Au secour contaminé par exmdnk Résolu

Question

Bonjour,

 C la misere j'ai un bon gros virus et pas moyen de m'en separer!!! j'ai lu quelques post j'ai donc fait un scan Hijackthis dont voici le rapport il me faut SVP l'avis d'un Expert...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:06, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\WINDOWS\system32undll32.exe
G:\Program Files\QuickTime\QTTask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\a-squared Free\a2service.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\WINDOWS\system32
vsvc32.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - G:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - G:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [devenv] G:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] G:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [lphcn97j0ecdv] G:\WINDOWS\system32\lphcn97j0ecdv.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - G:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32
vsvc32.exe

jlpjlp · Accepted Answer

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)


double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

jlpjlp · Answer

slt,

scan avec malwarebyte minutieusement et colle le rapport et virer ce qui est trouvépuis remets un nouvel hijackthis et dis tes soucis



https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

MrDoS · Answer

Salut

Merci bcp  jlpjlp de me donner un coup de main, et de t'interesser a mon probleme je sait que les manipulations pour ce sortir des effet de ce virus sont assez longues et complexe j'espere qu'a terme je pouré aussi aider ceux qui on recuperre cette saloperie

Je colle le rapport des que c'est fini en attendant une te donne une petite idée des pbms rencontrés, fonc d'ecran modifier (fait la pub d'un antimalware en me disant que ma machine est touchée (comme si j'etais pas au courant))
ralenti considerablement ma machine et des que j'essaye de le virer son activité devient telment intense que je peu plus rien faire!!!!!

suite au prochain episode (rapport malware bytes)

jlpjlp · Answer

ok


a plus

MrDoS · Answer

Petard incroyable cette S****** de virus

Impossible de mener le scan a son terme il me simule des ecrans bleu qui n'en son pas le scan est aborté avant terme, alors je pense a une autre technique sugérée sur les forums: 

Stp jete un oeil et dis moi ce ke t'en pense et si tu connais la manip des fois que j'ai besoin 'un coups de pouce!!

Merci encore.

Liens:

http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/processus-debarrasser-resolu-sujet_200773_1.htm

E..T · Answer

Hello pour avancer jlpjlp ;)

MrDoS, tu as installé malwarebyte ?
Si c'est le cas démarre en mode sans échec
Comment faire >> https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php
Redémarres l’ordinateur
Dès le chargement du BIOS, commences à appuyer sur la touche F8 de ton clavier,i jusqu'au ou le menu des options avancées de Windows apparait.
Sélectionne "Mode sans échec" dans le menu puis appuyez sur Entrée.


* Lance MalwareByte's Anti-Malware, clique sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs

* // !! \ Une fois le scan terminé, Si des elements on ete trouvés > cliques sur supprimer la selection. (si un message te demande de redémarrer le PC, accepte.)

* Un rapport sera généré, poste le ici.

@++

jlpjlp · Answer

slt E.T


MrDoS,  fais ce qui est dans le message 5 si tu n'y arrive pas on fera autrement 

a plus

MrDoS · Answer

Tres bien je vous suit je posterais le rapport ce soir ou demain au plus tard

Merci encore pour votre aide....

MrDoS · Answer

Punaise la misere 19 infections rien que ca, je suis content j'ai reussit a recupere mon fond d'ecran c'est deja bien je soumet donc ce rapport a votre avis d'expert....


-------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1288
Windows 5.1.2600 Service Pack 2

21/10/2008 21:17:45
mbam-log-2008-10-21 (21-17-37).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|J:\|Z:\|)
Eléments examinés: 121963
Temps écoulé: 1 hour(s), 5 minute(s), 39 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 10

Processus mémoire infecté(s):
G:\WINDOWS\system32\blphcn97j0ecdv.scr (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcn97j0ecdv (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
G:\WINDOWS\system32\msnmsgs.exe (Trojan.Agent) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
G:\WINDOWS\system32\drivers\beep.sys (Fake.Beep.Sys) -> No action taken.
G:\WINDOWS\system32\blphcn97j0ecdv.scr (Trojan.FakeAlert) -> No action taken.
G:\WINDOWS\system32\lphcn97j0ecdv.exe (Trojan.FakeAlert) -> No action taken.
G:\WINDOWS\system32\phcn97j0ecdv.bmp (Trojan.FakeAlert) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt4B.tmp.vbs (Trojan.FakeAlert) -> No action taken.
G:\Documents and Settings\Administrateur\Local Settings\Temp\.tt3.tmp.vbs (Trojan.FakeAlert) -> No action taken.

E..T · Answer

Bonsoir,

Réouvres Malwarebytes' Anti-Malware va sur l'onglet quarantaine et supprimes tout.
Puis met un nouveau rapport hijackthis.

