Sujet Précédent Sujet Suivant

Besoin d aide infecté par yure.exe

Résolu
stefou38 Messages postés 81 Statut Membre -  
stefou38 Messages postés 81 Statut Membre -
Bonjour,

mon systeme a ete infecte par plusieur trojan....donc yure.exe.Apres 2 jours a passer avg anti virus, anti rootkit,anti spyware,cccleaner,ad-aware,spy bot et reg seeker me voila enfin reconnecte a internet.

Est-ce que qqun pourrais regarder mon systeme et voir si il reste encore des traces de ces satanées cochonneries.

Merci!

Voici mon hi jack

Logfile of HijackThis v1.99.1
Scan saved at 19:48: VIRUS ALERT!, on 2008-09-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02ABB69E-5A1F-499A-9E65-31D8CE97FD7B} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6AFB6F98-289C-442E-B577-5E5125C742E2} - C:\WINDOWS.0\system32\khfGaBQg.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F0DBB0F1-BBA9-47B8-86BB-BB822B61FF09} - C:\WINDOWS.0\system32\iifgdETL.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS.0\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.comboost.com/Drivers/ImageUploader5.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.comboost.com/Drivers/ImageUploader4.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: rwmvok.dll
O20 - Winlogon Notify: khfGaBQg - khfGaBQg.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS.0\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - (no file)
O21 - SSODL: mgxfebsq - {6C288283-48FC-47A2-91D6-77E14C148FEF} - (no file)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exeConfiguration: Windows XP sp2
Internet Explorer 8.0

merci!

63 réponses

Précédent
Réponse 21 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
/!\ Seul stefou38 peut suivre cette procédure /!\

1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :

KillAll::

Folder::
C:\Program Files\MSA

File::
C:\WINDOWS.0\system32\tdssadw.dll
C:\WINDOWS.0\system32\tdssl.dll
C:\WINDOWS.0\system32\tdssserf.dll
C:\WINDOWS.0\system32\tdssmain.dll
C:\WINDOWS.0\system32\tdssinit.dll
C:\WINDOWS.0\system32\tdsslog.dll
C:\WINDOWS.0\system32\tdssservers.dat
C:\WINDOWS.0\system32\drivers\tdssserv.sys
C:\WINDOWS.0\system32\tdssinit.dl_
C:\WINDOWS.0\system32\tdsslog.dl_
C:\WINDOWS.0\system32\tdssmain.dl_
C:\WINDOWS.0\system32\tdssservers.da_
C:\WINDOWS.0\system32\tdssl.dl_
C:\WINDOWS.0\system32\rwmvok.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"ISUSPM Startup"=-
"ISUSScheduler"=-
"QuickTime Task"=-
"SoundMan"=-
"nwiz"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]

---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes

2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 22 / 63
stefou38 Messages postés 81 Statut Membre
 
Et voilà...merci encore

ComboFix 08-09-11.02 - proprietaire 2008-09-12 15:57:57.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.570 [GMT -4:00]
Endroit: C:\Documents and Settings\proprietaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\proprietaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Invité\Cookies\invité@hotbar[2].txt . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-12 to 2008-09-12 ))))))))))))))))))))))))))))))))))))
.

