Sujet Précédent Sujet Suivant

Pub intempestive

sam3332 Messages postés 25 Statut Membre -  
sKe69 Messages postés 21955 Statut Contributeur sécurité -
Bonjour,
j'ai un virus et des pub intempestive que je n'arrive pas a supprimer.

pouvez-vous m'aider?

merci
A voir également:

40 réponses

  • 1
  • 2
Réponse 1 / 40
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Ok ...

plusieurs infections ...

Commences par ceci :

Télécharges ToolBar S&D ( de Eric_71/Team IDN ) :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

( Tuto : https://sites.google.com/site/toolbarsd/aideenimages )

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

* double-cliques sur l'.exe pour lancer l'installe et laisses toi guider ...
* Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
* Choisis l'option 1 ( "recherche") et tapes "entrée" .
* Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité
de son contenu dans ta prochaine réponse ...
( le rapport est en outre sauvegardé ici -> C:\TB.txt )
1
Réponse 2 / 40
sam3332 Messages postés 25 Statut Membre
 
au secours!!!!!!!!!
1
Réponse 3 / 40
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
passes à l'étape 2 alors ... et postes moi les rapports demandés ...
1
Réponse 4 / 40
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Eu non ... tu as oublier qulque chose ... -_-

donc je répette :

Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
accompagné d'un nouveau rapport hijackthis pour analyse et attends la suite ...

1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 40
sam3332 Messages postés 25 Statut Membre
 
bonjour

voici mes 2 rapports

[10/16/2008, 11:13:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sam\Bureau\VirtumundoBeGone.exe" )
[10/16/2008, 11:13:51] - Detected System Information:
[10/16/2008, 11:13:51] - Windows Version: 5.1.2600, Service Pack 2
[10/16/2008, 11:13:51] - Current Username: Sam (Admin)
[10/16/2008, 11:13:51] - Windows is in NORMAL mode.
[10/16/2008, 11:13:51] - Searching for Browser Helper Objects:
[10/16/2008, 11:13:51] - BHO 1: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - No filename found. Continuing.
[10/16/2008, 11:13:51] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\mnyside
[10/16/2008, 11:13:51] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[10/16/2008, 11:13:51] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/16/2008, 11:13:51] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/16/2008, 11:13:51] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/16/2008, 11:13:51] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/16/2008, 11:13:51] - BHO 7: {af9eb5d0-f09c-4a66-a075-191b948ca4d6} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\eqcvmz
[10/16/2008, 11:13:51] - Key not found: HKLM\...\Winlogon\Notify\eqcvmz, continuing.
[10/16/2008, 11:13:51] - BHO 8: {D92FA155-1849-4C89-9CEF-EAC9F19F97D9} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\tuvSmkli
[10/16/2008, 11:13:51] - Key not found: HKLM\...\Winlogon\Notify\tuvSmkli, continuing.
[10/16/2008, 11:13:51] - BHO 9: {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\urqQgffF
[10/16/2008, 11:13:51] - Key not found: HKLM\...\Winlogon\Notify\urqQgffF, continuing.
[10/16/2008, 11:13:51] - BHO 10: {FD417378-F411-4B77-BBEE-4893BB670D4C} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\ljJDSIyW
[10/16/2008, 11:13:51] - Found: HKLM\...\Winlogon\Notify\ljJDSIyW - This is probably Virtumundo.
[10/16/2008, 11:13:51] - Assigning {FD417378-F411-4B77-BBEE-4893BB670D4C} MSEvents Object
[10/16/2008, 11:13:52] - BHO list has been changed! Starting over...
[10/16/2008, 11:13:52] - BHO 1: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - No filename found. Continuing.
[10/16/2008, 11:13:52] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - Checking for HKLM\...\Winlogon\Notify\mnyside
[10/16/2008, 11:13:52] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[10/16/2008, 11:13:52] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/16/2008, 11:13:52] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/16/2008, 11:13:52] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/16/2008, 11:13:52] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/16/2008, 11:13:52] - BHO 7: {af9eb5d0-f09c-4a66-a075-191b948ca4d6} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - Checking for HKLM\...\Winlogon\Notify\eqcvmz
[10/16/2008, 11:13:52] - Key not found: HKLM\...\Winlogon\Notify\eqcvmz, continuing.
[10/16/2008, 11:13:52] - BHO 8: {D92FA155-1849-4C89-9CEF-EAC9F19F97D9} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - Checking for HKLM\...\Winlogon\Notify\tuvSmkli
[10/16/2008, 11:13:52] - Key not found: HKLM\...\Winlogon\Notify\tuvSmkli, continuing.
[10/16/2008, 11:13:52] - BHO 9: {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - Checking for HKLM\...\Winlogon\Notify\urqQgffF
[10/16/2008, 11:13:52] - Key not found: HKLM\...\Winlogon\Notify\urqQgffF, continuing.
[10/16/2008, 11:13:52] - BHO 10: {FD417378-F411-4B77-BBEE-4893BB670D4C} (MSEvents Object)
[10/16/2008, 11:13:52] - ALERT: Found MSEvents Object!
[10/16/2008, 11:13:52] - Finished Searching Browser Helper Objects
[10/16/2008, 11:13:52] - *** Detected MSEvents Object
[10/16/2008, 11:13:52] - Trying to remove MSEvents Object...
[10/16/2008, 11:13:53] - Terminating Process: IEXPLORE.EXE
[10/16/2008, 11:13:53] - Terminating Process: RUNDLL32.EXE
[10/16/2008, 11:13:53] - Disabling Automatic Shell Restart
[10/16/2008, 11:13:53] - Terminating Process: EXPLORER.EXE
[10/16/2008, 11:14:58] - Suspending the NT Session Manager System Service
[10/16/2008, 11:14:58] - Terminating Windows NT Logon/Logoff Manager
[10/16/2008, 11:14:59] - Re-enabling Automatic Shell Restart
[10/16/2008, 11:14:59] - File to disable: C:\WINDOWS\system32\ljJDSIyW.dll
[10/16/2008, 11:14:59] - Renaming C:\WINDOWS\system32\ljJDSIyW.dll -> C:\WINDOWS\system32\ljJDSIyW.dll.vir
[10/16/2008, 11:14:59] - File successfully renamed!
[10/16/2008, 11:14:59] - Removing HKLM\...\Browser Helper Objects\{FD417378-F411-4B77-BBEE-4893BB670D4C}
[10/16/2008, 11:14:59] - Removing HKCR\CLSID\{FD417378-F411-4B77-BBEE-4893BB670D4C}
[10/16/2008, 11:14:59] - Adding Kill Bit for ActiveX for GUID: {FD417378-F411-4B77-BBEE-4893BB670D4C}
[10/16/2008, 11:14:59] - Deleting ATLEvents/MSEvents Registry entries
[10/16/2008, 11:14:59] - Removing HKLM\...\Winlogon\Notify\ljJDSIyW
[10/16/2008, 11:14:59] - Searching for Browser Helper Objects:
[10/16/2008, 11:14:59] - BHO 1: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - No filename found. Continuing.
[10/16/2008, 11:14:59] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - Checking for HKLM\...\Winlogon\Notify\mnyside
[10/16/2008, 11:14:59] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[10/16/2008, 11:14:59] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/16/2008, 11:14:59] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/16/2008, 11:14:59] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/16/2008, 11:14:59] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/16/2008, 11:14:59] - BHO 7: {af9eb5d0-f09c-4a66-a075-191b948ca4d6} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - Checking for HKLM\...\Winlogon\Notify\eqcvmz
[10/16/2008, 11:14:59] - Key not found: HKLM\...\Winlogon\Notify\eqcvmz, continuing.
[10/16/2008, 11:14:59] - BHO 8: {D92FA155-1849-4C89-9CEF-EAC9F19F97D9} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - Checking for HKLM\...\Winlogon\Notify\tuvSmkli
[10/16/2008, 11:14:59] - Key not found: HKLM\...\Winlogon\Notify\tuvSmkli, continuing.
[10/16/2008, 11:14:59] - BHO 9: {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - Checking for HKLM\...\Winlogon\Notify\urqQgffF
[10/16/2008, 11:14:59] - Key not found: HKLM\...\Winlogon\Notify\urqQgffF, continuing.
[10/16/2008, 11:14:59] - Finished Searching Browser Helper Objects
[10/16/2008, 11:14:59] - Finishing up...
[10/16/2008, 11:14:59] - A restart is needed.
[10/16/2008, 11:15:07] - Attempting to Restart via STOP error (Blue Screen!)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:09, on 16/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {6d4ac849-b191-570a-66a4-c90f0d5be9fa} - {af9eb5d0-f09c-4a66-a075-191b948ca4d6} - C:\WINDOWS\system32\eqcvmz.dll
O2 - BHO: (no name) - {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} - C:\WINDOWS\system32\urqQgffF.dll (file missing)
O2 - BHO: (no name) - {EC442773-5C70-494A-86ED-067E1415A07E} - C:\WINDOWS\system32\tuvSmkli.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [bcc12435] rundll32.exe "C:\WINDOWS\system32\jwtpmmgs.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: eqcvmz.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1
Réponse 6 / 40
sam3332 Messages postés 25 Statut Membre
 
