Virus se généralisant Fermé

Question

Bonjour à tous,
Depuis quelques jours, j'ai observé quelques phénomènes étrangers sur mon PC je m'explique:
Tout d'abord au niveau de mes processus, lorsque je vais dans mon gestionnaire des tâches il m'est possible de constater qu'il y a en permanence et ce dès le lancement du PC 2 processus iexplorer bien que je n'utilise jamais ce navigateur (je tourne avec Firefox V.3). Je peux si je le souhaite les supprimer manuellement mais ils reviennent aléatoirement au bout d'un petit moment (si j'en supprimé qu'un seul, il revient immédiatement); ils sont de plus assez gourmands au niveau de la RAM puisqu'ils bouffent à eux 2 parfois jusqu'à 200Mo !!!! (ce qui est génant pour un processus que je ne demande pas et qui se met en place tout seul).
Ensuite j'ai pu repérer un problème au niveau de l'explorer qui prend aussi pas mal de RAM sans qu'aucune tâche spécifiques ne soient lancée (environ 150Mo bien qu'au démarrage il soit à 30/40 ce qui me semble normal).
Lors des démarrage, le PC reste plus longtemps qu'avant sur "l'image" BIENVENU (cela à t-il un rapport avec le reste ? ,je n'en sais rien).
Je pense qu'il s'agit d'un virus puisqu'auparavant il n'y avais aucun problème à ce niveau là (pas d'iexplorer sans raison et un explorer stable).
J'ai bien sur fait une analyse complete du mon PC avec mon antivirus (BITDEFENDER, à jour) mais il ne me trouve rien.
Mon pare-feu Windows se désactive également automatiquement à chaque redémarrage ce qui est également' à mon sens, lier à l'ensemble de mon problème !
Voilà pour ce qui est de mon problème, en espérant que quelqu'un puisse me donner des pistes pour le résoudre ! 
Merci d'avance !

archet9 · Answer

bonsoir
Commence par poster un rapport HijackThis stp, 
>Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis 
- Lance le programme, puis sélectionne < do a system scan and save a logfile > 
- Enregistre le rapport sur ton bureau. 
Et envoie, par copier/coller, ton log Hijackthis sur le forum, 


A+ 

Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Sloubi76 · Answer

Bonsoir Pierre5012

Pour e problème du pare feu désactivé :
  * Téléchargez EnableFirewall.reg et dézippez le sur votre bureau,
	http://informatruc2.free.fr/bdr/enablefirewall.rar
    * Double cliquez sur EnableFirewall.reg pour l'exécuter et acceptez la fusion au registre.

    * Redémarrez le pc

      Réactivez le service :
    * Par le menu Démarrer / Exécuter (ou touche Windows et R)

          o Tapez services.msc
          o Double cliquez sur Pare-feu Windows / Partage de connexion Internet
          o Cliquez sur "Démarrer"
          o Définissez le Type de démarrage en "Automatique"
          o Cliquez sur Appliquer et fermez la console

      Vérifiez ensuite que le parefeu est bien activé :

    * Par le menu Démarrer / Exécuter (ou touche Windows et R)

          o Tapez Firewall.cpl
          o Cochez la case Activé puis cliquez sur Ok

Ensuite
Télécharge HijackThis ici :

-> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

-> http://pageperso.aol.fr/balltrap34/Hijenr.gif

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

Renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en CCM.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes.
 
Lance Hitjack this
Do a system scan and save a log file

Enfin
Télécharge et installe Malwarebyte's Anti-Malware :
 http://www.malwarebytes.org/mbam/program/mbam-setup.exe

- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme

Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle

Lance Malwarebyte's Anti-Malware
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection
- S'il t'es demandé de redémarrer, clique sur Yes
Et poste ce deuxième rapport.

@ + 

Post le rapport généré ici stp...

Pierre5012 · Answer

Tout d'abord merci à vous 2 pour cette aide rapide et concise !
Voilà pour ce qui est du rapport avec Hikackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:53, on 23/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32undll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pierre\Bureau\analyse.exe

O2 - BHO: (no name) - {023C9EAC-C0E0-439F-902C-CEBA40CA0D09} - C:\WINDOWS\system32\bntukwxv.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {09C72999-5C10-41A3-A524-24661D942003} - C:\WINDOWS\system32\fccAtTkH.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {895FF8CA-2874-41E7-AE4C-3E7B0D14CE4A} - C:\WINDOWS\system32\efcYRJcY.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {cfa105c0-edbf-86da-7124-439ff97210fe} - {ef01279f-f934-4217-ad68-fbde0c501afc} - C:\WINDOWS\system32\dhpmnb.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [upload curb default new] C:\Documents and Settings\All Users\Application Data\Lies shim upload curb\64 bone.exe
O4 - HKLM\..\Run: [d0f50cdf] rundll32.exe "C:\WINDOWS\system32\pbgvuuvm.dll",b
O4 - HKLM\..\Run: [BMd3c63f43] Rundll32.exe "C:\WINDOWS\system32\qoiteshe.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [second htm] C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\GlobalOnce.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fccAtTkH - C:\WINDOWS\SYSTEM32\fccAtTkH.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

PLUTO · Answer

Salut,

Très bonne analyse à mon goût, et je pense que tu as parfaitement raison sur l'origine de tes problèmes.
Pour ma part je ne travail qu'avec logiciel anti virus Avira AntiVir Personal et avast.
A ta place je téléchargerais ces 2 antivirus et les lancerais avast te demanderas même un scan au démarage.
Ce qui te permettras de faire le point.

jlpjlp · Answer

slt 
a tous 

sur demande je passe

il y a une infection vundo je pense ici:

O2 - BHO: (no name) - {09C72999-5C10-41A3-A524-24661D942003} - C:\WINDOWS\system32\fccAtTkH.dll
O2 - BHO: (no name) - {895FF8CA-2874-41E7-AE4C-3E7B0D14CE4A} - C:\WINDOWS\system32\efcYRJcY.dll
O2 - BHO: {cfa105c0-edbf-86da-7124-439ff97210fe} - {ef01279f-f934-4217-ad68-fbde0c501afc} - C:\WINDOWS\system32\dhpmnb.dll
O20 - Winlogon Notify: fccAtTkH - C:\WINDOWS\SYSTEM32\fccAtTkH.dll 


aussi ceci

O4 - HKLM\..\Run: [d0f50cdf] rundll32.exe "C:\WINDOWS\system32\pbgvuuvm.dll",b
O4 - HKLM\..\Run: [BMd3c63f43] Rundll32.exe "C:\WINDOWS\system32\qoiteshe.dll",s


et lop ici

O4 - HKLM\..\Run: [upload curb default new] C:\Documents and Settings\All Users\Application Data\Lies shim upload curb\64 bone.exe
O4 - HKCU\..\Run: [second htm] C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\GlobalOnce.exe











donc effectivement passer malwarebyte antimalware efficace contre vundo

puis 



télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 


déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 




puis pour lop:


tu télécharge Lop S&D.exe sur ton Bureau.https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2 

* Double-clique dessus pour lancer l'installation 
* Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau 
* Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche) 
* Patiente jusqu'à la fin du scan 
* Poste le rapport généré (C:\lopR.txt)



bonne continuation

Pierre5012 · Answer

Voici le résultat avec Malwarebytes' Anti-Malware: (1er résultat)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Pierre\Bureau\backups\backup-20080922-193226-373.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177731.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177831.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177832.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177844.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177845.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177846.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177847.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177848.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177849.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177851.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177852.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177853.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177855.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\djwffxon.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\elkojxfh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\igjiqqjc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lsowpmki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32
mquvida.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32wejryqu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\boeywc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\flsawh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jainjslf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\TDSSevri.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSShpue.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSjjsm.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSjujy.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSqimh.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSjcxe.sys (Rootkit.Agent) -> No action taken.