2008-09-12 14:20 . 2008-09-12 14:20 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-09-12 14:20 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-09-12 14:20 . 2008-09-12 14:20 <REP> d-------- C:\Documents and Settings\Invité
2008-09-12 14:20 . <REP> C:\Documents and Settings\InvitÚ\Local Settings
2008-09-12 13:51 . 2008-09-12 13:51 <REP> d-------- C:\Program Files\BitTorrent
2008-09-11 21:34 . 2008-09-12 13:08 2,812 --a------ C:\WINDOWS.0\system32\tmp.reg
2008-09-11 21:25 . 2008-09-11 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\Malwarebytes
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-09-11 21:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-09-11 21:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-09-10 20:20 . 2008-09-10 20:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-09-10 12:03 . 2008-09-11 16:54 58,824 --a------ C:\WINDOWS.0\system32\tdssinit.dl_
2008-09-10 12:03 . 2008-09-10 12:03 11,264 --a------ C:\WINDOWS.0\system32\tdsslog.dl_
2008-09-10 12:03 . 2008-09-10 12:03 10,240 --a------ C:\WINDOWS.0\system32\tdssmain.dl_
2008-09-10 12:02 . 2008-09-10 12:02 174 --a------ C:\WINDOWS.0\system32\tdssservers.da_
2008-09-10 12:01 . 2008-09-11 22:59 <REP> d-------- C:\Program Files\MSA
2008-09-10 12:01 . 2008-09-10 12:03 16,896 --a------ C:\WINDOWS.0\system32\tdssl.dl_
2008-09-01 09:54 . 2008-09-12 14:01 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\BitTorrent
2008-08-24 20:39 . 2008-08-24 20:39 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\AdobeUM
2008-08-19 20:34 . 2008-08-19 20:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 20:15 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\DNA
2008-09-12 20:14 --------- d-----w C:\Program Files\DNA
2008-09-12 18:43 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\ZoomBrowser EX
2008-09-12 18:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\ZoomBrowser
2008-09-12 18:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-09-12 18:00 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Azureus
2008-09-12 17:06 1,978 ----a-w C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-09-12 01:19 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\AVG7
2008-09-11 21:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg7
2008-09-11 15:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2008-09-01 13:35 --------- d-----w C:\Program Files\Azureus
2008-08-25 00:43 --------- d-----w C:\Program Files\Anno 1701
2008-08-25 00:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 23:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 00:34 --------- d-----w C:\Program Files\Lavasoft
2008-08-20 00:34 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Lavasoft
2008-08-20 00:33 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-19 14:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-10 14:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-22 19:38 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS.0\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS.0\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS.0\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS.0\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS.0\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS.0\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS.0\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS.0\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS.0\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS.0\system32\muweb.dll
2008-07-14 00:29 715,248 ----a-w C:\WINDOWS.0\system32\drivers\sptd.sys
2008-07-14 00:26 --------- d-----w C:\Program Files\Sun
2008-07-14 00:26 --------- d-----w C:\Program Files\Java
2008-07-14 00:21 --------- d-----w C:\Program Files\Ahead
2008-07-13 13:43 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Lionhead Studios
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS.0\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS.0\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS.0\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS.0\system32\mswsock.dll
2007-11-05 02:45 47,360 ----a-w C:\Documents and Settings\proprietaire\Application Data\pcouffin.sys
2006-07-09 01:32 94,080 ----a-w C:\Documents and Settings\proprietaire\Application Data\ezplay.sys
2006-07-09 01:32 81,920 ----a-w C:\Documents and Settings\proprietaire\Application Data\ezpinst.exe
2005-02-20 01:52 240,640 ----a-w C:\Program Files\SFNightmare.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-05 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-12 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 580096]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2007-12-05 8523776]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NvMediaCenter"="C:\WINDOWS.0\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS.0\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS.0\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2004-08-05 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rwmvok.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-04-26 72624]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

BHO-{02ABB69E-5A1F-499A-9E65-31D8CE97FD7B} - (no file)
BHO-{F0DBB0F1-BBA9-47B8-86BB-BB822B61FF09} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 16:15:08
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\Documents and Settings\proprietaire\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1010 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS.0\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-12 16:20:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-12 20:20:18
ComboFix2.txt 2008-09-12 18:20:52

Pre-Run: 14,574,198,784 octets libres
Post-Run: 14,575,558,656 octets libres

182 --- E O F --- 2008-09-11 16:00:05
0
Réponse 23 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
T'as dû te tromper.
0
Réponse 24 / 63
stefou38 Messages postés 81 Statut Membre
 
j'ai oublié de fermer mon firewall et mon antivirus est-ce le problème?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 63
stefou38 Messages postés 81 Statut Membre
 
Est-ce que je recommence?
0
Réponse 26 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Le CFScript n'a pas fonctionné, recommence.
0
Réponse 27 / 63
stefou38 Messages postés 81 Statut Membre
 
voici les resultats du deuxieme essai

ComboFix 08-09-11.02 - proprietaire 2008-09-12 20:13:47.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.610 [GMT -4:00]
Endroit: C:\Documents and Settings\proprietaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\proprietaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Invité\Cookies\invité@hotbar[2].txt . . . . Echec de suppression

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-13 to 2008-09-13 ))))))))))))))))))))))))))))))))))))
.