@++

MrDoS · Answer

bon voila c'est fait

Ceci dit juste avant de le suprimer j'ai a nouveau vu le processus tenter de s'executer et etre bloquer par le pare feu mais c'est peu etre du au fait qu'il etait encore dans la zone de quarantaine!

Autre nouveauté j'ai un rootkit "glaide32" surment un autre programme malveillant qui s'est fait invité par ceux deja present.

MrDoS · Answer

j'oubliais bah oui le rapport hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:38, on 22/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\csrss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
G:\Program Files\Alwil Software\Avast4\ashServ.exe
G:\WINDOWS\Explorer.EXE
G:\WINDOWS\system32\spoolsv.exe
G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
G:\WINDOWS\system32undll32.exe
G:\Program Files\QuickTime\QTTask.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Spyware Doctor\pctsTray.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\a-squared Free\a2service.exe
G:\Program Files\Logitech\SetPoint\SetPoint.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32
vsvc32.exe
G:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Spyware Doctor\pctsAuxs.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\Program Files\Spyware Doctor\pctsSvc.exe
G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\WINDOWS\System32\alg.exe
G:\PROGRA~1\MICROS~1\Office12\OUTLOOK.EXE
G:\Program Files\Internet Explorer\IEXPLORE.EXE
G:\Program Files\Spyware Doctor\pctsGui.exe
G:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Ultimate Edition
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - G:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - G:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - G:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - G:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [avast!] G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE G:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE G:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Easy-PrintToolBox] G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [devenv] G:\WINDOWS\system\smvss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flashget] G:\Program Files\FlashGet\flashget.exe /min
O4 - HKLM\..\Run: [ISTray] "G:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE G:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Sidebar] G:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AdobeUpdater] G:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Logitech SetPoint.lnk = G:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - G:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - G:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://G:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - G:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - G:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) 
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) 
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - G:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - G:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - G:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - G:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NBService - Nero AG - G:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - G:\WINDOWS\system32
vsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdauxservice) - PC Tools - G:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdcoreservice) - PC Tools - G:\Program Files\Spyware Doctor\pctsSvc.exe

MrDoS · Answer

alors euh le tuto fonctione bien mais le liens pr telecharger le soft est mort ainsi que ceux qui sont egalement sugeré ds le tuto alors comment on fait???

E..T · Answer

Ah oui exact plus de lien pour combofix.

jlpjlp · Answer

slt je viens de tester le lien pour télécharger combofix marche ce matin

a plus

E..T · Answer

Salut jlpjlp,
Exact c'est reparti.
@++

jlpjlp · Answer

slt E.T!!!

MrDoS · Answer

Ah bah nikel merci les gars j'essaye ca des que je suis renté du taff

A tte....

MrDoS · Answer

ComboFix 08-10-22.05 - Administrateur 2008-10-29 19:54:01.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.640 [GMT 1:00]
Lancé depuis: G:\Documents and Settings\Administrateur\Bureau\Maintenance PC\ComboFix.exe
Commutateurs utilisés :: G:\Documents and Settings\Administrateur\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.