2nd rapport:
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Pierre\Bureau\backups\backup-20080922-193226-373.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177832.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177844.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177845.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177846.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177847.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177849.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177852.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177853.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djwffxon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\elkojxfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igjiqqjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsowpmki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
mquvida.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32wejryqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\boeywc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flsawh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jainjslf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSevri.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShpue.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSjjsm.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSjujy.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqimh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSjcxe.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Voila pour ce qui est de l'analyse avec ce logiciel, je ferais le reste dans la journée, merci beaucoup pour votre aide très précieuse !!!

Pierre5012 · Answer

Voici le résultat avec Malwarebytes' Anti-Malware: (1er résultat)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Pierre\Bureau\backups\backup-20080922-193226-373.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177731.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177831.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177832.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177844.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177845.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177846.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177847.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177848.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177849.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177851.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177852.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177853.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177855.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\djwffxon.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\elkojxfh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\igjiqqjc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lsowpmki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32
mquvida.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32wejryqu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\boeywc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\flsawh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jainjslf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\TDSSevri.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSShpue.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSjjsm.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSjujy.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSqimh.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSjcxe.sys (Rootkit.Agent) -> No action taken.


2nd rapport:
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Pierre\Bureau\backups\backup-20080922-193226-373.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177832.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177844.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177845.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177846.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177847.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177849.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177852.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177853.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djwffxon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\elkojxfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igjiqqjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsowpmki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
mquvida.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32wejryqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\boeywc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flsawh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jainjslf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSevri.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShpue.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSjjsm.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSjujy.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqimh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSjcxe.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Voila pour ce qui est de l'analyse avec ce logiciel, je ferais le reste dans la journée, merci beaucoup pour votre aide très précieuse !!!

Pierre5012 · Answer

Voici le résultat avec Malwarebytes' Anti-Malware: (1er résultat)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Pierre\Bureau\backups\backup-20080922-193226-373.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177731.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177831.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177832.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177844.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177845.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177846.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177847.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177848.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177849.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177851.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177852.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177853.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177855.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\djwffxon.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\elkojxfh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\igjiqqjc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lsowpmki.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32
mquvida.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32wejryqu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\boeywc.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\flsawh.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\jainjslf.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\TDSSevri.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSShpue.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSjjsm.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSjujy.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\TDSSqimh.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSjcxe.sys (Rootkit.Agent) -> No action taken.


2nd rapport:
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 29

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoftdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Pierre\Bureau\backups\backup-20080922-193226-373.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177731.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177831.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177832.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177844.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177845.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177846.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177847.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177849.dll (Trojan.Vundo) -> Delete on reboot.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177852.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177853.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{CB29F48C-E04F-4444-BF69-E7D384CE71E5}\RP101\A0177855.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\djwffxon.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\elkojxfh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igjiqqjc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lsowpmki.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
mquvida.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32wejryqu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\boeywc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\flsawh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jainjslf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSevri.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSShpue.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSjjsm.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSjujy.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSqimh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSjcxe.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Voila pour ce qui est de l'analyse avec ce logiciel, je ferais le reste dans la journée, merci beaucoup pour votre aide très précieuse !!!