2008-09-12 14:20 . 2008-09-12 14:20 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-09-12 14:20 . <REP> C:\Documents and Settings\PropriÚtaire\Local Settings
2008-09-12 14:20 . 2008-09-12 14:20 <REP> d-------- C:\Documents and Settings\Invité
2008-09-12 14:20 . <REP> C:\Documents and Settings\InvitÚ\Local Settings
2008-09-12 13:51 . 2008-09-12 13:51 <REP> d-------- C:\Program Files\BitTorrent
2008-09-11 21:34 . 2008-09-12 13:08 2,812 --a------ C:\WINDOWS.0\system32\tmp.reg
2008-09-11 21:25 . 2008-09-11 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\Malwarebytes
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-09-11 21:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-09-11 21:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-09-10 20:20 . 2008-09-10 20:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-09-10 12:03 . 2008-09-11 16:54 58,824 --a------ C:\WINDOWS.0\system32\tdssinit.dl_
2008-09-10 12:03 . 2008-09-10 12:03 11,264 --a------ C:\WINDOWS.0\system32\tdsslog.dl_
2008-09-10 12:03 . 2008-09-10 12:03 10,240 --a------ C:\WINDOWS.0\system32\tdssmain.dl_
2008-09-10 12:02 . 2008-09-10 12:02 174 --a------ C:\WINDOWS.0\system32\tdssservers.da_
2008-09-10 12:01 . 2008-09-11 22:59 <REP> d-------- C:\Program Files\MSA
2008-09-10 12:01 . 2008-09-10 12:03 16,896 --a------ C:\WINDOWS.0\system32\tdssl.dl_
2008-09-01 09:54 . 2008-09-12 14:01 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\BitTorrent
2008-08-24 20:39 . 2008-08-24 20:39 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\AdobeUM
2008-08-19 20:34 . 2008-08-19 20:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 00:20 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\DNA
2008-09-12 20:14 --------- d-----w C:\Program Files\DNA
2008-09-12 18:43 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\ZoomBrowser EX
2008-09-12 18:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\ZoomBrowser
2008-09-12 18:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-09-12 18:00 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Azureus
2008-09-12 17:06 1,978 ----a-w C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-09-12 01:19 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\AVG7
2008-09-11 21:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg7
2008-09-11 15:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2008-09-01 13:35 --------- d-----w C:\Program Files\Azureus
2008-08-25 00:43 --------- d-----w C:\Program Files\Anno 1701
2008-08-25 00:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 23:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 00:34 --------- d-----w C:\Program Files\Lavasoft
2008-08-20 00:34 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Lavasoft
2008-08-20 00:33 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-19 14:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-10 14:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-22 19:38 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS.0\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS.0\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS.0\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS.0\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS.0\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS.0\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS.0\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS.0\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS.0\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS.0\system32\muweb.dll
2008-07-14 00:29 715,248 ----a-w C:\WINDOWS.0\system32\drivers\sptd.sys
2008-07-14 00:26 --------- d-----w C:\Program Files\Sun
2008-07-14 00:26 --------- d-----w C:\Program Files\Java
2008-07-14 00:21 --------- d-----w C:\Program Files\Ahead
2008-07-13 13:43 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Lionhead Studios
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS.0\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS.0\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS.0\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS.0\system32\mswsock.dll
2007-11-05 02:45 47,360 ----a-w C:\Documents and Settings\proprietaire\Application Data\pcouffin.sys
2006-07-09 01:32 94,080 ----a-w C:\Documents and Settings\proprietaire\Application Data\ezplay.sys
2006-07-09 01:32 81,920 ----a-w C:\Documents and Settings\proprietaire\Application Data\ezpinst.exe
2005-02-20 01:52 240,640 ----a-w C:\Program Files\SFNightmare.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-05 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-12 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 580096]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2007-12-05 8523776]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NvMediaCenter"="C:\WINDOWS.0\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS.0\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS.0\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2004-08-05 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rwmvok.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-04-26 72624]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