bonjour

voici mes 2 rapports

[10/16/2008, 11:13:43] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Sam\Bureau\VirtumundoBeGone.exe" )
[10/16/2008, 11:13:51] - Detected System Information:
[10/16/2008, 11:13:51] - Windows Version: 5.1.2600, Service Pack 2
[10/16/2008, 11:13:51] - Current Username: Sam (Admin)
[10/16/2008, 11:13:51] - Windows is in NORMAL mode.
[10/16/2008, 11:13:51] - Searching for Browser Helper Objects:
[10/16/2008, 11:13:51] - BHO 1: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - No filename found. Continuing.
[10/16/2008, 11:13:51] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\mnyside
[10/16/2008, 11:13:51] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[10/16/2008, 11:13:51] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/16/2008, 11:13:51] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/16/2008, 11:13:51] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/16/2008, 11:13:51] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/16/2008, 11:13:51] - BHO 7: {af9eb5d0-f09c-4a66-a075-191b948ca4d6} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\eqcvmz
[10/16/2008, 11:13:51] - Key not found: HKLM\...\Winlogon\Notify\eqcvmz, continuing.
[10/16/2008, 11:13:51] - BHO 8: {D92FA155-1849-4C89-9CEF-EAC9F19F97D9} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\tuvSmkli
[10/16/2008, 11:13:51] - Key not found: HKLM\...\Winlogon\Notify\tuvSmkli, continuing.
[10/16/2008, 11:13:51] - BHO 9: {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\urqQgffF
[10/16/2008, 11:13:51] - Key not found: HKLM\...\Winlogon\Notify\urqQgffF, continuing.
[10/16/2008, 11:13:51] - BHO 10: {FD417378-F411-4B77-BBEE-4893BB670D4C} ()
[10/16/2008, 11:13:51] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:51] - Checking for HKLM\...\Winlogon\Notify\ljJDSIyW
[10/16/2008, 11:13:51] - Found: HKLM\...\Winlogon\Notify\ljJDSIyW - This is probably Virtumundo.
[10/16/2008, 11:13:51] - Assigning {FD417378-F411-4B77-BBEE-4893BB670D4C} MSEvents Object
[10/16/2008, 11:13:52] - BHO list has been changed! Starting over...
[10/16/2008, 11:13:52] - BHO 1: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - No filename found. Continuing.
[10/16/2008, 11:13:52] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - Checking for HKLM\...\Winlogon\Notify\mnyside
[10/16/2008, 11:13:52] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[10/16/2008, 11:13:52] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/16/2008, 11:13:52] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/16/2008, 11:13:52] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/16/2008, 11:13:52] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/16/2008, 11:13:52] - BHO 7: {af9eb5d0-f09c-4a66-a075-191b948ca4d6} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - Checking for HKLM\...\Winlogon\Notify\eqcvmz
[10/16/2008, 11:13:52] - Key not found: HKLM\...\Winlogon\Notify\eqcvmz, continuing.
[10/16/2008, 11:13:52] - BHO 8: {D92FA155-1849-4C89-9CEF-EAC9F19F97D9} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - Checking for HKLM\...\Winlogon\Notify\tuvSmkli
[10/16/2008, 11:13:52] - Key not found: HKLM\...\Winlogon\Notify\tuvSmkli, continuing.
[10/16/2008, 11:13:52] - BHO 9: {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} ()
[10/16/2008, 11:13:52] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:13:52] - Checking for HKLM\...\Winlogon\Notify\urqQgffF
[10/16/2008, 11:13:52] - Key not found: HKLM\...\Winlogon\Notify\urqQgffF, continuing.
[10/16/2008, 11:13:52] - BHO 10: {FD417378-F411-4B77-BBEE-4893BB670D4C} (MSEvents Object)
[10/16/2008, 11:13:52] - ALERT: Found MSEvents Object!
[10/16/2008, 11:13:52] - Finished Searching Browser Helper Objects
[10/16/2008, 11:13:52] - *** Detected MSEvents Object
[10/16/2008, 11:13:52] - Trying to remove MSEvents Object...
[10/16/2008, 11:13:53] - Terminating Process: IEXPLORE.EXE
[10/16/2008, 11:13:53] - Terminating Process: RUNDLL32.EXE
[10/16/2008, 11:13:53] - Disabling Automatic Shell Restart
[10/16/2008, 11:13:53] - Terminating Process: EXPLORER.EXE
[10/16/2008, 11:14:58] - Suspending the NT Session Manager System Service
[10/16/2008, 11:14:58] - Terminating Windows NT Logon/Logoff Manager
[10/16/2008, 11:14:59] - Re-enabling Automatic Shell Restart
[10/16/2008, 11:14:59] - File to disable: C:\WINDOWS\system32\ljJDSIyW.dll
[10/16/2008, 11:14:59] - Renaming C:\WINDOWS\system32\ljJDSIyW.dll -> C:\WINDOWS\system32\ljJDSIyW.dll.vir
[10/16/2008, 11:14:59] - File successfully renamed!
[10/16/2008, 11:14:59] - Removing HKLM\...\Browser Helper Objects\{FD417378-F411-4B77-BBEE-4893BB670D4C}
[10/16/2008, 11:14:59] - Removing HKCR\CLSID\{FD417378-F411-4B77-BBEE-4893BB670D4C}
[10/16/2008, 11:14:59] - Adding Kill Bit for ActiveX for GUID: {FD417378-F411-4B77-BBEE-4893BB670D4C}
[10/16/2008, 11:14:59] - Deleting ATLEvents/MSEvents Registry entries
[10/16/2008, 11:14:59] - Removing HKLM\...\Winlogon\Notify\ljJDSIyW
[10/16/2008, 11:14:59] - Searching for Browser Helper Objects:
[10/16/2008, 11:14:59] - BHO 1: {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - No filename found. Continuing.
[10/16/2008, 11:14:59] - BHO 2: {243B17DE-77C7-46BF-B94B-0B5F309A0E64} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - Checking for HKLM\...\Winlogon\Notify\mnyside
[10/16/2008, 11:14:59] - Key not found: HKLM\...\Winlogon\Notify\mnyside, continuing.
[10/16/2008, 11:14:59] - BHO 3: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[10/16/2008, 11:14:59] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[10/16/2008, 11:14:59] - BHO 5: {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
[10/16/2008, 11:14:59] - BHO 6: {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
[10/16/2008, 11:14:59] - BHO 7: {af9eb5d0-f09c-4a66-a075-191b948ca4d6} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - Checking for HKLM\...\Winlogon\Notify\eqcvmz
[10/16/2008, 11:14:59] - Key not found: HKLM\...\Winlogon\Notify\eqcvmz, continuing.
[10/16/2008, 11:14:59] - BHO 8: {D92FA155-1849-4C89-9CEF-EAC9F19F97D9} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - Checking for HKLM\...\Winlogon\Notify\tuvSmkli
[10/16/2008, 11:14:59] - Key not found: HKLM\...\Winlogon\Notify\tuvSmkli, continuing.
[10/16/2008, 11:14:59] - BHO 9: {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} ()
[10/16/2008, 11:14:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[10/16/2008, 11:14:59] - Checking for HKLM\...\Winlogon\Notify\urqQgffF
[10/16/2008, 11:14:59] - Key not found: HKLM\...\Winlogon\Notify\urqQgffF, continuing.
[10/16/2008, 11:14:59] - Finished Searching Browser Helper Objects
[10/16/2008, 11:14:59] - Finishing up...
[10/16/2008, 11:14:59] - A restart is needed.
[10/16/2008, 11:15:07] - Attempting to Restart via STOP error (Blue Screen!)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:09, on 16/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: (no name) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: {6d4ac849-b191-570a-66a4-c90f0d5be9fa} - {af9eb5d0-f09c-4a66-a075-191b948ca4d6} - C:\WINDOWS\system32\eqcvmz.dll
O2 - BHO: (no name) - {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} - C:\WINDOWS\system32\urqQgffF.dll (file missing)
O2 - BHO: (no name) - {EC442773-5C70-494A-86ED-067E1415A07E} - C:\WINDOWS\system32\tuvSmkli.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [bcc12435] rundll32.exe "C:\WINDOWS\system32\jwtpmmgs.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: eqcvmz.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1
Réponse 7 / 40
sam3332 Messages postés 25 Statut Membre
 
pouvez-vous m'aider?

Merci
1
Réponse 8 / 40
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Salut,

fais ceci dans l'ordre :

1- Re -refais ceci stp ,

Nettoyage avec ToolBar S&D :

!! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!

Relances Toolbar-S&D en double-cliquant sur le raccourci.
-->Tapes sur l'option 2 ( "nettoyage" ) puis tapes sur "Entrée".

Je répette , choisis l'OPTION 2 !