2008-10-24 21:22 . 2007-07-30 18:19 271,224 --a------ G:\WINDOWS\system32\mucltui.dll
2008-10-24 21:22 . 2007-07-30 18:19 207,736 --a------ G:\WINDOWS\system32\muweb.dll
2008-10-24 21:22 . 2007-07-30 18:18 30,072 --a------ G:\WINDOWS\system32\mucltui.dll.mui
2008-10-23 19:35 . 2004-08-03 21:59 36,352 --a------ G:\WINDOWS\system32\drivers\disk.sys
2008-10-22 20:02 . 2008-10-22 20:02 <REP> d-------- G:\Program Files\Sophos
2008-10-22 20:00 . 2007-01-18 13:00 3,968 --a------ G:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-21 20:33 . 2008-10-29 19:52 <REP> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-10-21 20:33 . 2008-08-25 11:36 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-21 20:33 . 2008-08-25 11:36 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-21 20:33 . 2008-08-25 11:36 40,840 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-21 20:33 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-10-21 20:32 . 2008-10-28 21:17 <REP> d-------- G:\Program Files\Spyware Doctor
2008-10-21 20:32 . 2008-10-21 20:32 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-10-21 05:50 . 2008-10-21 05:50 268 --ah----- G:\sqmdata00.sqm
2008-10-21 05:50 . 2008-10-21 05:50 244 --ah----- G:\sqmnoopt00.sqm
2008-10-20 17:55 . 2008-10-29 19:55 93,918 --a------ G:\WINDOWS\system32\drivers\glaide32.sys
2008-10-19 22:02 . 2008-10-19 22:09 <REP> d-------- G:\SDFix
2008-10-19 21:58 . 2007-09-05 23:22 289,144 --a------ G:\WINDOWS\system32\VCCLSID.exe
2008-10-19 21:58 . 2006-04-27 16:49 288,417 --a------ G:\WINDOWS\system32\SrchSTS.exe
2008-10-19 21:58 . 2008-09-08 22:38 88,576 --a------ G:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-19 21:58 . 2008-10-01 14:51 87,552 --a------ G:\WINDOWS\system32\VACFix.exe
2008-10-19 21:58 . 2008-10-10 07:58 82,944 --a------ G:\WINDOWS\system32\o4Patch.exe
2008-10-19 21:58 . 2008-10-10 07:58 82,944 --a------ G:\WINDOWS\system32\IEDFix.C.exe
2008-10-19 21:58 . 2008-08-18 11:19 82,432 --a------ G:\WINDOWS\system32\404Fix.exe
2008-10-19 21:58 . 2004-07-31 17:50 51,200 --a------ G:\WINDOWS\system32\dumphive.exe
2008-10-19 21:58 . 2007-10-03 23:36 25,600 --a------ G:\WINDOWS\system32\WS2Fix.exe
2008-10-19 21:58 . 2008-10-19 21:58 2,940 --a------ G:\WINDOWS\system32\tmp.reg
2008-10-19 21:51 . 2008-10-19 21:51 <REP> d-------- G:\Program Files\CCleaner
2008-10-19 12:30 . 2008-10-19 12:30 <REP> d-------- G:\Program Files\TomTom DesktopSuite
2008-10-18 23:28 . 2008-10-18 23:28 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-18 23:27 . 2008-10-18 23:27 <REP> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 23:27 . 2008-10-18 23:27 <REP> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-18 23:27 . 2008-10-16 19:25 38,496 --a------ G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 23:27 . 2008-10-16 19:25 15,504 --a------ G:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 11:47 . 2008-10-18 11:47 <REP> d-------- G:\Program Files\Trend Micro
2008-10-18 07:56 . 2008-10-18 10:08 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\MobileSyncBrowser
2008-10-14 21:15 . 2008-10-14 21:15 <REP> d-------- G:\Program Files\HDD Health
2008-10-08 18:39 . 2008-10-25 11:14 51 --a------ G:\WINDOWS\npornap.INI
2008-10-08 18:36 . 2008-10-08 18:36 <REP> d-------- G:\Program Files\Orange
2008-10-01 21:37 . 2008-10-01 21:37 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\ESET
2008-10-01 20:41 . 2008-10-01 22:21 <REP> d-------- G:\Program Files\ESET
2008-10-01 20:41 . 2008-10-01 20:41 <REP> d-------- G:\Documents and Settings\All Users\Application Data\ESET
2008-10-01 20:38 . 2008-10-01 21:40 174,513 --a------ G:\WINDOWS\Dasumo Fix v3.2.exe
2008-09-30 18:09 . 2008-04-17 12:12 107,368 --a------ G:\WINDOWS\system32\GEARAspi.dll
2008-09-30 18:09 . 2008-04-17 12:12 15,464 --a------ G:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-30 18:08 . 2008-09-30 18:09 <REP> d-------- G:\Program Files\iTunes
2008-09-30 18:08 . 2008-09-30 18:08 <REP> d-------- G:\Program Files\iPod
2008-09-30 18:08 . 2008-09-30 18:09 <REP> d-------- G:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 18:05 . 2008-09-30 18:06 <REP> d-------- G:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 18:37 --------- d-----w G:\Program Files\FlashGet
2008-10-28 22:09 --------- d-----w G:\Program Files\eMule
2008-10-26 13:18 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-10-21 21:09 --------- d-----w G:\Program Files\a-squared Free
2008-10-18 10:06 --------- d-----w G:\Program Files\Ad-Aware
2008-10-08 17:36 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-10-04 11:21 --------- d-----w G:\Program Files\Messenger Plus! Live
2008-10-04 11:19 --------- d-----w G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-30 17:05 --------- d-----w G:\Program Files\Fichiers communs\Apple
2008-09-30 16:56 --------- d-----w G:\Program Files\Bonjour
2008-09-27 10:48 --------- d-----w G:\Program Files\Service Record
2008-09-26 17:02 --------- d-----w G:\Program Files\ffdshow
2008-09-23 16:09 --------- d-----w G:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-09-23 16:08 --------- d-----w G:\Program Files\Team MediaPortal
2008-08-29 14:54 --------- d-----w G:\Documents and Settings\All Users\Application Data\TomTom
2008-08-29 14:48 --------- d-----w G:\Program Files\TomTom HOME 2
2008-08-29 14:48 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\TomTom
2008-08-29 08:18 87,336 ----a-w G:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w G:\WINDOWS\system32\dnssd.dll
.