BHO-{02ABB69E-5A1F-499A-9E65-31D8CE97FD7B} - (no file)
BHO-{F0DBB0F1-BBA9-47B8-86BB-BB822B61FF09} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 20:22:49
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

C:\Documents and Settings\proprietaire\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1010 bytes hidden from API

Scan termin‚ avec succŠs
Les fichiers cach‚s: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS.0\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS.0\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-12 20:28:50 - machine was rebooted [proprietaire]
ComboFix-quarantined-files.txt 2008-09-13 00:28:42
ComboFix2.txt 2008-09-12 20:20:29
ComboFix3.txt 2008-09-12 18:20:52

Pre-Run: 14,494,679,040 octets libres
Post-Run: 14,519,717,888 octets libres

182 --- E O F --- 2008-09-11 16:00:05
0
Réponse 28 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Non plus.

Essaie avec le texte suivant :

KillAll::

File::
C:\WINDOWS.0\system32\tdssadw.dll
C:\WINDOWS.0\system32\tdssl.dll
C:\WINDOWS.0\system32\tdssserf.dll
C:\WINDOWS.0\system32\tdssmain.dll
C:\WINDOWS.0\system32\tdssinit.dll
C:\WINDOWS.0\system32\tdsslog.dll
C:\WINDOWS.0\system32\tdssservers.dat
C:\WINDOWS.0\system32\drivers\tdssserv.sys
C:\WINDOWS.0\system32\tdssinit.dl_
C:\WINDOWS.0\system32\tdsslog.dl_
C:\WINDOWS.0\system32\tdssmain.dl_
C:\WINDOWS.0\system32\tdssservers.da_
C:\WINDOWS.0\system32\tdssl.dl_
C:\WINDOWS.0\system32\rwmvok.dll

Folder::
C:\Program Files\MSA

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"ISUSPM Startup"=-
"ISUSScheduler"=-
"QuickTime Task"=-
"SoundMan"=-
"nwiz"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
0
Réponse 29 / 63
stefou38 Messages postés 81 Statut Membre
 
et une autre fois

ComboFix 08-09-12.03 - proprietaire 2008-09-12 20:45:53.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.611 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\proprietaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\proprietaire\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Invité\Cookies\invité@hotbar[2].txt . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-13 au 2008-09-13 ))))))))))))))))))))))))))))))))))))
.