Pierre5012 · Answer

L'analyse étant faite, je te donne le résultat de l'analyse avec,dans un premier temps ComboFix puis la nouvelle analyse faite avec Hijack this: ComboFix 08-09-22.06 - Pierre 2008-09-24 7:03:06.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1226 [GMT 2:00] Lancé depuis: C:\Documents and Settings\Pierre\Bureau\ComboFix.exe * Un nouveau point de restauration a été créé [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Legacy_TDSSSERV -------\Service_Iprip -------\Service_TDSSserv ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-24 au 2008-09-24 )))))))))))))))))))))))))))))))))))) . 2008-09-23 22:04 . 2008-08-10 12:59 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-09-23 22:04 . 2008-08-10 12:59 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-09-23 22:04 . 2008-08-10 12:08 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-09-23 22:04 . 2008-08-10 12:59 d-------- C:\Documents and Settings\Administrateur\Mes documents 2008-09-23 22:04 . 2008-08-10 12:59 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-09-23 22:04 . 2008-08-10 12:59 d-------- C:\Documents and Settings\Administrateur\Favoris 2008-09-23 22:04 . 2008-09-24 02:54 d-------- C:\Documents and Settings\Administrateur\Bureau 2008-09-23 22:04 . 2008-09-23 22:04 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-09-23 22:04 . 2008-09-23 22:04 d-------- C:\Documents and Settings\Administrateur 2008-09-23 21:50 . 2008-09-23 21:50 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-23 21:50 . 2008-09-23 21:50 d-------- C:\Documents and Settings\Pierre\Application Data\Malwarebytes 2008-09-23 21:50 . 2008-09-23 21:50 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-09-23 21:50 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-23 21:50 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-22 22:06 . 2008-09-22 22:28 1,048,701 ---hs---- C:\WINDOWS\system32\kiciepho.ini 2008-09-22 21:35 . 2008-09-22 21:42 d-------- C:\Program Files\Navilog1 2008-09-22 19:58 . 2008-09-22 19:58 d-------- C:\Program Files\CCleaner 2008-09-22 19:07 . 2008-09-22 22:03 1,023,296 ---hs---- C:\WINDOWS\system32\cxoyhhfj.ini 2008-09-21 14:07 . 2008-09-21 14:07 d-------- C:\Program Files\pileproxymeal 2008-09-21 11:02 . 2008-09-22 19:06 1,023,116 ---hs---- C:\WINDOWS\system32\jiopysla.ini 2008-09-20 15:21 . 2008-09-21 10:53 989,384 ---hs---- C:\WINDOWS\system32\jijdjham.ini 2008-09-20 11:57 . 2008-09-20 11:57 303 --a------ C:\WINDOWS\doom3.ini 2008-09-18 16:49 . 2008-09-18 16:49 d-------- C:\Documents and Settings\LocalService\Application Data\TeamViewer 2008-09-17 21:59 . 2008-09-17 21:59 d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies 2008-09-13 22:30 . 2008-09-22 20:52 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-09-13 20:20 . 2008-09-13 20:20 d-------- C:\WINDOWS\Sun 2008-09-13 12:01 . 2008-09-13 12:01 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI 2008-09-13 12:00 . 2008-09-14 01:04 d-------- C:\Documents and Settings\Pierre\Application Data\Ahead 2008-09-13 11:59 . 2008-09-13 11:59 d-------- C:\Documents and Settings\All Users\Application Data\Ahead 2008-09-13 11:18 . 2008-09-13 11:18 d-------- C:\Program Files\Nero 2008-09-13 11:18 . 2008-09-13 11:19 d-------- C:\Program Files\Fichiers communs\Ahead 2008-09-13 11:18 . 2008-09-13 11:18 d-------- C:\Documents and Settings\All Users\Application Data\Nero 2008-09-07 18:42 . 2008-07-12 08:18 3,851,784 --a------ C:\WINDOWS\system32\D3DX9_39.dll 2008-09-07 18:41 . 2008-09-07 18:41 d-------- C:\WINDOWS\Logs 2008-09-07 17:07 . 2008-09-21 14:08 d-------- C:\Documents and Settings\All Users\Application Data\Lies shim upload curb 2008-09-07 17:06 . 2008-09-07 17:07 d-------- C:\Program Files\BitDownload 2008-09-07 17:06 . 2008-09-21 14:09 d-------- C:\Documents and Settings\Pierre\Application Data\pileproxymeal 2008-09-06 22:59 . 2008-09-06 22:59 d-------- C:\Program Files\Windows Media Connect 2 2008-09-06 22:59 . 2008-04-13 19:33 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-09-06 22:58 . 2008-09-06 22:58 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-09-05 18:19 . 2007-04-09 13:23 28,040 --a------ C:\WINDOWS\system32\mdimon.dll 2008-09-05 18:19 . 2008-09-05 18:19 385 --a------ C:\WINDOWS\ODBC.INI 2008-09-05 18:16 . 2008-09-05 18:18 d-------- C:\WINDOWS\SHELLNEW 2008-09-05 18:16 . 2008-09-05 18:16 d-------- C:\Program Files\Microsoft.NET 2008-09-04 20:56 . 2008-09-04 20:56 d-------- C:\Documents and Settings\Pierre\Incomplete 2008-09-04 20:56 . 2008-09-06 22:50 d-------- C:\Documents and Settings\Pierre\Application Data\LimeWire 2008-09-04 20:55 . 2008-09-04 20:55 d-------- C:\Program Files\Java 2008-09-04 20:55 . 2007-07-12 02:22 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-09-04 20:54 . 2008-09-14 02:20 d-------- C:\Program Files\LimeWire 2008-09-04 20:54 . 2008-09-04 20:54 d-------- C:\Program Files\Fichiers communs\Java 2008-09-01 18:57 . 2008-09-01 18:57 d-------- C:\Program Files\Hamachi 2008-09-01 18:57 . 2008-09-02 19:15 d-------- C:\Documents and Settings\Pierre\Application Data\Hamachi 2008-09-01 18:57 . 2008-09-01 18:57 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-08-30 20:42 . 2008-08-30 20:42 d-------- C:\Program Files\RivaTuner v2.08 2008-08-30 20:07 . 2008-08-30 20:07 305 --a------ C:\WINDOWS\game.ini 2008-08-30 18:36 . 2008-08-30 18:36 d--hs---- C:\WINDOWS\ftpcache 2008-08-30 16:42 . 2008-08-30 16:42 268 --ah----- C:\sqmdata01.sqm 2008-08-30 16:42 . 2008-08-30 16:42 244 --ah----- C:\sqmnoopt01.sqm 2008-08-30 15:47 . 2008-08-30 15:47 d-------- C:\Program Files\mp3DirectCut 2008-08-30 13:28 . 2008-08-30 13:28 268 --ah----- C:\sqmdata00.sqm 2008-08-30 13:28 . 2008-08-30 13:28 244 --ah----- C:\sqmnoopt00.sqm 2008-08-27 21:53 . 2008-08-27 21:53 d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-08-27 19:50 . 2008-08-27 19:50 d-------- C:\Program Files\TeamViewer3 2008-08-27 19:50 . 2008-08-27 19:50 d-------- C:\Documents and Settings\Pierre emp 2008-08-27 19:50 . 2008-08-27 19:50 d-------- C:\Documents and Settings\Pierre\Application Data\TeamViewer 2008-08-26 20:40 . 2008-07-26 12:48 195,235 --a------ C:\WINDOWS\system32 vapps.nvb 2008-08-26 20:39 . 2008-08-26 20:41 d-------- C:\WINDOWS view 2008-08-26 20:39 . 2008-07-26 12:48 446,464 --a------ C:\WINDOWS\system32 vudisp.exe 2008-08-26 20:39 . 2008-09-24 07:06 190,164 --a------ C:\WINDOWS\system32 vapps.xml 2008-08-26 20:39 . 2008-07-26 12:48 18,335 --a------ C:\WINDOWS\system32 vdisp.nvu 2008-08-26 20:38 . 2008-07-23 15:24 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE 2008-08-26 16:48 . 2008-08-26 16:49 d-------- C:\Program Files\RivaTuner v2.09 2008-08-26 16:33 . 2008-08-26 16:33 d-------- C:\WINDOWS\system32\Futuremark 2008-08-26 16:33 . 2008-08-26 16:33 262,144 --a------ C:\WINDOWS\system32\wrap_oal.dll 2008-08-26 16:33 . 2008-08-26 16:33 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll 2008-08-26 16:33 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys 2008-08-26 16:33 . 1999-11-02 10:01 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd 2008-08-26 16:33 . 2004-06-22 15:44 5,632 --a------ C:\WINDOWS\system32\drivers\Entech64.sys 2008-08-26 16:33 . 2001-11-19 19:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys 2008-08-26 16:32 . 2008-08-26 16:32 d-------- C:\Program Files\Futuremark 2008-08-26 16:31 . 2008-08-26 16:32 d-------- C:\Program Files\ATITool 2008-08-26 12:47 . 2008-08-26 12:47 d--h----- C:\WINDOWS\PIF 2008-08-24 02:42 . 2008-08-24 02:42 d-------- C:\Program Files\Valvesoftware . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-24 05:04 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-09-22 20:38 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Skype 2008-09-22 17:08 --------- d-----w C:\Documents and Settings\Pierre\Application Data\skypePM 2008-09-20 14:07 --------- d-----w C:\Documents and Settings\Pierre\Application Data eamspeak2 2008-09-20 12:55 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-09-20 09:57 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-18 16:08 --------- d-----w C:\Program Files\Windows Live 2008-09-07 16:52 --------- d-----w C:\Program Files\DivX 2008-09-07 15:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-01 18:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited 2008-08-30 18:08 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2008-08-30 18:08 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-08-30 18:08 22,328 ----a-w C:\Documents and Settings\Pierre\Application Data\PnkBstrK.sys 2008-08-30 18:08 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-08-26 10:42 16,608 ----a-w C:\WINDOWS\gdrv.sys 2008-08-25 15:58 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-08-24 15:07 --------- d-----w C:\Program Files\TVAnts 2008-08-23 10:51 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Apple Computer 2008-08-22 23:56 --------- d-----w C:\Program Files\Teamspeak2_RC2 2008-08-22 16:59 --------- d-----w C:\Program Files\Fichiers communs\Stardock 2008-08-22 16:41 81,920 ------r C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe 2008-08-22 16:41 --------- d-----w C:\Program Files\Logitech 2008-08-22 16:40 --------- d-----w C:\Program Files\Fichiers communs\Logitech 2008-08-22 16:39 --------- d-----w C:\Program Files\Fichiers communs\InstallShield 2008-08-21 21:43 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Bioshock 2008-08-19 16:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-08-19 16:01 