------- Sigcheck -------

2007-03-08 16:37 578560 753354f594809a9b96f73999b435a533 G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2GDR\user32.dll
2007-03-08 16:50 579072 4d88aaf39adabfe45958ea1384e2c4ff G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2QFE\user32.dll
2006-12-14 23:21 578048 4a048552ca537ef146a8c21a0881b1ba G:\WINDOWS\system32\user32.dll

2008-03-01 13:58 826368 8e027981ddffa690d456fe18b37415a0 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2GDR\wininet.dll
2008-03-01 13:34 827392 5a0093f59b505c008ed0cee615563c72 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2QFE\wininet.dll
2006-12-16 00:51 838656 1cc220712da13c68aa19ab97436aed79 G:\WINDOWS\system32\wininet.dll

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2GDR\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2QFE\tcpip.sys
2004-08-04 13:57 360576 c7be59b07c6eb74bea6fd67c1b164015 G:\WINDOWS\system32\drivers\tcpip.sys

2006-12-14 23:30 507904 fb66744d525ea5df9a719f1db9b2dff4 G:\WINDOWS\system32\winlogon.exe

2007-02-28 17:02 2059648 a1d5231403329478ae4fe2778c55c77f G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntkrnlpa.exe
2007-02-28 07:08 2061440 7a56a64eb50399613587e90292dd2aab G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntkrnlpa.exe
2004-08-28 13:00 2217344 4348884ddd80826b35bcbe5bc67a4a1b G:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 17:02 2182400 7d6d19aac51a4325f6039f083c22303c G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntoskrnl.exe
2007-02-28 17:08 2184192 8e244108562e0e452eb68dff64cb08a9 G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntoskrnl.exe
2001-08-28 13:00 2340096 49f2e8f99dfa03763270bc1aaf521573 G:\WINDOWS\system32\ntoskrnl.exe

2001-08-28 13:00 1934848 1630d57b8370b7a20a41bb4c1e459edf G:\WINDOWS\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2GDR\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2QFE\explorer.exe

2006-12-06 17:56 25088 43836cffabac8d6779e8ee55e308df2c G:\WINDOWS\system32\ctfmon.exe

2006-12-24 02:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 G:\WINDOWS\system32\spoolsv.exe

2006-12-24 01:59 297984 70921de4c83652dc301a05f0cc46c985 G:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-23_21.29.30.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w G:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w G:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 06:00:00 28,672 ----a-w G:\WINDOWS\NIRCMD.exe
+ 2000-08-31 07:00:00 28,672 ----a-w G:\WINDOWS\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w G:\WINDOWS\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w G:\WINDOWS\SWREG.exe
- 2008-10-21 19:34:29 61,918 ----a-w G:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 11:09:45 61,918 ----a-w G:\WINDOWS\system32\perfc009.dat
- 2008-10-21 19:34:29 74,448 ----a-w G:\WINDOWS\system32\perfc00C.dat
+ 2008-10-26 11:09:45 74,448 ----a-w G:\WINDOWS\system32\perfc00C.dat
- 2008-10-21 19:34:29 401,458 ----a-w G:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 11:09:45 401,458 ----a-w G:\WINDOWS\system32\perfh009.dat
- 2008-10-21 19:34:29 467,962 ----a-w G:\WINDOWS\system32\perfh00C.dat
+ 2008-10-26 11:09:45 467,962 ----a-w G:\WINDOWS\system32\perfh00C.dat
+ 2008-10-29 18:35:39 16,384 ----atw G:\WINDOWS\Temp\Perflib_Perfdata_248.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2006-12-06 25088]
"MsnMsgr"="G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Sidebar"="G:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 86016]
"Easy-PrintToolBox"="G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Flashget"="G:\Program Files\FlashGet\flashget.exe" [2007-09-25 2007088]
"Ptipbmf"="ptipbmf.dll" [2006-12-24 G:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2006-03-09 G:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 G:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="G:\WINDOWS\system32\sti_ci.dll" [2006-09-08 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2006-12-24 G:\WINDOWS\system32\advpack.dll]

G:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

G:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - G:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-27 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 g:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=G:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=G:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
G:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 G:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 G:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
--a------ 2007-12-25 22:25 937984 G:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 G:\Program Files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
--a------ 2008-06-15 11:14 1692672 G:\Program Files\HDD Health\hddhealth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 G:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 17:53 153136 G:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 G:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 09:42 202088 G:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 G:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 G:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\WirelessFTP1.exe"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\ECCenter1.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"G:\\Program Files\\FlashGet\\flashget.exe"=
"G:\\Documents and Settings\\Administrateur\\temp\\TeamViewer3\\TeamViewer.exe"=
"G:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:212.27.63.113/255.255.255.255:Enabled:freeplayer

