008-09-06 20:54:50
ComboFix2.txt 2008-09-06 17:50:35
ComboFix3.txt 2008-09-06 16:59:53
ComboFix4.txt 2008-09-06 13:58:22
ComboFix5.txt 2008-09-06 20:46:02
Pre-Run: 4,728,147,968 octets libres
Post-Run: 4,724,203,520 octets libres
285 --- E O F --- 2008-09-06 17:52:52
et voila le rapport de hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58:13, on 06-09-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\BitComet\BitComet.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PrnSys Executable] C:\Program Files\Hewlett-Packard\hp print screen utility\PrnSys.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Policies\Explorer\Run: [NT Printing Service] spoolsc.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A32DBB0-6091-4AF3-AF71-29ABFA148741}: NameServer = 212.217.0.13 212.217.1.17
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: qxfel.dll mcromv.dll cupops.dll thermaltinc.dll johandy.dll aotoppt.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O21 - SSODL: adsntzt.dll - {E0F3526A-4165-4589-80CD-50B6FBAC3BDA} - C:\WINDOWS\system32\adsntzt.dll (file missing)
O21 - SSODL: avicapwm.dll - {6B9FEAD7-4319-4312-AB05-D8C9CD255BFE} - C:\WINDOWS\system32\avicapwm.dll (file missing)
O21 - SSODL: dispexcb.dll - {76D44356-B494-443a-BEDC-AA68DE4255E6} - C:\WINDOWS\system32\dispexcb.dll (file missing)
O21 - SSODL: pxnblwzb.dll - {21BE5FDF-D4CB-4850-AD99-21E68B50BF3F} - C:\WINDOWS\system32\pxnblwzb.dll (file missing)
O21 - SSODL: mstimewd.dll - {65056902-6E7B-4bd7-95BA-688DB5FA5BEB} - C:\WINDOWS\system32\mstimewd.dll (file missing)
O21 - SSODL: xolehlpjh.dll - {F0930A2F-D971-4828-8209-B7DFD266ED44} - C:\WINDOWS\system32\xolehlpjh.dll (file missing)
O21 - SSODL: slbiopfs2.dll - {EB9660D8-E1CD-4ff0-B4A9-00CD907F928A} - C:\WINDOWS\system32\slbiopfs2.dll (file missing)
O21 - SSODL: tscfgwmijxsj.dll - {2CB77746-8ECC-40ca-8217-10CA8BE5EFC8} - C:\WINDOWS\system32\tscfgwmijxsj.dll (file missing)
O21 - SSODL: cliconfgzx.dll - {7A6DF30E-D0F2-446f-B4F0-BF4232D60E07} - C:\WINDOWS\system32\cliconfgzx.dll (file missing)
O21 - SSODL: bootvidgj.dll - {D3112B69-A745-4805-874E-ABD480EA1299} - C:\WINDOWS\system32\bootvidgj.dll (file missing)
O21 - SSODL: certmgrkd.dll - {9E8287B0-0F3A-48ae-99C5-A6E0AAC36BC5} - C:\WINDOWS\system32\certmgrkd.dll (file missing)
O21 - SSODL: inetresdxc.dll - {BB4E3499-0132-4d3f-849A-2BE1B26D84E1} - C:\WINDOWS\system32\inetresdxc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
-
-
-
recommence cette opération car ça n a pas marché
http://www.commentcamarche.net/forum/affich 8292848 help j ai beaucoup de virus sur mon ordi#16