Note : ne touches à rien lors de la suppression !

Un rapport sera généré à la fin du processus : postes son contenu dans ta prochaine réponse
pour analyse ...

une fois ce rapport posté , fais la suite :

2- Télécharges MalwareByte's :
ici ftp://ftp.commentcamarche.com/download/mbam-setup.exe
ou ici : http://www.malwarebytes.org/mbam.php

Installes le ( choisis bien "francais" ; ne modifies pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )

Potasses le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
https://www.androidworld.fr/
( cela dis, il est très simple d'utilisation ).

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarres ton ordi .
2) Tapotes la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valides en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copies ou imprimes bien la manipe pour éviter les erreurs ...

Lances Malwarebyte's .

Fais un scan dit "complet" ( sélectionnes bien tous tes disks avant le scan ! ) et supprimes tout ce qu'il peut trouver, c'est à dire :
-->Laisses le scan se terminer,puis à la fin tu cliques sur "résultat" .
-->Vérifies que tous les objets infectés soient validés, puis cliques sur " suppression " .

Redémarres ton PC ( mode normal ).

Postes le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date) accompagné d'un nouvel hijackthis ( fait en mode normal ) ...

1
Réponse 9 / 40
sam3332 Messages postés 25 Statut Membre
 
voici le rapport

-----------\\ ToolBar S&D 1.2.2 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2180 @ 2.00GHz )
BIOS : Default System BIOS
USER : Sam ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
C:\ (Local Disk) - NTFS - Total : 73 Go Free : 63 Go
D:\ (Local Disk) - NTFS - Total : 159 Go Free : 154 Go
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD)
J:\ (USB)
K:\ (USB)

"C:\ToolBar SD" ( MAJ : 04-10-2008|21:00 )
Option : [2] ( 16/10/2008|11:39 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskSBar\bar
Supprime! - C:\Program Files\AskSBar\SrchAstt
Supprime! - C:\DOCUME~1\Sam\LOCALS~1\Temp\ICD1.tmp
Supprime! - C:\Program Files\AskSBar

-----------\\ Recherche de Fichiers / Dossiers ...

C:\DOCUME~1\Sam\LOCALS~1\Temp\nsg8.tmp
C:\DOCUME~1\Sam\LOCALS~1\Temp\nslA.tmp
C:\DOCUME~1\Sam\LOCALS~1\Temp\nslB.tmp

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.com/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\system32\FffgQqru.ini
C:\WINDOWS\system32\FffgQqru.ini2
C:\WINDOWS\system32\ilkmSvut.ini
C:\WINDOWS\system32\ilkmSvut.ini2
[b]==> VUNDO <==/b

1 - "C:\ToolBar SD\TB_1.txt" - 15/10/2008|15:00 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 15/10/2008|17:08 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 16/10/2008|11:41 - Option : [2]

-----------\\ Fin du rapport a 11:41:45,57
1
Réponse 10 / 40
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Enfin !!! Impec ... la suite maintenant ... ;)
0
Réponse 11 / 40
sam3332 Messages postés 25 Statut Membre
 
voici les rapports
Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1274
Windows 5.1.2600 Service Pack 2

16/10/2008 12:22:15
mbam-log-2008-10-16 (12-22-15).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 106855
Temps écoulé: 27 minute(s), 25 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 17

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\jwtpmmgs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\tuvSmkli.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\eqcvmz.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1e343438-0f19-412f-b955-b6ccf7063499} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{1e343438-0f19-412f-b955-b6ccf7063499} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{af9eb5d0-f09c-4a66-a075-191b948ca4d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{af9eb5d0-f09c-4a66-a075-191b948ca4d6} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bcc12435 (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvsmkli -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\tuvsmkli -> Delete on reboot.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\tuvSmkli.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\ilkmSvut.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ilkmSvut.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eqcvmz.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\jwtpmmgs.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\sgmmptwj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Manon\Local Settings\Temporary Internet Files\Content.IE5\BSBJ6U0M\upd105320[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Manon\Local Settings\Temporary Internet Files\Content.IE5\C8DRBZ0I\nd82m0[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB25FE76-786A-4F92-868C-CFDC5696CD2D}\RP38\A0005965.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB25FE76-786A-4F92-868C-CFDC5696CD2D}\RP40\A0007241.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB25FE76-786A-4F92-868C-CFDC5696CD2D}\RP40\A0007242.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB25FE76-786A-4F92-868C-CFDC5696CD2D}\RP42\A0008257.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB25FE76-786A-4F92-868C-CFDC5696CD2D}\RP42\A0008267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AB25FE76-786A-4F92-868C-CFDC5696CD2D}\RP42\A0008268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwfkkpkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xyysyynd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJDSIyW.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:27, on 16/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E343438-0F19-412F-B955-B6CCF7063499} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} - C:\WINDOWS\system32\urqQgffF.dll (file missing)
O2 - BHO: (no name) - {EC442773-5C70-494A-86ED-067E1415A07E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [Alcmtr] "C:\WINDOWS\ALCMTR.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: eqcvmz.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 12 / 40
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Attention :

si tu n'as pas fait le scan en mode sans échec , redémarres ton PC pour que Malwarebytes finisse le travaille !

Ensuite repostes moi un nouvel hijackthis et attends la suite ...

Si tu as bien fais le scan en mode sans échec , dis le moi ...
0
Réponse 13 / 40
sam3332 Messages postés 25 Statut Membre
 
en mode sans echec ne marche pas
0
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
c'est que tu n'as pas du bien fair la manipe ... -_-


donc redémarres le PC comme je t'ai demandé ... et ensuite repostes un nouvel hijackthis et attends la suite ...


0
Réponse 14 / 40
sam3332 Messages postés 25 Statut Membre
 
j'ai redemarre le pc
0
Réponse 15 / 40
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
Ok ...

donc la suite :

1- supprimes tout ce qui se trouve dans la quarantaine de malwarebytes ( via celle-ci ) .

2- refais un coup de CCleaner (registre compris ).

3- fais exactement ce qui suit :

Télécharges ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnectes toi,fermes tes applications en cours et DESACTIVES TOUTES TES DEFENSES (anti-virus, guardes anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-cliques sur l'icône "combofix.exe" pour lancer l'outil .

Appuyes sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilises pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisses le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : cliques sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée dans: C:\Combofix.txt

Postes le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...
0
Réponse 16 / 40
sam3332 Messages postés 25 Statut Membre
 
voici les rapports
ComboFix 08-10-15.06 - Sam 2008-10-16 12:46:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1501 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Sam\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\FffgQqru.ini
C:\WINDOWS\system32\FffgQqru.ini2
C:\WINDOWS\system32\kuncmacp.exe
C:\WINDOWS\system32\ntolxwjm.ini
C:\WINDOWS\system32\oknqflag.ini
C:\WINDOWS\system32\pinuumvd.exe
C:\WINDOWS\system32\ubikbeng.ini

----- BITS: Il y a peut-être des sites infectés -----

hxxp://www.mp3codec.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-16 au 2008-10-16 ))))))))))))))))))))))))))))))))))))
.