R0 viasraid;viasraid;G:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R0 videX32;videX32;G:\WINDOWS\system32\DRIVERS\videX32.sys [2006-12-24 9728]
R1 aswSP;avast! Self Protection;G:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;G:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 USBSTOR;Pilote de stockage de masse USB;G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 26368]
S3 usbscan;Pilote de scanneur USB;G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1483a868-a131-11dd-8375-00112fd53b65}]
\shell\autorun\command - S:\EmDesk.exe
\shell\emdesk\command - S:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84236c93-75d9-11dd-8f3e-00112fd53b65}]
\Shell\AutoRun\command - T:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-14 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-28 G:\WINDOWS\Tasks\User_Feed_Synchronization-{F291CBA0-B3BF-47DD-A780-F1DCC8E365BA}.job
- G:\WINDOWS\system32\msfeedssync.exe [2006-12-24 02:07]
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 19:55:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glaide32]
"ImagePath"="\??\G:\WINDOWS\system32\drivers\glaide32.sys"
.
Heure de fin: 2008-10-29 19:57:28
ComboFix-quarantined-files.txt 2008-10-29 18:57:06
ComboFix2.txt 2008-10-23 19:30:48

Avant-CF: 2 127 798 272 octets libres
Après-CF: 2,192,621,568 octets libres

261

jlpjlp · Answer

lance ccleaner pour virer les traces d'infection:

https://www.malekal.com/tutoriel-ccleaner/


________
remets un rapport hijackthis et dis tes soucis actuels

MrDoS · Answer

Voila c'est fait je te donnerais des nouvelles ceci dit j'ai toujours des nouvelles de glaide 32 et une nouveauté spy-lyndra au secours jvé pas m'en sortir

jlpjlp · Answer

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :







Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"

[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glaide32]
"ImagePath"="\??\G:\WINDOWS\system32\drivers\glaide32.sys" 



Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

MrDoS · Answer

ok ca roule je fais ca ce soir dsl je suis un peu pris en ce moment....

MrDoS · Answer

ComboFix 08-10-22.05 - Administrateur 2008-10-29 19:54:01.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.640 [GMT 1:00]
Lancé depuis: G:\Documents and Settings\Administrateur\Bureau\Maintenance PC\ComboFix.exe
Commutateurs utilisés :: G:\Documents and Settings\Administrateur\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.