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-08-19 15:31 --------- d-----w C:\Program Files\Fichiers communs\Macrovision Shared 2008-08-18 18:29 --------- d-----w C:\Documents and Settings\Pierre\Application Data\TVU Networks 2008-08-18 18:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\TVU Networks 2008-08-18 18:10 --------- d-----w C:\Program Files\adslTV 2008-08-17 18:31 --------- d-----w C:\Documents and Settings\Pierre\Application Data\vghd 2008-08-17 18:19 152,920 ----a-w C:\WINDOWS\system32\vghd.scr 2008-08-17 17:55 --------- d-----w C:\Documents and Settings\Pierre\Application Data\FMZilla 2008-08-16 15:14 20,747 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys 2008-08-16 15:13 --------- d-----w C:\Program Files\ASUS 2008-08-15 22:44 --------- d-----w C:\Program Files\MSXML 4.0 2008-08-15 14:12 --------- d-----w C:\Documents and Settings\Pierre\Application Data\vlc 2008-08-15 11:47 --------- d-----w C:\Program Files\Apple Software Update 2008-08-15 11:32 --------- d-----w C:\Program Files\Stardock 2008-08-15 09:37 --------- d-----w C:\Program Files\iTunes 2008-08-15 09:37 --------- d-----w C:\Program Files\iPod 2008-08-15 09:31 --------- d-----w C:\Program Files\Safari 2008-08-14 22:25 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller 2008-08-14 22:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-08-14 19:02 --------- d-----w C:\Program Files\Skype 2008-08-14 19:01 --------- d-----w C:\Program Files\Fichiers communs\Skype 2008-08-14 19:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-08-14 14:32 --------- d-----w C:\Program Files\Google 2008-08-14 12:28 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Bitdefender 2008-08-14 12:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender 2008-08-14 12:27 --------- d-----w C:\Program Files\Softwin 2008-08-14 12:27 --------- d-----w C:\Program Files\Fichiers communs\Softwin 2008-08-13 15:13 --------- d-----w C:\Program Files\Steam 2008-08-12 07:59 --------- d-----w C:\Program Files\AxBx 2008-08-11 21:34 --------- d-----w C:\Program Files\Bonjour 2008-08-11 21:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-11 21:33 --------- d-----w C:\Program Files\Fichiers communs\Apple 2008-08-11 21:24 --------- d-----w C:\Program Files\QuickTime 2008-08-11 21:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-08-11 21:21 --------- d-----w C:\Documents and Settings\Pierre\Application Data\DivX 2008-08-11 16:06 --------- d-----w C:\Program Files\VideoLAN 2008-08-11 12:24 --------- d--h--r C:\Documents and Settings\Pierre\Application Data\SecuROM 2008-08-11 12:23 669,184 ----a-w C:\WINDOWS\system32\pbsvc.exe 2008-08-11 08:41 --------- d-----w C:\Program Files\GIGABYTE 2008-08-10 19:44 --------- d-----w C:\Documents and Settings\Pierre\Application Data\Ubisoft 2008-08-10 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-08-10 15:56 --------- d-----w C:\Program Files\Alcohol Soft 2008-08-10 15:53 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-08-10 15:36 --------- d-----w C:\Program Files\My Company Name 2008-08-10 10:43 --------- d-----w C:\Documents and Settings\Pierre\Application Data\AdobeUM 2008-08-10 10:26 --------- d-----w C:\Program Files\Realtek 2008-08-10 10:26 --------- d-----w C:\Documents and Settings\Pierre\Application Data\InstallShield 2008-08-10 10:24 315,392 ----a-w C:\WINDOWS\HideWin.exe 2008-08-10 10:22 --------- d-----w C:\Program Files\Intel 2008-08-10 10:12 --------- d-----w C:\Program Files\microsoft frontpage 2008-08-10 10:09 --------- d-----w C:\Program Files\Services en ligne 2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll 2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll 2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll 2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-07-23 16:50 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-07-23 16:50 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe 2008-07-23 16:50 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll 2008-07-12 06:18 1,493,528 ----a-w C:\WINDOWS\system32\D3DCompiler_39.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-13 1695232] "second htm"="C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\GlobalOnce.exe" [2008-09-21 481280] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696] "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 116040] "BDMCon"="C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe" [2007-04-02 290816] "BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "Control Center"="C:\Program Files\ASUS\WLAN Card Utilities\Center.exe" [2006-03-02 1667584] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-07-26 13570048] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-07-26 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496] "NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "upload curb default new"="C:\Documents and Settings\All Users\Application Data\Lies shim upload curb\64 bone.exe" [2008-09-24 5715456] "RTHDCPL"="RTHDCPL.EXE" [2008-05-07 C:\WINDOWS\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-07-26 C:\WINDOWS\system32 wiz.exe] "Logitech Utility"="Logi_MwX.Exe" [2003-03-04 C:\WINDOWS\LOGI_MWX.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-13 15360] C:\Documents and Settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-22 3450608] C:\Documents and Settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-22 3450608] C:\Documents and Settings\Pierre\Menu D‚marrer\Programmes\D‚marrage\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-08-22 3450608] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=sockspy.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe"= "%windir%\system32\sessmgr.exe"= "D:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"= "D:\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"= "D:\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"= "D:\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe"= "D:\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe"= "C:\WINDOWS\system32\PnkBstrA.exe"= "C:\WINDOWS\system32\PnkBstrB.exe"= "D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"= "D:\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"= "D:\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"= "C:\Program Files\Bonjour\mDNSResponder.exe"= "D:\Steam\SteamApps\pierre_georgel_911\day of defeat source\hl2.exe"= "D:\Steam\Steam.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\iTunes\iTunes.exe"= "C:\Program Files\TVAnts\Tvants.exe"= "D:\Steam\SteamApps\pierre_georgel_911\team fortress 2\hl2.exe"= "C:\Program Files\Valvesoftware\The Orange Box\team fortress 2\hl2.exe"= "C:\WINDOWS\system32\rtcshare.exe"= "D:\Sierra\FEAR\FEAR.exe"= "D:\Microsoft Games\Halo\halo.exe"= "D:\GTR2\GTR2.exe"= "D:\Steam\SteamApps\pierre_georgel_911\counter-strike source\hl2.exe"= "C:\Program Files\LimeWire\LimeWire.exe"= "C:\Program Files\TeamViewer3\TeamViewer.exe"= "C:\Program Files\Skype\Phone\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3587:TCP"= 3587:TCP:Groupement homologue Windows "3540:UDP"= 3540:UDP:Protocole PNRP (Peer Name Resolution Protocol) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\system32\ASNDIS5.SYS [2002-09-09 16269] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2007-02-02 71040] R3 teamviewervpn;TeamViewer VPN Adapter;C:\WINDOWS\system32\DRIVERS eamviewervpn.sys [2008-01-25 25088] S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 p2psvc;Réseau homologue;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\System32\svchost.exe [2008-04-13 14336] S3 tat;tat;C:\Program Files at at.sys [ ] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . Contenu du dossier 'Tâches planifiées' . - - - - ORPHELINS SUPPRIMES - - - - Notify-WgaLogon - (no file) . ------- Examen supplémentaire ------- . FireFox -: Profile - C:\Documents and Settings\Pierre\Application Data\Mozilla\Firefox\Profiles\971815yg.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser ppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins pitunes.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-24 07:06:08 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\system32 cpsvcs.exe C:\WINDOWS\system32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32 undll32.exe C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe . ************************************************************************** . Heure de fin: 2008-09-24 7:07:54 - La machine a redémarré ComboFix-quarantined-files.txt 2008-09-24 05:07:28 Avant-CF: 65ÿ109ÿ667ÿ840 octets libres Après-CF: 65,022,324,736 octets libres 338 --- E O F --- 2008-09-12 00:35:48 RAPPORT HIJACK THIS Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:39:27, on 24/09/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\WINDOWS\System32 cpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Softwin\BitDefender10\vsserv.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Softwin\BitDefender10\bdagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ASUS\WLAN Card Utilities\Center.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Pierre\Bureau\ccm.exe.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [upload curb default new] C:\Documents and Settings\All Users\Application Data\Lies shim upload curb\64 bone.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [second htm] C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\GlobalOnce.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Pierre5012 · Answer