2008-10-16 11:46 . 2008-10-16 11:46 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-10-16 11:45 . 2008-10-16 11:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 11:45 . 2008-10-16 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-16 11:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-16 11:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-15 16:10 . 2008-10-15 16:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-15 16:09 . 2008-10-15 16:15 <REP> d-------- C:\Documents and Settings\Sam\.housecall6.6
2008-10-15 16:08 . 2008-10-15 16:08 <REP> d-------- C:\WINDOWS\Sun
2008-10-15 16:07 . 2008-10-15 16:07 <REP> d-------- C:\Program Files\Java
2008-10-15 16:07 . 2008-10-15 16:08 <REP> d-------- C:\Program Files\Google
2008-10-15 16:07 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-15 16:06 . 2008-10-15 16:06 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-15 15:54 . 2008-10-15 15:54 <REP> d-------- C:\_OTMoveIt
2008-10-15 15:25 . 2008-10-15 17:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-15 15:25 . 2008-10-16 12:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 14:58 . 2008-10-16 11:40 3,326 --a------ C:\Documents and Settings\Orph.egd
2008-10-15 14:55 . 2008-10-16 11:41 <REP> d-------- C:\ToolBar SD
2008-10-15 14:42 . 2008-10-15 14:42 <REP> d-------- C:\Program Files\Trend Micro
2008-10-14 13:43 . 2008-10-14 13:43 244 --ah----- C:\sqmnoopt17.sqm
2008-10-14 13:43 . 2008-10-14 13:43 232 --ah----- C:\sqmdata17.sqm
2008-10-13 20:52 . 2008-10-15 14:25 3,021 --a------ C:\rollback.ini
2008-10-13 20:34 . 2008-10-13 20:34 <REP> d-------- C:\Documents and Settings\Manon\Application Data\MailFrontier
2008-10-13 09:40 . 2008-10-14 13:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-13 09:40 . 2008-10-13 09:46 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-10-13 09:39 . 2008-10-15 15:26 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-13 09:39 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-13 09:35 . 2008-10-15 15:26 <REP> d-------- C:\WINDOWS\Internet Logs
2008-10-13 08:52 . 2008-10-13 08:55 <REP> d-------- C:\Documents and Settings\Sam\Application Data\GetRightToGo
2008-10-13 08:21 . 2008-10-13 08:21 244 --ah----- C:\sqmnoopt16.sqm
2008-10-13 08:21 . 2008-10-13 08:21 232 --ah----- C:\sqmdata16.sqm
2008-10-12 16:07 . 2008-10-12 16:07 244 --ah----- C:\sqmnoopt15.sqm
2008-10-12 16:07 . 2008-10-12 16:07 232 --ah----- C:\sqmdata15.sqm
2008-10-12 10:42 . 2008-10-12 10:42 <REP> d-------- C:\Documents and Settings\Sam\Contacts
2008-10-12 10:23 . 2008-10-12 10:23 <REP> d-------- C:\Documents and Settings\Sam\Application Data\DivX
2008-10-12 09:58 . 2008-10-12 09:58 244 --ah----- C:\sqmnoopt14.sqm
2008-10-12 09:58 . 2008-10-12 09:58 232 --ah----- C:\sqmdata14.sqm
2008-10-11 09:38 . 2008-10-11 09:38 244 --ah----- C:\sqmnoopt13.sqm
2008-10-11 09:38 . 2008-10-11 09:38 232 --ah----- C:\sqmdata13.sqm
2008-10-10 15:19 . 2008-10-10 15:19 244 --ah----- C:\sqmnoopt12.sqm
2008-10-10 15:19 . 2008-10-10 15:19 232 --ah----- C:\sqmdata12.sqm
2008-10-09 19:17 . 2008-10-09 19:34 <REP> d-------- C:\Documents and Settings\sandrine\Contacts
2008-10-09 19:10 . 2008-10-09 19:10 268 --ah----- C:\sqmdata11.sqm
2008-10-09 19:10 . 2008-10-09 19:10 244 --ah----- C:\sqmnoopt11.sqm
2008-10-09 19:01 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\sandrine\Voisinage réseau
2008-10-09 19:01 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\sandrine\Voisinage d'impression
2008-10-09 19:01 . 2008-09-25 21:06 <REP> d--h----- C:\Documents and Settings\sandrine\Modèles
2008-10-09 19:01 . 2008-10-09 19:22 <REP> dr------- C:\Documents and Settings\sandrine\Mes documents
2008-10-09 19:01 . 2008-09-25 21:56 <REP> dr------- C:\Documents and Settings\sandrine\Menu Démarrer
2008-10-09 19:01 . 2008-10-09 19:01 <REP> dr------- C:\Documents and Settings\sandrine\Favoris
2008-10-09 19:01 . 2008-10-09 19:10 <REP> d-------- C:\Documents and Settings\sandrine\Bureau
2008-10-09 19:01 . 2008-10-09 19:17 <REP> d-------- C:\Documents and Settings\sandrine
2008-10-09 18:13 . 2008-10-09 18:13 <REP> d-------- C:\Documents and Settings\Manon\Application Data\TuneUp Software
2008-10-08 11:56 . 2008-10-08 11:56 244 --ah----- C:\sqmnoopt10.sqm
2008-10-08 11:56 . 2008-10-08 11:56 232 --ah----- C:\sqmdata10.sqm
2008-10-07 10:10 . 2008-10-07 10:10 244 --ah----- C:\sqmnoopt09.sqm
2008-10-07 10:10 . 2008-10-07 10:10 232 --ah----- C:\sqmdata09.sqm
2008-10-07 10:09 . 2008-10-07 10:09 244 --ah----- C:\sqmnoopt08.sqm
2008-10-07 10:09 . 2008-10-07 10:09 232 --ah----- C:\sqmdata08.sqm
2008-10-06 17:13 . 2008-10-06 17:13 244 --ah----- C:\sqmnoopt07.sqm
2008-10-06 17:13 . 2008-10-06 17:13 232 --ah----- C:\sqmdata07.sqm
2008-10-06 13:52 . 2008-10-06 13:52 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Icone
2008-10-05 10:40 . 2008-10-05 10:40 164 --a------ C:\install.dat
2008-10-05 09:33 . 2008-10-05 09:33 244 --ah----- C:\sqmnoopt06.sqm
2008-10-05 09:33 . 2008-10-05 09:33 232 --ah----- C:\sqmdata06.sqm
2008-10-04 07:59 . 2008-10-04 07:59 244 --ah----- C:\sqmnoopt05.sqm
2008-10-04 07:59 . 2008-10-04 07:59 232 --ah----- C:\sqmdata05.sqm
2008-10-01 17:00 . 2008-10-01 17:00 244 --ah----- C:\sqmnoopt04.sqm
2008-10-01 17:00 . 2008-10-01 17:00 232 --ah----- C:\sqmdata04.sqm
2008-10-01 12:27 . 2008-10-01 12:27 <REP> d-------- C:\Program Files\CCleaner
2008-09-30 16:48 . 2008-09-30 16:49 <REP> d-------- C:\Program Files\PhotoFiltre
2008-09-30 14:57 . 2008-09-30 14:57 244 --ah----- C:\sqmnoopt03.sqm
2008-09-30 14:57 . 2008-09-30 14:57 232 --ah----- C:\sqmdata03.sqm
2008-09-30 12:12 . 2008-10-14 14:03 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2008-09-30 12:12 . 2008-09-30 12:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-30 12:12 . 2008-09-30 12:12 <REP> d-------- C:\Documents and Settings\Sam\Application Data\TuneUp Software
2008-09-30 12:12 . 2008-09-30 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-30 12:12 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-30 11:46 . 2008-09-30 11:46 <REP> d-------- C:\Program Files\uTorrent
2008-09-30 11:46 . 2008-10-13 09:45 <REP> d-------- C:\Documents and Settings\Sam\Application Data\uTorrent
2008-09-30 11:40 . 2008-09-30 11:49 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Azureus
2008-09-30 11:40 . 2008-09-30 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-09-29 13:36 . 2008-09-29 13:36 244 --ah----- C:\sqmnoopt02.sqm
2008-09-29 13:36 . 2008-09-29 13:36 232 --ah----- C:\sqmdata02.sqm
2008-09-29 11:43 . 2008-09-29 11:43 244 --ah----- C:\sqmnoopt01.sqm
2008-09-29 11:43 . 2008-09-29 11:43 232 --ah----- C:\sqmdata01.sqm
2008-09-28 18:31 . 2008-10-14 13:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-28 15:27 . 2008-10-12 16:22 <REP> d-------- C:\Program Files\eMule
2008-09-28 09:18 . 2008-09-28 09:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-28 09:13 . 2008-09-28 09:13 <REP> d-------- C:\Program Files\Logitech
2008-09-28 09:13 . 2008-09-28 09:13 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-28 09:13 . 2004-01-21 03:26 360,448 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-28 09:08 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-28 09:08 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-28 09:07 . 2003-02-27 23:10 6,184 -ra------ C:\WINDOWS\system32\cmglue.vxd
2008-09-28 09:06 . 2008-09-28 09:06 <REP> d-------- C:\WINDOWS\StartHtmico
2008-09-28 09:06 . 2008-09-28 09:06 <REP> d-------- C:\WINDOWS\I560
2008-09-28 09:06 . 2008-09-28 09:06 <REP> d--h----- C:\BJPrinter
2008-09-28 09:06 . 2003-07-30 07:00 107,008 --a------ C:\WINDOWS\system32\CNMLM58.DLL
2008-09-28 09:06 . 2003-05-13 20:50 73,728 -ra------ C:\WINDOWS\system32\CNMCP58.exe
2008-09-28 09:06 . 2003-07-30 07:00 6,656 --a------ C:\WINDOWS\system32\CNMVS58.DLL
2008-09-28 08:26 . 2008-09-28 08:26 <REP> d-------- C:\Program Files\Microsoft Money
2008-09-27 23:37 . 2008-10-11 16:44 <REP> d-------- C:\Documents and Settings\Manon\Contacts
2008-09-27 23:15 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-09-27 23:15 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-09-27 23:15 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-09-27 23:15 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-09-27 23:15 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-09-27 23:15 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-09-27 23:15 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-09-27 23:14 . 2008-09-27 23:15 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-09-27 23:14 . 2008-09-27 23:14 <REP> d-------- C:\Program Files\Samsung
2008-09-27 23:14 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
2008-09-27 16:26 . 2008-09-27 16:26 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-27 12:14 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\Manon\Voisinage réseau
2008-09-27 12:14 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\Manon\Voisinage d'impression
2008-09-27 12:14 . 2008-09-25 21:06 <REP> d--h----- C:\Documents and Settings\Manon\Modèles
2008-09-27 12:14 . 2008-09-25 21:56 <REP> dr------- C:\Documents and Settings\Manon\Menu Démarrer
2008-09-27 12:14 . 2008-10-08 14:56 <REP> dr------- C:\Documents and Settings\Manon\Favoris
2008-09-27 12:14 . 2008-10-12 15:13 <REP> d-------- C:\Documents and Settings\Manon\Bureau
2008-09-27 12:14 . 2008-09-27 23:37 <REP> d-------- C:\Documents and Settings\Manon
2008-09-26 21:37 . 2008-09-26 21:37 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Nero
2008-09-26 21:30 . 2008-09-26 21:30 <REP> d-------- C:\Program Files\Nero
2008-09-26 21:30 . 2008-09-26 21:31 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-26 21:30 . 2008-09-26 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-26 21:05 . 2008-09-26 21:05 <REP> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 10:34 --------- d-----w C:\Program Files\SpeedFan
2008-10-09 17:10 --------- d-----w C:\Program Files\The One Ring 3D Screensaver
2008-09-27 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 20:36 --------- d-----w C:\Program Files\Windows Live
2008-09-25 20:32 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-25 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-25 20:17 --------- d-----w C:\Documents and Settings\Sam\Application Data\CyberLink
2008-09-25 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-25 20:09 --------- d-----w C:\Program Files\CyberLink
2008-09-25 20:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-25 19:52 --------- d-----w C:\Program Files\Avira
2008-09-25 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-09-25 19:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-25 19:44 --------- d-----w C:\Program Files\Realtek
2008-09-25 19:32 --------- d-----w C:\Documents and Settings\Sam\Application Data\InstallShield
2008-09-25 19:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-25 19:06 --------- d-----w C:\Program Files\Services en ligne
2008-09-16 00:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-15 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8491008]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2007-10-25 1626112]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]
"RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [2008-03-26 16859136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\Sam\Menu D‚marrer\Programmes\D‚marrage\
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2008-08-19 3562496]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-26 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eqcvmz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 SetupNTGLM7X;SetupNTGLM7X;I:\NTGLM7X.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-09-30 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:18]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{1E343438-0F19-412F-B955-B6CCF7063499} - (no file)
BHO-{E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} - C:\WINDOWS\system32\urqQgffF.dll
BHO-{EC442773-5C70-494A-86ED-067E1415A07E} - (no file)
ShellExecuteHooks-{FD417378-F411-4B77-BBEE-4893BB670D4C} - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Window Title =
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 12:51:00
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-16 12:51:40
ComboFix-quarantined-files.txt 2008-10-16 10:51:38