2008-09-12 20:39 . 2008-09-12 20:39 <REP> d-------- C:\Program Files\Encore
2008-09-12 20:38 . 2008-09-12 20:38 16 --a------ C:\WINDOWS.0\encore_launcher.ini
2008-09-12 14:20 . 2008-09-12 14:20 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-09-12 14:20 . 2008-09-12 14:20 <REP> d-------- C:\Documents and Settings\Invité
2008-09-12 13:51 . 2008-09-12 13:51 <REP> d-------- C:\Program Files\BitTorrent
2008-09-11 21:34 . 2008-09-12 13:08 2,812 --a------ C:\WINDOWS.0\system32\tmp.reg
2008-09-11 21:25 . 2008-09-11 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\Malwarebytes
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-09-11 21:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-09-11 21:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-09-10 20:20 . 2008-09-10 20:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-09-10 12:03 . 2008-09-11 16:54 58,824 --a------ C:\WINDOWS.0\system32\tdssinit.dl_
2008-09-10 12:03 . 2008-09-10 12:03 11,264 --a------ C:\WINDOWS.0\system32\tdsslog.dl_
2008-09-10 12:03 . 2008-09-10 12:03 10,240 --a------ C:\WINDOWS.0\system32\tdssmain.dl_
2008-09-10 12:02 . 2008-09-10 12:02 174 --a------ C:\WINDOWS.0\system32\tdssservers.da_
2008-09-10 12:01 . 2008-09-11 22:59 <REP> d-------- C:\Program Files\MSA
2008-09-10 12:01 . 2008-09-10 12:03 16,896 --a------ C:\WINDOWS.0\system32\tdssl.dl_
2008-09-01 09:54 . 2008-09-12 14:01 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\BitTorrent
2008-08-24 20:39 . 2008-08-24 20:39 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\AdobeUM
2008-08-19 20:34 . 2008-08-19 20:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 00:52 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\DNA
2008-09-12 20:14 --------- d-----w C:\Program Files\DNA
2008-09-12 18:43 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\ZoomBrowser EX
2008-09-12 18:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\ZoomBrowser
2008-09-12 18:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-09-12 18:00 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Azureus
2008-09-12 17:06 1,978 ----a-w C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-09-12 01:19 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\AVG7
2008-09-11 21:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg7
2008-09-11 15:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2008-09-01 13:35 --------- d-----w C:\Program Files\Azureus
2008-08-25 00:43 --------- d-----w C:\Program Files\Anno 1701
2008-08-25 00:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 23:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 00:34 --------- d-----w C:\Program Files\Lavasoft
2008-08-20 00:34 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Lavasoft
2008-08-20 00:33 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-19 14:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-10 14:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-22 19:38 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS.0\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS.0\system32\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS.0\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS.0\system32\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS.0\system32\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS.0\system32\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS.0\system32\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS.0\system32\wuaueng.dll
2008-07-19 02:07 270,880 ----a-w C:\WINDOWS.0\system32\mucltui.dll
2008-07-19 02:07 210,976 ----a-w C:\WINDOWS.0\system32\muweb.dll
2008-07-14 00:29 715,248 ----a-w C:\WINDOWS.0\system32\drivers\sptd.sys
2008-07-14 00:26 --------- d-----w C:\Program Files\Sun
2008-07-14 00:26 --------- d-----w C:\Program Files\Java
2008-07-14 00:21 --------- d-----w C:\Program Files\Ahead
2008-07-13 13:43 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Lionhead Studios
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS.0\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS.0\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS.0\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS.0\system32\mswsock.dll
2007-11-05 02:45 47,360 ----a-w C:\Documents and Settings\proprietaire\Application Data\pcouffin.sys
2006-07-09 01:32 94,080 ----a-w C:\Documents and Settings\proprietaire\Application Data\ezplay.sys
2006-07-09 01:32 81,920 ----a-w C:\Documents and Settings\proprietaire\Application Data\ezpinst.exe
2005-02-20 01:52 240,640 ----a-w C:\Program Files\SFNightmare.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-05 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-12 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 580096]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2007-12-05 8523776]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NvMediaCenter"="C:\WINDOWS.0\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS.0\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS.0\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2004-08-05 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rwmvok.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-04-26 302000]
R1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-04-26 72624]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]
.
Contenu du dossier 'Tƒches planifi‚es'
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{02ABB69E-5A1F-499A-9E65-31D8CE97FD7B} - (no file)
BHO-{F0DBB0F1-BBA9-47B8-86BB-BB822B61FF09} - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 20:55:25
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

C:\Documents and Settings\proprietaire\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1010 bytes hidden from API

Scan termin‚ avec succŠs
Fichiers cach‚s: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS.0\system32\wdfmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS.0\system32\rundll32.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\WINDOWS.0\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2008-09-12 21:01:26 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-13 01:01:18
ComboFix2.txt 2008-09-13 00:28:53
ComboFix3.txt 2008-09-12 20:20:29
ComboFix4.txt 2008-09-12 18:20:52