2008-10-24 21:22 . 2007-07-30 18:19 271,224 --a------ G:\WINDOWS\system32\mucltui.dll
2008-10-24 21:22 . 2007-07-30 18:19 207,736 --a------ G:\WINDOWS\system32\muweb.dll
2008-10-24 21:22 . 2007-07-30 18:18 30,072 --a------ G:\WINDOWS\system32\mucltui.dll.mui
2008-10-23 19:35 . 2004-08-03 21:59 36,352 --a------ G:\WINDOWS\system32\drivers\disk.sys
2008-10-22 20:02 . 2008-10-22 20:02 <REP> d-------- G:\Program Files\Sophos
2008-10-22 20:00 . 2007-01-18 13:00 3,968 --a------ G:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-21 20:33 . 2008-10-29 19:52 <REP> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-10-21 20:33 . 2008-08-25 11:36 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-21 20:33 . 2008-08-25 11:36 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-21 20:33 . 2008-08-25 11:36 40,840 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-21 20:33 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-10-21 20:32 . 2008-10-28 21:17 <REP> d-------- G:\Program Files\Spyware Doctor
2008-10-21 20:32 . 2008-10-21 20:32 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-10-21 05:50 . 2008-10-21 05:50 268 --ah----- G:\sqmdata00.sqm
2008-10-21 05:50 . 2008-10-21 05:50 244 --ah----- G:\sqmnoopt00.sqm
2008-10-20 17:55 . 2008-10-29 19:55 93,918 --a------ G:\WINDOWS\system32\drivers\glaide32.sys
2008-10-19 22:02 . 2008-10-19 22:09 <REP> d-------- G:\SDFix
2008-10-19 21:58 . 2007-09-05 23:22 289,144 --a------ G:\WINDOWS\system32\VCCLSID.exe
2008-10-19 21:58 . 2006-04-27 16:49 288,417 --a------ G:\WINDOWS\system32\SrchSTS.exe
2008-10-19 21:58 . 2008-09-08 22:38 88,576 --a------ G:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-19 21:58 . 2008-10-01 14:51 87,552 --a------ G:\WINDOWS\system32\VACFix.exe
2008-10-19 21:58 . 2008-10-10 07:58 82,944 --a------ G:\WINDOWS\system32\o4Patch.exe
2008-10-19 21:58 . 2008-10-10 07:58 82,944 --a------ G:\WINDOWS\system32\IEDFix.C.exe
2008-10-19 21:58 . 2008-08-18 11:19 82,432 --a------ G:\WINDOWS\system32\404Fix.exe
2008-10-19 21:58 . 2004-07-31 17:50 51,200 --a------ G:\WINDOWS\system32\dumphive.exe
2008-10-19 21:58 . 2007-10-03 23:36 25,600 --a------ G:\WINDOWS\system32\WS2Fix.exe
2008-10-19 21:58 . 2008-10-19 21:58 2,940 --a------ G:\WINDOWS\system32\tmp.reg
2008-10-19 21:51 . 2008-10-19 21:51 <REP> d-------- G:\Program Files\CCleaner
2008-10-19 12:30 . 2008-10-19 12:30 <REP> d-------- G:\Program Files\TomTom DesktopSuite
2008-10-18 23:28 . 2008-10-18 23:28 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-18 23:27 . 2008-10-18 23:27 <REP> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 23:27 . 2008-10-18 23:27 <REP> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-18 23:27 . 2008-10-16 19:25 38,496 --a------ G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 23:27 . 2008-10-16 19:25 15,504 --a------ G:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 11:47 . 2008-10-18 11:47 <REP> d-------- G:\Program Files\Trend Micro
2008-10-18 07:56 . 2008-10-18 10:08 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\MobileSyncBrowser
2008-10-14 21:15 . 2008-10-14 21:15 <REP> d-------- G:\Program Files\HDD Health
2008-10-08 18:39 . 2008-10-25 11:14 51 --a------ G:\WINDOWS\npornap.INI
2008-10-08 18:36 . 2008-10-08 18:36 <REP> d-------- G:\Program Files\Orange
2008-10-01 21:37 . 2008-10-01 21:37 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\ESET
2008-10-01 20:41 . 2008-10-01 22:21 <REP> d-------- G:\Program Files\ESET
2008-10-01 20:41 . 2008-10-01 20:41 <REP> d-------- G:\Documents and Settings\All Users\Application Data\ESET
2008-10-01 20:38 . 2008-10-01 21:40 174,513 --a------ G:\WINDOWS\Dasumo Fix v3.2.exe
2008-09-30 18:09 . 2008-04-17 12:12 107,368 --a------ G:\WINDOWS\system32\GEARAspi.dll
2008-09-30 18:09 . 2008-04-17 12:12 15,464 --a------ G:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-30 18:08 . 2008-09-30 18:09 <REP> d-------- G:\Program Files\iTunes
2008-09-30 18:08 . 2008-09-30 18:08 <REP> d-------- G:\Program Files\iPod
2008-09-30 18:08 . 2008-09-30 18:09 <REP> d-------- G:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 18:05 . 2008-09-30 18:06 <REP> d-------- G:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 18:37 --------- d-----w G:\Program Files\FlashGet
2008-10-28 22:09 --------- d-----w G:\Program Files\eMule
2008-10-26 13:18 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-10-21 21:09 --------- d-----w G:\Program Files\a-squared Free
2008-10-18 10:06 --------- d-----w G:\Program Files\Ad-Aware
2008-10-08 17:36 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-10-04 11:21 --------- d-----w G:\Program Files\Messenger Plus! Live
2008-10-04 11:19 --------- d-----w G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-30 17:05 --------- d-----w G:\Program Files\Fichiers communs\Apple
2008-09-30 16:56 --------- d-----w G:\Program Files\Bonjour
2008-09-27 10:48 --------- d-----w G:\Program Files\Service Record
2008-09-26 17:02 --------- d-----w G:\Program Files\ffdshow
2008-09-23 16:09 --------- d-----w G:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-09-23 16:08 --------- d-----w G:\Program Files\Team MediaPortal
2008-08-29 14:54 --------- d-----w G:\Documents and Settings\All Users\Application Data\TomTom
2008-08-29 14:48 --------- d-----w G:\Program Files\TomTom HOME 2
2008-08-29 14:48 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\TomTom
2008-08-29 08:18 87,336 ----a-w G:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w G:\WINDOWS\system32\dnssd.dll
.