Avant-CF: 68 031 238 144 octets libres
Après-CF: 68,762,755,072 octets libres

273 --- E O F --- 2008-10-15 12:19:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:27, on 16/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E343438-0F19-412F-B955-B6CCF7063499} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} - (no file)
O2 - BHO: (no name) - {EC442773-5C70-494A-86ED-067E1415A07E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: eqcvmz.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 17 / 40
sam3332 Messages postés 25 Statut Membre
 
voici les rapports
ComboFix 08-10-15.06 - Sam 2008-10-16 12:46:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1501 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Sam\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\FffgQqru.ini
C:\WINDOWS\system32\FffgQqru.ini2
C:\WINDOWS\system32\kuncmacp.exe
C:\WINDOWS\system32\ntolxwjm.ini
C:\WINDOWS\system32\oknqflag.ini
C:\WINDOWS\system32\pinuumvd.exe
C:\WINDOWS\system32\ubikbeng.ini

----- BITS: Il y a peut-être des sites infectés -----

hxxp://www.mp3codec.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-16 au 2008-10-16 ))))))))))))))))))))))))))))))))))))
.

2008-10-16 11:46 . 2008-10-16 11:46 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-10-16 11:45 . 2008-10-16 11:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 11:45 . 2008-10-16 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-16 11:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-16 11:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-15 16:10 . 2008-10-15 16:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-15 16:09 . 2008-10-15 16:15 <REP> d-------- C:\Documents and Settings\Sam\.housecall6.6
2008-10-15 16:08 . 2008-10-15 16:08 <REP> d-------- C:\WINDOWS\Sun
2008-10-15 16:07 . 2008-10-15 16:07 <REP> d-------- C:\Program Files\Java
2008-10-15 16:07 . 2008-10-15 16:08 <REP> d-------- C:\Program Files\Google
2008-10-15 16:07 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-15 16:06 . 2008-10-15 16:06 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-15 15:54 . 2008-10-15 15:54 <REP> d-------- C:\_OTMoveIt
2008-10-15 15:25 . 2008-10-15 17:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-15 15:25 . 2008-10-16 12:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 14:58 . 2008-10-16 11:40 3,326 --a------ C:\Documents and Settings\Orph.egd
2008-10-15 14:55 . 2008-10-16 11:41 <REP> d-------- C:\ToolBar SD
2008-10-15 14:42 . 2008-10-15 14:42 <REP> d-------- C:\Program Files\Trend Micro
2008-10-14 13:43 . 2008-10-14 13:43 244 --ah----- C:\sqmnoopt17.sqm
2008-10-14 13:43 . 2008-10-14 13:43 232 --ah----- C:\sqmdata17.sqm
2008-10-13 20:52 . 2008-10-15 14:25 3,021 --a------ C:\rollback.ini
2008-10-13 20:34 . 2008-10-13 20:34 <REP> d-------- C:\Documents and Settings\Manon\Application Data\MailFrontier
2008-10-13 09:40 . 2008-10-14 13:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-13 09:40 . 2008-10-13 09:46 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-10-13 09:39 . 2008-10-15 15:26 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-13 09:39 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-13 09:35 . 2008-10-15 15:26 <REP> d-------- C:\WINDOWS\Internet Logs
2008-10-13 08:52 . 2008-10-13 08:55 <REP> d-------- C:\Documents and Settings\Sam\Application Data\GetRightToGo
2008-10-13 08:21 . 2008-10-13 08:21 244 --ah----- C:\sqmnoopt16.sqm
2008-10-13 08:21 . 2008-10-13 08:21 232 --ah----- C:\sqmdata16.sqm
2008-10-12 16:07 . 2008-10-12 16:07 244 --ah----- C:\sqmnoopt15.sqm
2008-10-12 16:07 . 2008-10-12 16:07 232 --ah----- C:\sqmdata15.sqm
2008-10-12 10:42 . 2008-10-12 10:42 <REP> d-------- C:\Documents and Settings\Sam\Contacts
2008-10-12 10:23 . 2008-10-12 10:23 <REP> d-------- C:\Documents and Settings\Sam\Application Data\DivX
2008-10-12 09:58 . 2008-10-12 09:58 244 --ah----- C:\sqmnoopt14.sqm
2008-10-12 09:58 . 2008-10-12 09:58 232 --ah----- C:\sqmdata14.sqm
2008-10-11 09:38 . 2008-10-11 09:38 244 --ah----- C:\sqmnoopt13.sqm
2008-10-11 09:38 . 2008-10-11 09:38 232 --ah----- C:\sqmdata13.sqm
2008-10-10 15:19 . 2008-10-10 15:19 244 --ah----- C:\sqmnoopt12.sqm
2008-10-10 15:19 . 2008-10-10 15:19 232 --ah----- C:\sqmdata12.sqm
2008-10-09 19:17 . 2008-10-09 19:34 <REP> d-------- C:\Documents and Settings\sandrine\Contacts
2008-10-09 19:10 . 2008-10-09 19:10 268 --ah----- C:\sqmdata11.sqm
2008-10-09 19:10 . 2008-10-09 19:10 244 --ah----- C:\sqmnoopt11.sqm
2008-10-09 19:01 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\sandrine\Voisinage réseau
2008-10-09 19:01 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\sandrine\Voisinage d'impression
2008-10-09 19:01 . 2008-09-25 21:06 <REP> d--h----- C:\Documents and Settings\sandrine\Modèles
2008-10-09 19:01 . 2008-10-09 19:22 <REP> dr------- C:\Documents and Settings\sandrine\Mes documents
2008-10-09 19:01 . 2008-09-25 21:56 <REP> dr------- C:\Documents and Settings\sandrine\Menu Démarrer
2008-10-09 19:01 . 2008-10-09 19:01 <REP> dr------- C:\Documents and Settings\sandrine\Favoris
2008-10-09 19:01 . 2008-10-09 19:10 <REP> d-------- C:\Documents and Settings\sandrine\Bureau
2008-10-09 19:01 . 2008-10-09 19:17 <REP> d-------- C:\Documents and Settings\sandrine
2008-10-09 18:13 . 2008-10-09 18:13 <REP> d-------- C:\Documents and Settings\Manon\Application Data\TuneUp Software
2008-10-08 11:56 . 2008-10-08 11:56 244 --ah----- C:\sqmnoopt10.sqm
2008-10-08 11:56 . 2008-10-08 11:56 232 --ah----- C:\sqmdata10.sqm
2008-10-07 10:10 . 2008-10-07 10:10 244 --ah----- C:\sqmnoopt09.sqm
2008-10-07 10:10 . 2008-10-07 10:10 232 --ah----- C:\sqmdata09.sqm
2008-10-07 10:09 . 2008-10-07 10:09 244 --ah----- C:\sqmnoopt08.sqm
2008-10-07 10:09 . 2008-10-07 10:09 232 --ah----- C:\sqmdata08.sqm
2008-10-06 17:13 . 2008-10-06 17:13 244 --ah----- C:\sqmnoopt07.sqm
2008-10-06 17:13 . 2008-10-06 17:13 232 --ah----- C:\sqmdata07.sqm
2008-10-06 13:52 . 2008-10-06 13:52 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Icone
2008-10-05 10:40 . 2008-10-05 10:40 164 --a------ C:\install.dat
2008-10-05 09:33 . 2008-10-05 09:33 244 --ah----- C:\sqmnoopt06.sqm
2008-10-05 09:33 . 2008-10-05 09:33 232 --ah----- C:\sqmdata06.sqm
2008-10-04 07:59 . 2008-10-04 07:59 244 --ah----- C:\sqmnoopt05.sqm
2008-10-04 07:59 . 2008-10-04 07:59 232 --ah----- C:\sqmdata05.sqm
2008-10-01 17:00 . 2008-10-01 17:00 244 --ah----- C:\sqmnoopt04.sqm
2008-10-01 17:00 . 2008-10-01 17:00 232 --ah----- C:\sqmdata04.sqm
2008-10-01 12:27 . 2008-10-01 12:27 <REP> d-------- C:\Program Files\CCleaner
2008-09-30 16:48 . 2008-09-30 16:49 <REP> d-------- C:\Program Files\PhotoFiltre
2008-09-30 14:57 . 2008-09-30 14:57 244 --ah----- C:\sqmnoopt03.sqm
2008-09-30 14:57 . 2008-09-30 14:57 232 --ah----- C:\sqmdata03.sqm
2008-09-30 12:12 . 2008-10-14 14:03 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2008-09-30 12:12 . 2008-09-30 12:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-30 12:12 . 2008-09-30 12:12 <REP> d-------- C:\Documents and Settings\Sam\Application Data\TuneUp Software
2008-09-30 12:12 . 2008-09-30 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-30 12:12 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-30 11:46 . 2008-09-30 11:46 <REP> d-------- C:\Program Files\uTorrent
2008-09-30 11:46 . 2008-10-13 09:45 <REP> d-------- C:\Documents and Settings\Sam\Application Data\uTorrent