Avant-CF: 13,476,319,232 octets libres
Après-CF: 13,468,598,272 octets libres

183 --- E O F --- 2008-09-11 16:00:05
0
Réponse 30 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Le script se trouve ici :
https://www.mediafire.com/?sharekey=82736f917fd24eb3ab1eab3e9fa335caf6cd25fd78d8f756
0
Réponse 31 / 63
stefou38 Messages postés 81 Statut Membre
 
ComboFix 08-09-12.03 - proprietaire 2008-09-12 21:22:02.5 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.768 [GMT -4:00]
Lancé depuis: C:\Documents and Settings\proprietaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\proprietaire\Bureau\CFScript.txt

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Invité\Cookies\invité@hotbar[2].txt . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s du 2008-08-13 au 2008-09-13 ))))))))))))))))))))))))))))))))))))
.

2008-09-12 21:10 . 2008-09-12 21:10 43,520 --a------ C:\WINDOWS.0\system32\CmdLineExt03.dll
2008-09-12 20:39 . 2008-09-12 20:39 <REP> d-------- C:\Program Files\Encore
2008-09-12 20:38 . 2008-09-12 20:38 16 --a------ C:\WINDOWS.0\encore_launcher.ini
2008-09-12 14:20 . 2008-09-12 14:20 <REP> d-------- C:\Documents and Settings\Propriétaire
2008-09-12 14:20 . 2008-09-12 14:20 <REP> d-------- C:\Documents and Settings\Invité
2008-09-12 13:51 . 2008-09-12 13:51 <REP> d-------- C:\Program Files\BitTorrent
2008-09-11 21:34 . 2008-09-12 13:08 2,812 --a------ C:\WINDOWS.0\system32\tmp.reg
2008-09-11 21:25 . 2008-09-11 21:25 <REP> d-------- C:\Program Files\Trend Micro
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\Malwarebytes
2008-09-11 21:20 . 2008-09-11 21:20 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Malwarebytes
2008-09-11 21:20 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS.0\system32\drivers\mbamswissarmy.sys
2008-09-11 21:20 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS.0\system32\drivers\mbam.sys
2008-09-10 20:20 . 2008-09-10 20:21 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\AVG7
2008-09-10 12:03 . 2008-09-11 16:54 58,824 --a------ C:\WINDOWS.0\system32\tdssinit.dl_
2008-09-10 12:03 . 2008-09-10 12:03 11,264 --a------ C:\WINDOWS.0\system32\tdsslog.dl_
2008-09-10 12:03 . 2008-09-10 12:03 10,240 --a------ C:\WINDOWS.0\system32\tdssmain.dl_
2008-09-10 12:02 . 2008-09-10 12:02 174 --a------ C:\WINDOWS.0\system32\tdssservers.da_
2008-09-10 12:01 . 2008-09-11 22:59 <REP> d-------- C:\Program Files\MSA
2008-09-10 12:01 . 2008-09-10 12:03 16,896 --a------ C:\WINDOWS.0\system32\tdssl.dl_
2008-09-01 09:54 . 2008-09-12 21:17 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\BitTorrent
2008-08-24 20:39 . 2008-08-24 20:39 <REP> d-------- C:\Documents and Settings\proprietaire\Application Data\AdobeUM
2008-08-19 20:34 . 2008-08-19 20:35 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Lavasoft