Voila pour la rapport:

   --------------------\  Lop S&D 4.2.4-4   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
   BIOS : Award Modular BIOS v6.00PG
   USER : Pierre ( Administrator )
   BOOT : Normal boot
   Antivirus : Bitdefender Antivirus 8.0 (Activated)
   Firewall  : Bitdefender Firewall 8.0 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total : 97 Go Free : 60 Go
   D:\ (Local Disk) - NTFS - Total : 146 Go Free : 64 Go
   E:\ (Local Disk) - NTFS - Total : 221 Go Free : 31 Go
   F:\ (CD or DVD)
   G:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
   Option : [1] ( 24/09/2008|21:39 )
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [23/09/2008|22:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
   [23/09/2008|22:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [19/08/2008|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [13/09/2008|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [11/08/2008|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [11/08/2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [14/08/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
   [19/08/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
   [21/09/2008|14:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lies shim upload curb
   [23/09/2008|21:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [05/09/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [13/09/2008|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
   [27/08/2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
   [17/09/2008|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SimCity Societies
   [14/08/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [07/09/2008|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [01/09/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test Drive Unlimited
   [18/08/2008|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
   [10/08/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
   [27/08/2008|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [15/08/2008|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

   [10/08/2008|12:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [06/09/2008|23:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
   [18/09/2008|16:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\TeamViewer

   [10/08/2008|12:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [20/08/2008|23:58] C:\DOCUME~1\Pierre\APPLIC~1\Adobe
   [10/08/2008|12:43] C:\DOCUME~1\Pierre\APPLIC~1\AdobeUM
   [14/09/2008|01:04] C:\DOCUME~1\Pierre\APPLIC~1\Ahead
   [23/08/2008|12:51] C:\DOCUME~1\Pierre\APPLIC~1\Apple Computer
   [21/08/2008|23:43] C:\DOCUME~1\Pierre\APPLIC~1\Bioshock
   [14/08/2008|14:28] C:\DOCUME~1\Pierre\APPLIC~1\Bitdefender
   [11/08/2008|23:21] C:\DOCUME~1\Pierre\APPLIC~1\DivX
   [17/08/2008|19:55] C:\DOCUME~1\Pierre\APPLIC~1\FMZilla
   [14/08/2008|16:33] C:\DOCUME~1\Pierre\APPLIC~1\Google
   [02/09/2008|19:15] C:\DOCUME~1\Pierre\APPLIC~1\Hamachi
   [26/08/2008|20:38] C:\DOCUME~1\Pierre\APPLIC~1\Help
   [10/08/2008|12:14] C:\DOCUME~1\Pierre\APPLIC~1\Identities
   [10/08/2008|12:26] C:\DOCUME~1\Pierre\APPLIC~1\InstallShield
   [06/09/2008|22:50] C:\DOCUME~1\Pierre\APPLIC~1\LimeWire
   [10/08/2008|13:56] C:\DOCUME~1\Pierre\APPLIC~1\Macromedia
   [23/09/2008|21:50] C:\DOCUME~1\Pierre\APPLIC~1\Malwarebytes
   [17/09/2008|18:39] C:\DOCUME~1\Pierre\APPLIC~1\Microsoft
   [14/08/2008|15:46] C:\DOCUME~1\Pierre\APPLIC~1\Mozilla
   [21/09/2008|14:09] C:\DOCUME~1\Pierre\APPLIC~1\pileproxymeal
   [11/08/2008|14:24] C:\DOCUME~1\Pierre\APPLIC~1\SecuROM
   [24/09/2008|20:54] C:\DOCUME~1\Pierre\APPLIC~1\Skype
   [24/09/2008|18:52] C:\DOCUME~1\Pierre\APPLIC~1\skypePM
   [13/09/2008|20:20] C:\DOCUME~1\Pierre\APPLIC~1\Sun
   [20/09/2008|16:07] C:\DOCUME~1\Pierre\APPLIC~1	eamspeak2
   [27/08/2008|19:50] C:\DOCUME~1\Pierre\APPLIC~1\TeamViewer
   [18/08/2008|20:29] C:\DOCUME~1\Pierre\APPLIC~1\TVU Networks
   [10/08/2008|21:44] C:\DOCUME~1\Pierre\APPLIC~1\Ubisoft
   [17/08/2008|20:31] C:\DOCUME~1\Pierre\APPLIC~1\vghd
   [15/08/2008|16:12] C:\DOCUME~1\Pierre\APPLIC~1\vlc
   [11/08/2008|14:07] C:\DOCUME~1\Pierre\APPLIC~1\WinRAR
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [24/09/2008 21:00][--ah-----] C:\WINDOWS	asks\AAD3D59491B44FF8.job
   [13/09/2008 04:00][--a------] C:\WINDOWS	asks\Fermeture automatique.job
   [14/09/2008 00:00][--a------] C:\WINDOWS	asks\D‚fragmentation.job
   [13/09/2008 21:59][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [24/09/2008 07:05][--ah-----] C:\WINDOWS	asks\SA.DAT
   [24/04/2003 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   ( AAD3D59491B44FF8.job )=( c:\docume~1\pierre\applic~1\pilepr~1\vgakeeplive.exe )