------- Sigcheck -------

2007-03-08 16:37 578560 753354f594809a9b96f73999b435a533 G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2GDR\user32.dll
2007-03-08 16:50 579072 4d88aaf39adabfe45958ea1384e2c4ff G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2QFE\user32.dll
2006-12-14 23:21 578048 4a048552ca537ef146a8c21a0881b1ba G:\WINDOWS\system32\user32.dll

2008-03-01 13:58 826368 8e027981ddffa690d456fe18b37415a0 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2GDR\wininet.dll
2008-03-01 13:34 827392 5a0093f59b505c008ed0cee615563c72 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2QFE\wininet.dll
2006-12-16 00:51 838656 1cc220712da13c68aa19ab97436aed79 G:\WINDOWS\system32\wininet.dll

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2GDR\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2QFE\tcpip.sys
2004-08-04 13:57 360576 c7be59b07c6eb74bea6fd67c1b164015 G:\WINDOWS\system32\drivers\tcpip.sys

2006-12-14 23:30 507904 fb66744d525ea5df9a719f1db9b2dff4 G:\WINDOWS\system32\winlogon.exe

2007-02-28 17:02 2059648 a1d5231403329478ae4fe2778c55c77f G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntkrnlpa.exe
2007-02-28 07:08 2061440 7a56a64eb50399613587e90292dd2aab G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntkrnlpa.exe
2004-08-28 13:00 2217344 4348884ddd80826b35bcbe5bc67a4a1b G:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 17:02 2182400 7d6d19aac51a4325f6039f083c22303c G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntoskrnl.exe
2007-02-28 17:08 2184192 8e244108562e0e452eb68dff64cb08a9 G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntoskrnl.exe
2001-08-28 13:00 2340096 49f2e8f99dfa03763270bc1aaf521573 G:\WINDOWS\system32\ntoskrnl.exe

2001-08-28 13:00 1934848 1630d57b8370b7a20a41bb4c1e459edf G:\WINDOWS\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2GDR\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2QFE\explorer.exe

2006-12-06 17:56 25088 43836cffabac8d6779e8ee55e308df2c G:\WINDOWS\system32\ctfmon.exe

2006-12-24 02:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 G:\WINDOWS\system32\spoolsv.exe

2006-12-24 01:59 297984 70921de4c83652dc301a05f0cc46c985 G:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-23_21.29.30.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w G:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w G:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 06:00:00 28,672 ----a-w G:\WINDOWS\NIRCMD.exe
+ 2000-08-31 07:00:00 28,672 ----a-w G:\WINDOWS\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w G:\WINDOWS\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w G:\WINDOWS\SWREG.exe
- 2008-10-21 19:34:29 61,918 ----a-w G:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 11:09:45 61,918 ----a-w G:\WINDOWS\system32\perfc009.dat
- 2008-10-21 19:34:29 74,448 ----a-w G:\WINDOWS\system32\perfc00C.dat
+ 2008-10-26 11:09:45 74,448 ----a-w G:\WINDOWS\system32\perfc00C.dat
- 2008-10-21 19:34:29 401,458 ----a-w G:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 11:09:45 401,458 ----a-w G:\WINDOWS\system32\perfh009.dat
- 2008-10-21 19:34:29 467,962 ----a-w G:\WINDOWS\system32\perfh00C.dat
+ 2008-10-26 11:09:45 467,962 ----a-w G:\WINDOWS\system32\perfh00C.dat
+ 2008-10-29 18:35:39 16,384 ----atw G:\WINDOWS\Temp\Perflib_Perfdata_248.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2006-12-06 25088]
"MsnMsgr"="G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Sidebar"="G:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 86016]
"Easy-PrintToolBox"="G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Flashget"="G:\Program Files\FlashGet\flashget.exe" [2007-09-25 2007088]
"Ptipbmf"="ptipbmf.dll" [2006-12-24 G:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2006-03-09 G:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 G:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="G:\WINDOWS\system32\sti_ci.dll" [2006-09-08 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2006-12-24 G:\WINDOWS\system32\advpack.dll]

G:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

G:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - G:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-27 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 g:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=G:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=G:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
G:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 G:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 G:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
--a------ 2007-12-25 22:25 937984 G:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 G:\Program Files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
--a------ 2008-06-15 11:14 1692672 G:\Program Files\HDD Health\hddhealth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 G:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 17:53 153136 G:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 G:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 09:42 202088 G:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 G:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 G:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\WirelessFTP1.exe"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\ECCenter1.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"G:\\Program Files\\FlashGet\\flashget.exe"=
"G:\\Documents and Settings\\Administrateur\\temp\\TeamViewer3\\TeamViewer.exe"=
"G:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:212.27.63.113/255.255.255.255:Enabled:freeplayer

R0 viasraid;viasraid;G:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R0 videX32;videX32;G:\WINDOWS\system32\DRIVERS\videX32.sys [2006-12-24 9728]
R1 aswSP;avast! Self Protection;G:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;G:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 USBSTOR;Pilote de stockage de masse USB;G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 26368]
S3 usbscan;Pilote de scanneur USB;G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1483a868-a131-11dd-8375-00112fd53b65}]
\shell\autorun\command - S:\EmDesk.exe
\shell\emdesk\command - S:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84236c93-75d9-11dd-8f3e-00112fd53b65}]
\Shell\AutoRun\command - T:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-14 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-28 G:\WINDOWS\Tasks\User_Feed_Synchronization-{F291CBA0-B3BF-47DD-A780-F1DCC8E365BA}.job
- G:\WINDOWS\system32\msfeedssync.exe [2006-12-24 02:07]
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 19:55:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glaide32]
"ImagePath"="\??\G:\WINDOWS\system32\drivers\glaide32.sys"
.
Heure de fin: 2008-10-29 19:57:28
ComboFix-quarantined-files.txt 2008-10-29 18:57:06
ComboFix2.txt 2008-10-23 19:30:48