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-13 01:28 2,308 ----a-w C:\WINDOWS.0\system32\drivers\fwdrv.err
2008-09-13 01:19 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\DNA
2008-09-12 20:14 --------- d-----w C:\Program Files\DNA
2008-09-12 18:43 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\ZoomBrowser EX
2008-09-12 18:42 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\ZoomBrowser
2008-09-12 18:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Spybot - Search & Destroy
2008-09-12 18:00 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Azureus
2008-09-12 01:19 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\AVG7
2008-09-11 21:21 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\avg7
2008-09-11 15:58 --------- d-----w C:\Documents and Settings\All Users.WINDOWS.0\Application Data\Microsoft Help
2008-09-01 13:35 --------- d-----w C:\Program Files\Azureus
2008-08-25 00:43 --------- d-----w C:\Program Files\Anno 1701
2008-08-25 00:18 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-24 23:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 00:34 --------- d-----w C:\Program Files\Lavasoft
2008-08-20 00:34 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Lavasoft
2008-08-20 00:33 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-08-19 14:42 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-10 14:03 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-07-22 19:38 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-07-14 00:29 715,248 ----a-w C:\WINDOWS.0\system32\drivers\sptd.sys
2008-07-14 00:26 --------- d-----w C:\Program Files\Sun
2008-07-14 00:26 --------- d-----w C:\Program Files\Java
2008-07-14 00:21 --------- d-----w C:\Program Files\Ahead
2008-07-13 13:43 --------- d-----w C:\Documents and Settings\proprietaire\Application Data\Lionhead Studios
2007-11-05 02:45 47,360 ----a-w C:\Documents and Settings\proprietaire\Application Data\pcouffin.sys
2006-07-09 01:32 94,080 ----a-w C:\Documents and Settings\proprietaire\Application Data\ezplay.sys
2006-07-09 01:32 81,920 ----a-w C:\Documents and Settings\proprietaire\Application Data\ezpinst.exe
2005-02-20 01:52 240,640 ----a-w C:\Program Files\SFNightmare.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\ctfmon.exe" [2004-08-05 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 222080]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-09-12 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-27 580096]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-30 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 267064]
"NvCplDaemon"="C:\WINDOWS.0\system32\NvCpl.dll" [2007-12-05 8523776]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"NvMediaCenter"="C:\WINDOWS.0\system32\NvMcTray.dll" [2007-12-05 81920]
"NeroFilterCheck"="C:\WINDOWS.0\system32\NeroCheck.exe" [2001-07-09 155648]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 C:\WINDOWS.0\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS.0\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS.0\system32\CTFMON.EXE" [2004-08-05 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-23 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=rwmvok.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Anno 1701\\Anno1701.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 fwdrv;Firewall Driver;C:\WINDOWS.0\system32\drivers\fwdrv.sys [2007-04-26 302000]
S1 khips;Kerio HIPS Driver;C:\WINDOWS.0\system32\drivers\khips.sys [2007-04-26 72624]
S2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe [2007-04-26 1234480]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3588b2c-015a-11dc-8b28-001109bc4dc5}]
\Shell\AutoRun\command - E:\launcher.exe
.
Contenu du dossier 'Tƒches planifi‚es'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 21:29:18
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cach‚s ...

Recherche d'‚l‚ments en d‚marrage automatique cach‚s ...

Recherche de fichiers cach‚s ...

C:\Documents and Settings\proprietaire\Local Settings\Application Data\Microsoft\Windows\GameExplorer\{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}\PlayTasks\1\Les Sims™ 2 : Boit@Look.lnk 1010 bytes hidden from API

Scan termin‚ avec succŠs
Fichiers cach‚s: 1

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
.
**************************************************************************
.
Heure de fin: 2008-09-12 21:34:15 - La machine a red‚marr‚
ComboFix-quarantined-files.txt 2008-09-13 01:34:04
ComboFix2.txt 2008-09-13 01:01:29
ComboFix3.txt 2008-09-13 00:28:53
ComboFix4.txt 2008-09-12 20:20:29
ComboFix5.txt 2008-09-13 01:21:48

Avant-CF: 13,458,669,568 octets libres
Après-CF: 13,453,524,992 octets libres

154 --- E O F --- 2008-09-11 16:00:05
0
Réponse 32 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge OTMoveIt2 à partir du lien ci-dessous :
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

---> Enregistre le fichier sur le Bureau.

---> Double-clique sur le fichier OTMoveIt2.exe pour lancer l'outil.
Assure-toi que la case Unregister Dll's and Ocx's soit bien cochée.

---> Copie l'intégralité du texte ci-dessous et colle-le dans la fenêtre intitulée Paste List Of Files/Folders to Move.