   --------------------\  Listing des dossiers dans C:\Program Files

   [19/08/2008|18:02] C:\Program Files\Adobe
   [24/09/2008|21:14] C:\Program Files\adslTV
   [10/08/2008|17:56] C:\Program Files\Alcohol Soft
   [15/08/2008|13:47] C:\Program Files\Apple Software Update
   [16/08/2008|17:13] C:\Program Files\ASUS
   [26/08/2008|16:32] C:\Program Files\ATITool
   [12/08/2008|09:59] C:\Program Files\AxBx
   [07/09/2008|17:07] C:\Program Files\BitDownload
   [11/08/2008|23:34] C:\Program Files\Bonjour
   [22/09/2008|19:58] C:\Program Files\CCleaner
   [10/08/2008|12:09] C:\Program Files\ComPlus Applications
   [07/09/2008|18:52] C:\Program Files\DivX
   [24/09/2008|07:04] C:\Program Files\Fichiers communs
   [26/08/2008|16:32] C:\Program Files\Futuremark
   [11/08/2008|10:41] C:\Program Files\GIGABYTE
   [14/08/2008|16:32] C:\Program Files\Google
   [01/09/2008|18:57] C:\Program Files\Hamachi
   [20/09/2008|11:57] C:\Program Files\InstallShield Installation Information
   [10/08/2008|12:22] C:\Program Files\Intel
   [15/08/2008|00:28] C:\Program Files\Internet Explorer
   [15/08/2008|11:37] C:\Program Files\iPod
   [15/08/2008|11:37] C:\Program Files\iTunes
   [04/09/2008|20:55] C:\Program Files\Java
   [14/09/2008|02:20] C:\Program Files\LimeWire
   [22/08/2008|18:41] C:\Program Files\Logitech
   [23/09/2008|21:50] C:\Program Files\Malwarebytes' Anti-Malware
   [16/08/2008|00:45] C:\Program Files\Messenger
   [10/08/2008|12:12] C:\Program Files\microsoft frontpage
   [05/09/2008|18:17] C:\Program Files\Microsoft Office
   [05/09/2008|18:16] C:\Program Files\Microsoft.NET
   [10/08/2008|21:16] C:\Program Files\Movie Maker
   [24/09/2008|12:51] C:\Program Files\Mozilla Firefox
   [30/08/2008|15:47] C:\Program Files\mp3DirectCut
   [10/08/2008|12:09] C:\Program Files\MSN
   [10/08/2008|12:08] C:\Program Files\MSN Gaming Zone
   [16/08/2008|00:44] C:\Program Files\MSXML 4.0
   [10/08/2008|17:36] C:\Program Files\My Company Name
   [22/09/2008|21:42] C:\Program Files\Navilog1
   [13/09/2008|11:18] C:\Program Files\Nero
   [10/08/2008|21:15] C:\Program Files\NetMeeting
   [10/08/2008|21:15] C:\Program Files\Outlook Express
   [21/09/2008|14:07] C:\Program Files\pileproxymeal
   [11/08/2008|23:24] C:\Program Files\QuickTime
   [10/08/2008|12:26] C:\Program Files\Realtek
   [30/08/2008|20:42] C:\Program Files\RivaTuner v2.08
   [26/08/2008|16:49] C:\Program Files\RivaTuner v2.09
   [15/08/2008|11:31] C:\Program Files\Safari
   [10/08/2008|12:09] C:\Program Files\Services en ligne
   [14/08/2008|21:02] C:\Program Files\Skype
   [14/08/2008|14:27] C:\Program Files\Softwin
   [15/08/2008|13:32] C:\Program Files\Stardock
   [13/08/2008|17:13] C:\Program Files\Steam
   [23/08/2008|01:56] C:\Program Files\Teamspeak2_RC2
   [27/08/2008|19:50] C:\Program Files\TeamViewer3
   [24/08/2008|17:07] C:\Program Files\TVAnts
   [10/08/2008|12:14] C:\Program Files\Uninstall Information
   [24/08/2008|02:42] C:\Program Files\Valvesoftware
   [11/08/2008|18:06] C:\Program Files\VideoLAN
   [18/09/2008|18:08] C:\Program Files\Windows Live
   [24/09/2008|20:41] C:\Program Files\Windows Live Safety Center
   [06/09/2008|22:59] C:\Program Files\Windows Media Connect 2
   [06/09/2008|22:59] C:\Program Files\Windows Media Player
   [10/08/2008|21:15] C:\Program Files\Windows NT
   [10/08/2008|12:09] C:\Program Files\WindowsUpdate
   [11/08/2008|14:07] C:\Program Files\WinRAR
   [10/08/2008|12:12] C:\Program Files\xerox

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [19/08/2008|18:01] C:\Program Files\Fichiers communs\Adobe
   [13/09/2008|11:19] C:\Program Files\Fichiers communs\Ahead
   [11/08/2008|23:33] C:\Program Files\Fichiers communs\Apple
   [05/09/2008|18:17] C:\Program Files\Fichiers communs\DESIGNER
   [22/08/2008|18:39] C:\Program Files\Fichiers communs\InstallShield
   [04/09/2008|20:54] C:\Program Files\Fichiers communs\Java
   [22/08/2008|18:40] C:\Program Files\Fichiers communs\Logitech
   [19/08/2008|17:31] C:\Program Files\Fichiers communs\Macrovision Shared
   [06/09/2008|17:09] C:\Program Files\Fichiers communs\Microsoft Shared
   [10/08/2008|12:09] C:\Program Files\Fichiers communs\MSSoap
   [10/08/2008|12:59] C:\Program Files\Fichiers communs\ODBC
   [10/08/2008|12:09] C:\Program Files\Fichiers communs\Services
   [14/08/2008|21:01] C:\Program Files\Fichiers communs\Skype
   [14/08/2008|14:27] C:\Program Files\Fichiers communs\Softwin
   [10/08/2008|12:59] C:\Program Files\Fichiers communs\SpeechEngines
   [22/08/2008|18:59] C:\Program Files\Fichiers communs\Stardock
   [05/09/2008|18:16] C:\Program Files\Fichiers communs\System
   [15/08/2008|00:25] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 54 Processes )

   iexplore.exe ~ [PID:3636]
   iexplore.exe ~ [PID:3772]

   --------------------\  Recherche avec S_Lop

   C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1
   C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\cbzzfciv.exe
   C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\dpcqtjwl.exe
   C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\GlobalOnce.exe
   C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\vga keep live.exe
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lies shim upload curb
   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lies shim upload curb\64 bone.exe
   C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1
   C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1\cbzzfciv.exe
   C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1\dpcqtjwl.exe
   C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1\GlobalOnce.exe
   C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1\vga keep live.exe
   C:\Program Files\pilepr~1
   C:\Program Files\BitDownload
   C:\WINDOWS\Tasks\AAD3D59491B44FF8.job
 
   --------------------\  Verification du Registre

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BinPeakByte]
   "DisplayName"="CiD Help"
   "UninstallString"="C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\GlobalOnce.exe -uninstall"

   [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
   "second htm"="C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\GlobalOnce.exe"
   "second htm"="C:\DOCUME~1\Pierre\APPLIC~1\PILEPR~1\GlobalOnce.exe"

   [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   "upload curb default new"="C:\Documents and Settings\All Users\Application Data\Lies shim upload curb\64 bone.exe"

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-09-24 21:42:20
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:18][D:3]-> C:\DOCUME~1\Pierre\LOCALS~1\Temp
   [F:17][D:0]-> C:\DOCUME~1\Pierre\Cookies
   [F:346][D:4]-> C:\DOCUME~1\Pierre\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 24/09/2008|21:43 - Option : [1]

   --------------------\  Fin du rapport a 21:44:01

jlpjlp · Answer

pour avancer refais lop sd et choisi l'option 2 et colle le rapport . Puis colles un nouveau hijackthis et dis tes soucis