2008-09-30 11:40 . 2008-09-30 11:49 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Azureus
2008-09-30 11:40 . 2008-09-30 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-09-29 13:36 . 2008-09-29 13:36 244 --ah----- C:\sqmnoopt02.sqm
2008-09-29 13:36 . 2008-09-29 13:36 232 --ah----- C:\sqmdata02.sqm
2008-09-29 11:43 . 2008-09-29 11:43 244 --ah----- C:\sqmnoopt01.sqm
2008-09-29 11:43 . 2008-09-29 11:43 232 --ah----- C:\sqmdata01.sqm
2008-09-28 18:31 . 2008-10-14 13:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-28 15:27 . 2008-10-12 16:22 <REP> d-------- C:\Program Files\eMule
2008-09-28 09:18 . 2008-09-28 09:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-28 09:13 . 2008-09-28 09:13 <REP> d-------- C:\Program Files\Logitech
2008-09-28 09:13 . 2008-09-28 09:13 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-28 09:13 . 2004-01-21 03:26 360,448 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-28 09:08 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-28 09:08 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-28 09:07 . 2003-02-27 23:10 6,184 -ra------ C:\WINDOWS\system32\cmglue.vxd
2008-09-28 09:06 . 2008-09-28 09:06 <REP> d-------- C:\WINDOWS\StartHtmico
2008-09-28 09:06 . 2008-09-28 09:06 <REP> d-------- C:\WINDOWS\I560
2008-09-28 09:06 . 2008-09-28 09:06 <REP> d--h----- C:\BJPrinter
2008-09-28 09:06 . 2003-07-30 07:00 107,008 --a------ C:\WINDOWS\system32\CNMLM58.DLL
2008-09-28 09:06 . 2003-05-13 20:50 73,728 -ra------ C:\WINDOWS\system32\CNMCP58.exe
2008-09-28 09:06 . 2003-07-30 07:00 6,656 --a------ C:\WINDOWS\system32\CNMVS58.DLL
2008-09-28 08:26 . 2008-09-28 08:26 <REP> d-------- C:\Program Files\Microsoft Money
2008-09-27 23:37 . 2008-10-11 16:44 <REP> d-------- C:\Documents and Settings\Manon\Contacts
2008-09-27 23:15 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-09-27 23:15 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-09-27 23:15 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-09-27 23:15 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-09-27 23:15 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-09-27 23:15 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-09-27 23:15 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-09-27 23:14 . 2008-09-27 23:15 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-09-27 23:14 . 2008-09-27 23:14 <REP> d-------- C:\Program Files\Samsung
2008-09-27 23:14 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
2008-09-27 16:26 . 2008-09-27 16:26 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-27 12:14 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\Manon\Voisinage réseau
2008-09-27 12:14 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\Manon\Voisinage d'impression
2008-09-27 12:14 . 2008-09-25 21:06 <REP> d--h----- C:\Documents and Settings\Manon\Modèles
2008-09-27 12:14 . 2008-09-25 21:56 <REP> dr------- C:\Documents and Settings\Manon\Menu Démarrer
2008-09-27 12:14 . 2008-10-08 14:56 <REP> dr------- C:\Documents and Settings\Manon\Favoris
2008-09-27 12:14 . 2008-10-12 15:13 <REP> d-------- C:\Documents and Settings\Manon\Bureau
2008-09-27 12:14 . 2008-09-27 23:37 <REP> d-------- C:\Documents and Settings\Manon
2008-09-26 21:37 . 2008-09-26 21:37 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Nero
2008-09-26 21:30 . 2008-09-26 21:30 <REP> d-------- C:\Program Files\Nero
2008-09-26 21:30 . 2008-09-26 21:31 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-26 21:30 . 2008-09-26 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-26 21:05 . 2008-09-26 21:05 <REP> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 10:34 --------- d-----w C:\Program Files\SpeedFan
2008-10-09 17:10 --------- d-----w C:\Program Files\The One Ring 3D Screensaver
2008-09-27 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 20:36 --------- d-----w C:\Program Files\Windows Live
2008-09-25 20:32 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-25 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-25 20:17 --------- d-----w C:\Documents and Settings\Sam\Application Data\CyberLink
2008-09-25 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-25 20:09 --------- d-----w C:\Program Files\CyberLink
2008-09-25 20:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-25 19:52 --------- d-----w C:\Program Files\Avira
2008-09-25 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-09-25 19:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-25 19:44 --------- d-----w C:\Program Files\Realtek
2008-09-25 19:32 --------- d-----w C:\Documents and Settings\Sam\Application Data\InstallShield
2008-09-25 19:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-25 19:06 --------- d-----w C:\Program Files\Services en ligne
2008-09-16 00:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-15 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8491008]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2007-10-25 1626112]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]
"RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [2008-03-26 16859136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\Sam\Menu D‚marrer\Programmes\D‚marrage\
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2008-08-19 3562496]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-26 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eqcvmz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 SetupNTGLM7X;SetupNTGLM7X;I:\NTGLM7X.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-09-30 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:18]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{1E343438-0F19-412F-B955-B6CCF7063499} - (no file)
BHO-{E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} - C:\WINDOWS\system32\urqQgffF.dll
BHO-{EC442773-5C70-494A-86ED-067E1415A07E} - (no file)
ShellExecuteHooks-{FD417378-F411-4B77-BBEE-4893BB670D4C} - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Window Title =
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 12:51:00
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-16 12:51:40
ComboFix-quarantined-files.txt 2008-10-16 10:51:38

Avant-CF: 68 031 238 144 octets libres
Après-CF: 68,762,755,072 octets libres

273 --- E O F --- 2008-10-15 12:19:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:27, on 16/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E343438-0F19-412F-B955-B6CCF7063499} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} - (no file)
O2 - BHO: (no name) - {EC442773-5C70-494A-86ED-067E1415A07E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: eqcvmz.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 18 / 40
sam3332 Messages postés 25 Statut Membre
 
voici les rapports
ComboFix 08-10-15.06 - Sam 2008-10-16 12:46:11.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1501 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Sam\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\FffgQqru.ini
C:\WINDOWS\system32\FffgQqru.ini2
C:\WINDOWS\system32\kuncmacp.exe
C:\WINDOWS\system32\ntolxwjm.ini
C:\WINDOWS\system32\oknqflag.ini
C:\WINDOWS\system32\pinuumvd.exe
C:\WINDOWS\system32\ubikbeng.ini

----- BITS: Il y a peut-être des sites infectés -----

hxxp://www.mp3codec.net
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-16 au 2008-10-16 ))))))))))))))))))))))))))))))))))))
.