C:\Program Files\MSA
C:\WINDOWS.0\system32\tdssadw.dll
C:\WINDOWS.0\system32\tdssl.dll
C:\WINDOWS.0\system32\tdssserf.dll
C:\WINDOWS.0\system32\tdssmain.dll
C:\WINDOWS.0\system32\tdssinit.dll
C:\WINDOWS.0\system32\tdsslog.dll
C:\WINDOWS.0\system32\tdssservers.dat
C:\WINDOWS.0\system32\drivers\tdssserv.sys
C:\WINDOWS.0\system32\tdssinit.dl_
C:\WINDOWS.0\system32\tdsslog.dl_
C:\WINDOWS.0\system32\tdssmain.dl_
C:\WINDOWS.0\system32\tdssservers.da_
C:\WINDOWS.0\system32\tdssl.dl_
C:\WINDOWS.0\system32\rwmvok.dll

---> Clique sur MoveIt! pour lancer la suppression.
Lorsqu'un résultat apparaît dans le cadre Results, clique sur Exit.

Note : Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.

---> Poste le rapport de OTMoveIt qui se trouve dans C:\_OTMoveIt\MovedFiles.
0
Réponse 33 / 63
stefou38 Messages postés 81 Statut Membre
 
C:\Program Files\MSA moved successfully.
File/Folder C:\WINDOWS.0\system32\tdssadw.dll not found.
File/Folder C:\WINDOWS.0\system32\tdssl.dll not found.
File/Folder C:\WINDOWS.0\system32\tdssserf.dll not found.
File/Folder C:\WINDOWS.0\system32\tdssmain.dll not found.
File/Folder C:\WINDOWS.0\system32\tdssinit.dll not found.
File/Folder C:\WINDOWS.0\system32\tdsslog.dll not found.
File/Folder C:\WINDOWS.0\system32\tdssservers.dat not found.
File/Folder C:\WINDOWS.0\system32\drivers\tdssserv.sys not found.
C:\WINDOWS.0\system32\tdssinit.dl_ moved successfully.
C:\WINDOWS.0\system32\tdsslog.dl_ moved successfully.
C:\WINDOWS.0\system32\tdssmain.dl_ moved successfully.
C:\WINDOWS.0\system32\tdssservers.da_ moved successfully.
C:\WINDOWS.0\system32\tdssl.dl_ moved successfully.
File/Folder C:\WINDOWS.0\system32\rwmvok.dll not found.
File/Folder not found.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09122008_214835
0
Réponse 34 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Poste un nouveau rapport HijackThis.
0
Réponse 35 / 63
stefou38 Messages postés 81 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:51, on 2008-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS.0\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.comboost.com/Drivers/ImageUploader5.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.comboost.com/Drivers/ImageUploader4.cab
O20 - AppInit_DLLs: rwmvok.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 36 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Tu as la version 7 d'AVG. Installe la version 8.
0
Réponse 37 / 63
stefou38 Messages postés 81 Statut Membre
 
c'est installé
0
Réponse 38 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Rapport HJT ?
0
Réponse 39 / 63
stefou38 Messages postés 81 Statut Membre
 
voilà voilà

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:13:58, on 2008-09-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS.0\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS.0\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS.0\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS.0\system32\RUNDLL32.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.canoe.qc.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS.0\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS.0\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS.0\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\SanDisk\SanDisk TransferMate\SD Monitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\WINDOWS.0\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.comboost.com/Drivers/ImageUploader5.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.comboost.com/Drivers/ImageUploader4.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: rwmvok.dll,avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS.0\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
0
Réponse 40 / 63
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup

O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.comboost.com/Drivers/ImageUploader5.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.comboost.com/Drivers/ImageUploader4.cab

O20 - AppInit_DLLs: rwmvok.dll,avgrsstx.dll

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Réinstalle AVG8

---> Redémarre ton PC et poste un dernier rapport HijackThis
0

Discussions similaires

infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses
simon
sisititi -
azert1313 -

1 réponse
Powershell infecté
Bal2bin -
MisteryBean -

8 réponses
Infecté ?
rifigames -
rifigames -

6 réponses