Pierre5012 · Answer

Bon je viens de refaire l'analyse avec LOP S&D (2) et voici le rapport:


   --------------------\  Lop S&D 4.2.4-4   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
   X86-based PC ( Multiprocessor Free : Processeur Intel Pentium III Xeon )
   BIOS : Award Modular BIOS v6.00PG
   USER : Pierre ( Administrator )
   BOOT : Normal boot
   Antivirus : Bitdefender Antivirus 8.0 (Activated)
   Firewall  : Bitdefender Firewall 8.0 (Activated)
   A:\ (USB)
   C:\ (Local Disk) - NTFS - Total : 97 Go Free : 60 Go
   D:\ (Local Disk) - NTFS - Total : 146 Go Free : 64 Go
   E:\ (Local Disk) - NTFS - Total : 221 Go Free : 31 Go
   F:\ (CD or DVD)
   G:\ (CD or DVD)

   "C:\Lop SD" ( MAJ : 19-09-2008|22:20 )
   Option : [2] ( 24/09/2008|22:15 )


   \\\\\\\\\\\\\\\ SUPPRESSION

   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lies shim upload curb\64 bone.exe
   Supprime! - C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1\cbzzfciv.exe
   Supprime! - C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1\dpcqtjwl.exe
   Supprime! - C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1\GlobalOnce.exe
   Supprime! - C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1\vga keep live.exe
   Supprime! - C:\WINDOWS\Tasks\AAD3D59491B44FF8.job 
   Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lies shim upload curb
   Supprime! - C:\DOCUME~1\Pierre\APPLIC~1\pilepr~1
   Supprime! - C:\Program Files\pilepr~1
   Supprime! - C:\Program Files\BitDownload
 
   \\\\\\\\\\\\\\\ 

 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [23/09/2008|22:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
   [23/09/2008|22:04] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

   [19/08/2008|18:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [13/09/2008|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
   [11/08/2008|23:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
   [11/08/2008|23:34] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
   [14/08/2008|14:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\BitDefender
   [19/08/2008|18:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
   [23/09/2008|21:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [05/09/2008|18:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [13/09/2008|11:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
   [27/08/2008|21:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Office Genuine Advantage
   [17/09/2008|21:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SimCity Societies
   [14/08/2008|21:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
   [07/09/2008|17:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [01/09/2008|20:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Test Drive Unlimited
   [18/08/2008|20:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU Networks
   [10/08/2008|21:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ubisoft
   [27/08/2008|21:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [15/08/2008|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

   [10/08/2008|12:11] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

   [06/09/2008|23:10] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
   [18/09/2008|16:49] C:\DOCUME~1\LOCALS~1\APPLIC~1\TeamViewer

   [10/08/2008|12:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

   [20/08/2008|23:58] C:\DOCUME~1\Pierre\APPLIC~1\Adobe
   [10/08/2008|12:43] C:\DOCUME~1\Pierre\APPLIC~1\AdobeUM
   [14/09/2008|01:04] C:\DOCUME~1\Pierre\APPLIC~1\Ahead
   [23/08/2008|12:51] C:\DOCUME~1\Pierre\APPLIC~1\Apple Computer
   [21/08/2008|23:43] C:\DOCUME~1\Pierre\APPLIC~1\Bioshock
   [14/08/2008|14:28] C:\DOCUME~1\Pierre\APPLIC~1\Bitdefender
   [11/08/2008|23:21] C:\DOCUME~1\Pierre\APPLIC~1\DivX
   [17/08/2008|19:55] C:\DOCUME~1\Pierre\APPLIC~1\FMZilla
   [14/08/2008|16:33] C:\DOCUME~1\Pierre\APPLIC~1\Google
   [02/09/2008|19:15] C:\DOCUME~1\Pierre\APPLIC~1\Hamachi
   [26/08/2008|20:38] C:\DOCUME~1\Pierre\APPLIC~1\Help
   [10/08/2008|12:14] C:\DOCUME~1\Pierre\APPLIC~1\Identities
   [10/08/2008|12:26] C:\DOCUME~1\Pierre\APPLIC~1\InstallShield
   [06/09/2008|22:50] C:\DOCUME~1\Pierre\APPLIC~1\LimeWire
   [10/08/2008|13:56] C:\DOCUME~1\Pierre\APPLIC~1\Macromedia
   [23/09/2008|21:50] C:\DOCUME~1\Pierre\APPLIC~1\Malwarebytes
   [17/09/2008|18:39] C:\DOCUME~1\Pierre\APPLIC~1\Microsoft
   [14/08/2008|15:46] C:\DOCUME~1\Pierre\APPLIC~1\Mozilla
   [11/08/2008|14:24] C:\DOCUME~1\Pierre\APPLIC~1\SecuROM
   [24/09/2008|22:10] C:\DOCUME~1\Pierre\APPLIC~1\Skype
   [24/09/2008|18:52] C:\DOCUME~1\Pierre\APPLIC~1\skypePM
   [13/09/2008|20:20] C:\DOCUME~1\Pierre\APPLIC~1\Sun
   [20/09/2008|16:07] C:\DOCUME~1\Pierre\APPLIC~1	eamspeak2
   [27/08/2008|19:50] C:\DOCUME~1\Pierre\APPLIC~1\TeamViewer
   [18/08/2008|20:29] C:\DOCUME~1\Pierre\APPLIC~1\TVU Networks
   [10/08/2008|21:44] C:\DOCUME~1\Pierre\APPLIC~1\Ubisoft
   [17/08/2008|20:31] C:\DOCUME~1\Pierre\APPLIC~1\vghd
   [15/08/2008|16:12] C:\DOCUME~1\Pierre\APPLIC~1\vlc
   [11/08/2008|14:07] C:\DOCUME~1\Pierre\APPLIC~1\WinRAR
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [13/09/2008 04:00][--a------] C:\WINDOWS	asks\Fermeture automatique.job
   [14/09/2008 00:00][--a------] C:\WINDOWS	asks\D‚fragmentation.job
   [13/09/2008 21:59][--a------] C:\WINDOWS	asks\AppleSoftwareUpdate.job
   [24/09/2008 07:05][--ah-----] C:\WINDOWS	asks\SA.DAT
   [24/04/2003 14:00][-r-h-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [19/08/2008|18:02] C:\Program Files\Adobe
   [24/09/2008|21:14] C:\Program Files\adslTV
   [10/08/2008|17:56] C:\Program Files\Alcohol Soft
   [15/08/2008|13:47] C:\Program Files\Apple Software Update
   [16/08/2008|17:13] C:\Program Files\ASUS
   [26/08/2008|16:32] C:\Program Files\ATITool
   [12/08/2008|09:59] C:\Program Files\AxBx
   [11/08/2008|23:34] C:\Program Files\Bonjour
   [22/09/2008|19:58] C:\Program Files\CCleaner
   [10/08/2008|12:09] C:\Program Files\ComPlus Applications
   [07/09/2008|18:52] C:\Program Files\DivX
   [24/09/2008|07:04] C:\Program Files\Fichiers communs
   [26/08/2008|16:32] C:\Program Files\Futuremark
   [11/08/2008|10:41] C:\Program Files\GIGABYTE
   [14/08/2008|16:32] C:\Program Files\Google
   [01/09/2008|18:57] C:\Program Files\Hamachi
   [20/09/2008|11:57] C:\Program Files\InstallShield Installation Information
   [10/08/2008|12:22] C:\Program Files\Intel
   [15/08/2008|00:28] C:\Program Files\Internet Explorer
   [15/08/2008|11:37] C:\Program Files\iPod
   [15/08/2008|11:37] C:\Program Files\iTunes
   [04/09/2008|20:55] C:\Program Files\Java
   [14/09/2008|02:20] C:\Program Files\LimeWire
   [22/08/2008|18:41] C:\Program Files\Logitech
   [23/09/2008|21:50] C:\Program Files\Malwarebytes' Anti-Malware
   [16/08/2008|00:45] C:\Program Files\Messenger
   [10/08/2008|12:12] C:\Program Files\microsoft frontpage
   [05/09/2008|18:17] C:\Program Files\Microsoft Office
   [05/09/2008|18:16] C:\Program Files\Microsoft.NET
   [10/08/2008|21:16] C:\Program Files\Movie Maker
   [24/09/2008|12:51] C:\Program Files\Mozilla Firefox
   [30/08/2008|15:47] C:\Program Files\mp3DirectCut
   [10/08/2008|12:09] C:\Program Files\MSN
   [10/08/2008|12:08] C:\Program Files\MSN Gaming Zone
   [16/08/2008|00:44] C:\Program Files\MSXML 4.0
   [10/08/2008|17:36] C:\Program Files\My Company Name
   [22/09/2008|21:42] C:\Program Files\Navilog1
   [13/09/2008|11:18] C:\Program Files\Nero
   [10/08/2008|21:15] C:\Program Files\NetMeeting
   [10/08/2008|21:15] C:\Program Files\Outlook Express
   [11/08/2008|23:24] C:\Program Files\QuickTime
   [10/08/2008|12:26] C:\Program Files\Realtek
   [30/08/2008|20:42] C:\Program Files\RivaTuner v2.08
   [26/08/2008|16:49] C:\Program Files\RivaTuner v2.09
   [15/08/2008|11:31] C:\Program Files\Safari
   [10/08/2008|12:09] C:\Program Files\Services en ligne
   [14/08/2008|21:02] C:\Program Files\Skype
   [14/08/2008|14:27] C:\Program Files\Softwin
   [15/08/2008|13:32] C:\Program Files\Stardock
   [13/08/2008|17:13] C:\Program Files\Steam
   [23/08/2008|01:56] C:\Program Files\Teamspeak2_RC2
   [27/08/2008|19:50] C:\Program Files\TeamViewer3
   [24/08/2008|17:07] C:\Program Files\TVAnts
   [10/08/2008|12:14] C:\Program Files\Uninstall Information
   [24/08/2008|02:42] C:\Program Files\Valvesoftware
   [11/08/2008|18:06] C:\Program Files\VideoLAN
   [18/09/2008|18:08] C:\Program Files\Windows Live
   [24/09/2008|20:41] C:\Program Files\Windows Live Safety Center
   [06/09/2008|22:59] C:\Program Files\Windows Media Connect 2
   [06/09/2008|22:59] C:\Program Files\Windows Media Player
   [10/08/2008|21:15] C:\Program Files\Windows NT
   [10/08/2008|12:09] C:\Program Files\WindowsUpdate
   [11/08/2008|14:07] C:\Program Files\WinRAR
   [10/08/2008|12:12] C:\Program Files\xerox