2008-10-16 11:46 . 2008-10-16 11:46 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Malwarebytes
2008-10-16 11:45 . 2008-10-16 11:45 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-16 11:45 . 2008-10-16 11:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-16 11:45 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-16 11:45 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-15 16:10 . 2008-10-15 16:09 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-10-15 16:09 . 2008-10-15 16:15 <REP> d-------- C:\Documents and Settings\Sam\.housecall6.6
2008-10-15 16:08 . 2008-10-15 16:08 <REP> d-------- C:\WINDOWS\Sun
2008-10-15 16:07 . 2008-10-15 16:07 <REP> d-------- C:\Program Files\Java
2008-10-15 16:07 . 2008-10-15 16:08 <REP> d-------- C:\Program Files\Google
2008-10-15 16:07 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-15 16:06 . 2008-10-15 16:06 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-10-15 15:54 . 2008-10-15 15:54 <REP> d-------- C:\_OTMoveIt
2008-10-15 15:25 . 2008-10-15 17:25 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-15 15:25 . 2008-10-16 12:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 14:58 . 2008-10-16 11:40 3,326 --a------ C:\Documents and Settings\Orph.egd
2008-10-15 14:55 . 2008-10-16 11:41 <REP> d-------- C:\ToolBar SD
2008-10-15 14:42 . 2008-10-15 14:42 <REP> d-------- C:\Program Files\Trend Micro
2008-10-14 13:43 . 2008-10-14 13:43 244 --ah----- C:\sqmnoopt17.sqm
2008-10-14 13:43 . 2008-10-14 13:43 232 --ah----- C:\sqmdata17.sqm
2008-10-13 20:52 . 2008-10-15 14:25 3,021 --a------ C:\rollback.ini
2008-10-13 20:34 . 2008-10-13 20:34 <REP> d-------- C:\Documents and Settings\Manon\Application Data\MailFrontier
2008-10-13 09:40 . 2008-10-14 13:21 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-10-13 09:40 . 2008-10-13 09:46 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-10-13 09:39 . 2008-10-15 15:26 <REP> d-------- C:\WINDOWS\system32\ZoneLabs
2008-10-13 09:39 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-10-13 09:35 . 2008-10-15 15:26 <REP> d-------- C:\WINDOWS\Internet Logs
2008-10-13 08:52 . 2008-10-13 08:55 <REP> d-------- C:\Documents and Settings\Sam\Application Data\GetRightToGo
2008-10-13 08:21 . 2008-10-13 08:21 244 --ah----- C:\sqmnoopt16.sqm
2008-10-13 08:21 . 2008-10-13 08:21 232 --ah----- C:\sqmdata16.sqm
2008-10-12 16:07 . 2008-10-12 16:07 244 --ah----- C:\sqmnoopt15.sqm
2008-10-12 16:07 . 2008-10-12 16:07 232 --ah----- C:\sqmdata15.sqm
2008-10-12 10:42 . 2008-10-12 10:42 <REP> d-------- C:\Documents and Settings\Sam\Contacts
2008-10-12 10:23 . 2008-10-12 10:23 <REP> d-------- C:\Documents and Settings\Sam\Application Data\DivX
2008-10-12 09:58 . 2008-10-12 09:58 244 --ah----- C:\sqmnoopt14.sqm
2008-10-12 09:58 . 2008-10-12 09:58 232 --ah----- C:\sqmdata14.sqm
2008-10-11 09:38 . 2008-10-11 09:38 244 --ah----- C:\sqmnoopt13.sqm
2008-10-11 09:38 . 2008-10-11 09:38 232 --ah----- C:\sqmdata13.sqm
2008-10-10 15:19 . 2008-10-10 15:19 244 --ah----- C:\sqmnoopt12.sqm
2008-10-10 15:19 . 2008-10-10 15:19 232 --ah----- C:\sqmdata12.sqm
2008-10-09 19:17 . 2008-10-09 19:34 <REP> d-------- C:\Documents and Settings\sandrine\Contacts
2008-10-09 19:10 . 2008-10-09 19:10 268 --ah----- C:\sqmdata11.sqm
2008-10-09 19:10 . 2008-10-09 19:10 244 --ah----- C:\sqmnoopt11.sqm
2008-10-09 19:01 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\sandrine\Voisinage réseau
2008-10-09 19:01 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\sandrine\Voisinage d'impression
2008-10-09 19:01 . 2008-09-25 21:06 <REP> d--h----- C:\Documents and Settings\sandrine\Modèles
2008-10-09 19:01 . 2008-10-09 19:22 <REP> dr------- C:\Documents and Settings\sandrine\Mes documents
2008-10-09 19:01 . 2008-09-25 21:56 <REP> dr------- C:\Documents and Settings\sandrine\Menu Démarrer
2008-10-09 19:01 . 2008-10-09 19:01 <REP> dr------- C:\Documents and Settings\sandrine\Favoris
2008-10-09 19:01 . 2008-10-09 19:10 <REP> d-------- C:\Documents and Settings\sandrine\Bureau
2008-10-09 19:01 . 2008-10-09 19:17 <REP> d-------- C:\Documents and Settings\sandrine
2008-10-09 18:13 . 2008-10-09 18:13 <REP> d-------- C:\Documents and Settings\Manon\Application Data\TuneUp Software
2008-10-08 11:56 . 2008-10-08 11:56 244 --ah----- C:\sqmnoopt10.sqm
2008-10-08 11:56 . 2008-10-08 11:56 232 --ah----- C:\sqmdata10.sqm
2008-10-07 10:10 . 2008-10-07 10:10 244 --ah----- C:\sqmnoopt09.sqm
2008-10-07 10:10 . 2008-10-07 10:10 232 --ah----- C:\sqmdata09.sqm
2008-10-07 10:09 . 2008-10-07 10:09 244 --ah----- C:\sqmnoopt08.sqm
2008-10-07 10:09 . 2008-10-07 10:09 232 --ah----- C:\sqmdata08.sqm
2008-10-06 17:13 . 2008-10-06 17:13 244 --ah----- C:\sqmnoopt07.sqm
2008-10-06 17:13 . 2008-10-06 17:13 232 --ah----- C:\sqmdata07.sqm
2008-10-06 13:52 . 2008-10-06 13:52 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Icone
2008-10-05 10:40 . 2008-10-05 10:40 164 --a------ C:\install.dat
2008-10-05 09:33 . 2008-10-05 09:33 244 --ah----- C:\sqmnoopt06.sqm
2008-10-05 09:33 . 2008-10-05 09:33 232 --ah----- C:\sqmdata06.sqm
2008-10-04 07:59 . 2008-10-04 07:59 244 --ah----- C:\sqmnoopt05.sqm
2008-10-04 07:59 . 2008-10-04 07:59 232 --ah----- C:\sqmdata05.sqm
2008-10-01 17:00 . 2008-10-01 17:00 244 --ah----- C:\sqmnoopt04.sqm
2008-10-01 17:00 . 2008-10-01 17:00 232 --ah----- C:\sqmdata04.sqm
2008-10-01 12:27 . 2008-10-01 12:27 <REP> d-------- C:\Program Files\CCleaner
2008-09-30 16:48 . 2008-09-30 16:49 <REP> d-------- C:\Program Files\PhotoFiltre
2008-09-30 14:57 . 2008-09-30 14:57 244 --ah----- C:\sqmnoopt03.sqm
2008-09-30 14:57 . 2008-09-30 14:57 232 --ah----- C:\sqmdata03.sqm
2008-09-30 12:12 . 2008-10-14 14:03 <REP> d-------- C:\Program Files\TuneUp Utilities 2007
2008-09-30 12:12 . 2008-09-30 12:12 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-09-30 12:12 . 2008-09-30 12:12 <REP> d-------- C:\Documents and Settings\Sam\Application Data\TuneUp Software
2008-09-30 12:12 . 2008-09-30 12:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-09-30 12:12 . 2007-05-16 09:41 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-09-30 11:46 . 2008-09-30 11:46 <REP> d-------- C:\Program Files\uTorrent
2008-09-30 11:46 . 2008-10-13 09:45 <REP> d-------- C:\Documents and Settings\Sam\Application Data\uTorrent
2008-09-30 11:40 . 2008-09-30 11:49 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Azureus
2008-09-30 11:40 . 2008-09-30 11:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus
2008-09-29 13:36 . 2008-09-29 13:36 244 --ah----- C:\sqmnoopt02.sqm
2008-09-29 13:36 . 2008-09-29 13:36 232 --ah----- C:\sqmdata02.sqm
2008-09-29 11:43 . 2008-09-29 11:43 244 --ah----- C:\sqmnoopt01.sqm
2008-09-29 11:43 . 2008-09-29 11:43 232 --ah----- C:\sqmdata01.sqm
2008-09-28 18:31 . 2008-10-14 13:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-28 15:27 . 2008-10-12 16:22 <REP> d-------- C:\Program Files\eMule
2008-09-28 09:18 . 2008-09-28 09:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-28 09:13 . 2008-09-28 09:13 <REP> d-------- C:\Program Files\Logitech
2008-09-28 09:13 . 2008-09-28 09:13 <REP> d-------- C:\Program Files\Fichiers communs\Labtec
2008-09-28 09:13 . 2004-01-21 03:26 360,448 --a------ C:\WINDOWS\system32\LVUI2RC.dll
2008-09-28 09:08 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-09-28 09:08 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-09-28 09:07 . 2003-02-27 23:10 6,184 -ra------ C:\WINDOWS\system32\cmglue.vxd
2008-09-28 09:06 . 2008-09-28 09:06 <REP> d-------- C:\WINDOWS\StartHtmico
2008-09-28 09:06 . 2008-09-28 09:06 <REP> d-------- C:\WINDOWS\I560
2008-09-28 09:06 . 2008-09-28 09:06 <REP> d--h----- C:\BJPrinter
2008-09-28 09:06 . 2003-07-30 07:00 107,008 --a------ C:\WINDOWS\system32\CNMLM58.DLL
2008-09-28 09:06 . 2003-05-13 20:50 73,728 -ra------ C:\WINDOWS\system32\CNMCP58.exe
2008-09-28 09:06 . 2003-07-30 07:00 6,656 --a------ C:\WINDOWS\system32\CNMVS58.DLL
2008-09-28 08:26 . 2008-09-28 08:26 <REP> d-------- C:\Program Files\Microsoft Money
2008-09-27 23:37 . 2008-10-11 16:44 <REP> d-------- C:\Documents and Settings\Manon\Contacts
2008-09-27 23:15 . 2005-08-30 01:49 94,000 --a------ C:\WINDOWS\system32\drivers\ssm_mdm.sys
2008-09-27 23:15 . 2005-08-30 01:47 58,320 --a------ C:\WINDOWS\system32\drivers\ssm_bus.sys
2008-09-27 23:15 . 2005-08-30 01:49 8,336 --a------ C:\WINDOWS\system32\drivers\ssm_mdfl.sys
2008-09-27 23:15 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cmnt.sys
2008-09-27 23:15 . 2005-08-30 01:49 6,176 --a------ C:\WINDOWS\system32\drivers\ssm_cm.sys
2008-09-27 23:15 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_whnt.sys
2008-09-27 23:15 . 2005-08-30 01:47 5,840 --a------ C:\WINDOWS\system32\drivers\ssm_wh.sys
2008-09-27 23:14 . 2008-09-27 23:15 <REP> d-------- C:\WINDOWS\system32\Samsung_USB_Drivers
2008-09-27 23:14 . 2008-09-27 23:14 <REP> d-------- C:\Program Files\Samsung
2008-09-27 23:14 . 2005-08-13 05:06 22,486 -ra------ C:\WINDOWS\system32\UnInstall_Driver.ico
2008-09-27 16:26 . 2008-09-27 16:26 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-27 12:14 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\Manon\Voisinage réseau
2008-09-27 12:14 . 2008-09-25 21:56 <REP> d--h----- C:\Documents and Settings\Manon\Voisinage d'impression
2008-09-27 12:14 . 2008-09-25 21:06 <REP> d--h----- C:\Documents and Settings\Manon\Modèles
2008-09-27 12:14 . 2008-09-25 21:56 <REP> dr------- C:\Documents and Settings\Manon\Menu Démarrer
2008-09-27 12:14 . 2008-10-08 14:56 <REP> dr------- C:\Documents and Settings\Manon\Favoris
2008-09-27 12:14 . 2008-10-12 15:13 <REP> d-------- C:\Documents and Settings\Manon\Bureau
2008-09-27 12:14 . 2008-09-27 23:37 <REP> d-------- C:\Documents and Settings\Manon
2008-09-26 21:37 . 2008-09-26 21:37 <REP> d-------- C:\Documents and Settings\Sam\Application Data\Nero
2008-09-26 21:30 . 2008-09-26 21:30 <REP> d-------- C:\Program Files\Nero
2008-09-26 21:30 . 2008-09-26 21:31 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-09-26 21:30 . 2008-09-26 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-09-26 21:05 . 2008-09-26 21:05 <REP> d-------- C:\Program Files\DivX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 10:34 --------- d-----w C:\Program Files\SpeedFan
2008-10-09 17:10 --------- d-----w C:\Program Files\The One Ring 3D Screensaver
2008-09-27 21:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 20:36 --------- d-----w C:\Program Files\Windows Live
2008-09-25 20:32 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-09-25 20:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-25 20:17 --------- d-----w C:\Documents and Settings\Sam\Application Data\CyberLink
2008-09-25 20:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-09-25 20:09 --------- d-----w C:\Program Files\CyberLink
2008-09-25 20:08 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-09-25 19:52 --------- d-----w C:\Program Files\Avira
2008-09-25 19:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-09-25 19:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-25 19:44 --------- d-----w C:\Program Files\Realtek
2008-09-25 19:32 --------- d-----w C:\Documents and Settings\Sam\Application Data\InstallShield
2008-09-25 19:08 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-25 19:06 --------- d-----w C:\Program Files\Services en ligne
2008-09-16 00:14 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-09-16 00:14 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 00:11 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 00:11 815,104 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 00:11 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 00:11 683,520 ----a-w C:\WINDOWS\system32\DivX.dll
2008-09-16 00:11 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 00:11 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15360]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 204863]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-10-15 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-25 8491008]
"nwiz"="C:\WINDOWS\system32\nwiz.exe" [2007-10-25 1626112]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-25 81920]
"RTHDCPL"="C:\WINDOWS\RTHDCPL.EXE" [2008-03-26 16859136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