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [19/08/2008|18:01] C:\Program Files\Fichiers communs\Adobe
   [13/09/2008|11:19] C:\Program Files\Fichiers communs\Ahead
   [11/08/2008|23:33] C:\Program Files\Fichiers communs\Apple
   [05/09/2008|18:17] C:\Program Files\Fichiers communs\DESIGNER
   [22/08/2008|18:39] C:\Program Files\Fichiers communs\InstallShield
   [04/09/2008|20:54] C:\Program Files\Fichiers communs\Java
   [22/08/2008|18:40] C:\Program Files\Fichiers communs\Logitech
   [19/08/2008|17:31] C:\Program Files\Fichiers communs\Macrovision Shared
   [06/09/2008|17:09] C:\Program Files\Fichiers communs\Microsoft Shared
   [10/08/2008|12:09] C:\Program Files\Fichiers communs\MSSoap
   [10/08/2008|12:59] C:\Program Files\Fichiers communs\ODBC
   [10/08/2008|12:09] C:\Program Files\Fichiers communs\Services
   [14/08/2008|21:01] C:\Program Files\Fichiers communs\Skype
   [14/08/2008|14:27] C:\Program Files\Fichiers communs\Softwin
   [10/08/2008|12:59] C:\Program Files\Fichiers communs\SpeechEngines
   [22/08/2008|18:59] C:\Program Files\Fichiers communs\Stardock
   [05/09/2008|18:16] C:\Program Files\Fichiers communs\System
   [15/08/2008|00:25] C:\Program Files\Fichiers communs\WindowsLiveInstaller

   --------------------\  Process

   ( 52 Processes )

   ... OK !

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé !
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-09-24 22:16:46
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:24][D:3]-> C:\DOCUME~1\Pierre\LOCALS~1\Temp
   [F:16][D:0]-> C:\DOCUME~1\Pierre\Cookies
   [F:410][D:4]-> C:\DOCUME~1\Pierre\LOCALS~1\TEMPOR~1\content.IE5

   1 - "C:\Lop SD\LopR_1.txt" - 24/09/2008|21:43 - Option : [1]
   2 - "C:\Lop SD\LopR_2.txt" - 24/09/2008|22:18 - Option : [2]

   --------------------\  Fin du rapport a 22:18:40


Et un nouveau rapport avec Hijack this:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:19:53, on 24/09/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32	cpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
E:\Logiciel\analyse pour virus\ccm.exe.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Control Center] C:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - C:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Pierre5012 · Answer

Voila je viens de finir tout ce que tu m'as demander et voici le dernier rapport:

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche: 

C:\Combofix.txt: trouvé !
C:\fixnavi.txt: trouvé !
C:\lopR.txt: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: trouvé !
C:\Program Files\Navilog1: trouvé !
C:\Program Files\Navilog1\Navilog1.bat: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1\Navilog1.lnk: supprimé !
C:\Program Files\Navilog1\Navilog1.bat: supprimé !
C:\Combofix.txt: supprimé !
C:\fixnavi.txt: supprimé !
C:\lopR.txt: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Navilog1: supprimé !
C:\Program Files\Navilog1: supprimé !


J'ai pu remarque que depuis hier je n'ai plus iexplorer ce qui est bon signe ^^ de même pour l'explorer qui est très correct !
Je te tiendrais au courrant dans quelques jours pour te confirmer (ou non :s) le bon état de santé de mon PC (en message perso). En tout cas MERCI BEAUCOUP pour cette aide qui a été très concise et rapide !!! BRAVO

Sloubi76 · Answer

Pierre,

J'espère que ta a conservé internet explorer car pour les mises à jour Windows il est indispensable.
J'attends de tes nouvelles en MP.

@ +

Virus se généralisant

14 réponses

Discussions similaires