C:\Documents and Settings\Sam\Menu D‚marrer\Programmes\D‚marrage\
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe [2008-08-19 3562496]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2008-09-26 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=eqcvmz.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 14336]
R3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 SetupNTGLM7X;SetupNTGLM7X;I:\NTGLM7X.sys [ ]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Tâches planifiées'

2008-09-30 C:\WINDOWS\Tasks\Maintenance en 1 clic.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 19:18]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{1E343438-0F19-412F-B955-B6CCF7063499} - (no file)
BHO-{E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} - C:\WINDOWS\system32\urqQgffF.dll
BHO-{EC442773-5C70-494A-86ED-067E1415A07E} - (no file)
ShellExecuteHooks-{FD417378-F411-4B77-BBEE-4893BB670D4C} - (no file)

.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKLM-Main,Window Title =
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 12:51:00
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-16 12:51:40
ComboFix-quarantined-files.txt 2008-10-16 10:51:38

Avant-CF: 68 031 238 144 octets libres
Après-CF: 68,762,755,072 octets libres

273 --- E O F --- 2008-10-15 12:19:02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:54:27, on 16/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\monjack.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1E343438-0F19-412F-B955-B6CCF7063499} - (no file)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E55D18AF-1E0E-4B6F-953F-7C9EC0DC359C} - (no file)
O2 - BHO: (no name) - {EC442773-5C70-494A-86ED-067E1415A07E} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "C:\WINDOWS\system32\nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "C:\WINDOWS\system32\RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] "C:\WINDOWS\RTHDCPL.EXE"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program Files\Logitech\Video\ISStart.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: eqcvmz.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
0
Réponse 19 / 40
sam3332 Messages postés 25 Statut Membre
 
y a t il des infections encor?

MERCI
0
Réponse 20 / 40
sKe69 Messages postés 21955 Statut Contributeur sécurité 463
 
bien ... il reste encore un peu de boulot .... mais on a bien avancé ... ^^

1- Avoir accès aux fichiers cachés :

Vas dans Menu Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
* "Afficher les fichiers et dossiers cachés" ---> coché
* "Masquer les extensions des fichiers dont le type est connu" ---> décoché
* "masquer les fichiers du système" ---> décoché
-> valides la modif ( "appliquer" puis "ok" ).
( tu remetteras les paramètres de départ une fois la désinfection terminée , pas avant ... )

2- Rends toi sur ce site :

https://www.virustotal.com/gui/

Copies ce qui suit et colles le dans l'espace pour la recherche :
C:\rollback.ini

Cliques sur Send File ( = " Envoyer le fichier " ).

Un rapport va s'élaborer ligne à ligne.

Attends bien la fin ... Il doit comprendre la taille du fichier envoyé.

Sauvegarde le rapport avec le bloc-note.

Copies le dans ta prochaine réponse ...

( Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton Ré-analyse le fichier maintenant )

0

Discussions similaires

Ouvrir un fichier .pub sans Publisher
baissaoui -
baissaoui -

0 réponse
Ouvrir document Publisher sans Publisher
Curtis Hayes -
Curtis Hayes -

7 réponses
lire un fichier .pub
xycoco -
Valou -

38 réponses
Lire, afficher, exécuter un fichier *.pub sans Publisher
jeannoellaurenti -
informatique_fujitsu -

1 réponse
Recherche nom acteur Pub
Visu -
Lorenzo -

4 réponses