Avant-CF: 2 127 798 272 octets libres
Après-CF: 2,192,621,568 octets libres

261

MrDoS · Answer

ComboFix 08-10-22.05 - Administrateur 2008-10-29 19:54:01.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.640 [GMT 1:00]
Lancé depuis: G:\Documents and Settings\Administrateur\Bureau\Maintenance PC\ComboFix.exe
Commutateurs utilisés :: G:\Documents and Settings\Administrateur\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.

2008-10-24 21:22 . 2007-07-30 18:19 271,224 --a------ G:\WINDOWS\system32\mucltui.dll
2008-10-24 21:22 . 2007-07-30 18:19 207,736 --a------ G:\WINDOWS\system32\muweb.dll
2008-10-24 21:22 . 2007-07-30 18:18 30,072 --a------ G:\WINDOWS\system32\mucltui.dll.mui
2008-10-23 19:35 . 2004-08-03 21:59 36,352 --a------ G:\WINDOWS\system32\drivers\disk.sys
2008-10-22 20:02 . 2008-10-22 20:02 <REP> d-------- G:\Program Files\Sophos
2008-10-22 20:00 . 2007-01-18 13:00 3,968 --a------ G:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-21 20:33 . 2008-10-29 19:52 <REP> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-10-21 20:33 . 2008-08-25 11:36 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-21 20:33 . 2008-08-25 11:36 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-21 20:33 . 2008-08-25 11:36 40,840 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-21 20:33 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-10-21 20:32 . 2008-10-28 21:17 <REP> d-------- G:\Program Files\Spyware Doctor
2008-10-21 20:32 . 2008-10-21 20:32 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-10-21 05:50 . 2008-10-21 05:50 268 --ah----- G:\sqmdata00.sqm
2008-10-21 05:50 . 2008-10-21 05:50 244 --ah----- G:\sqmnoopt00.sqm
2008-10-20 17:55 . 2008-10-29 19:55 93,918 --a------ G:\WINDOWS\system32\drivers\glaide32.sys
2008-10-19 22:02 . 2008-10-19 22:09 <REP> d-------- G:\SDFix
2008-10-19 21:58 . 2007-09-05 23:22 289,144 --a------ G:\WINDOWS\system32\VCCLSID.exe
2008-10-19 21:58 . 2006-04-27 16:49 288,417 --a------ G:\WINDOWS\system32\SrchSTS.exe
2008-10-19 21:58 . 2008-09-08 22:38 88,576 --a------ G:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-19 21:58 . 2008-10-01 14:51 87,552 --a------ G:\WINDOWS\system32\VACFix.exe
2008-10-19 21:58 . 2008-10-10 07:58 82,944 --a------ G:\WINDOWS\system32\o4Patch.exe
2008-10-19 21:58 . 2008-10-10 07:58 82,944 --a------ G:\WINDOWS\system32\IEDFix.C.exe
2008-10-19 21:58 . 2008-08-18 11:19 82,432 --a------ G:\WINDOWS\system32\404Fix.exe
2008-10-19 21:58 . 2004-07-31 17:50 51,200 --a------ G:\WINDOWS\system32\dumphive.exe
2008-10-19 21:58 . 2007-10-03 23:36 25,600 --a------ G:\WINDOWS\system32\WS2Fix.exe
2008-10-19 21:58 . 2008-10-19 21:58 2,940 --a------ G:\WINDOWS\system32\tmp.reg
2008-10-19 21:51 . 2008-10-19 21:51 <REP> d-------- G:\Program Files\CCleaner
2008-10-19 12:30 . 2008-10-19 12:30 <REP> d-------- G:\Program Files\TomTom DesktopSuite
2008-10-18 23:28 . 2008-10-18 23:28 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-18 23:27 . 2008-10-18 23:27 <REP> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 23:27 . 2008-10-18 23:27 <REP> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-18 23:27 . 2008-10-16 19:25 38,496 --a------ G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 23:27 . 2008-10-16 19:25 15,504 --a------ G:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 11:47 . 2008-10-18 11:47 <REP> d-------- G:\Program Files\Trend Micro
2008-10-18 07:56 . 2008-10-18 10:08 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\MobileSyncBrowser
2008-10-14 21:15 . 2008-10-14 21:15 <REP> d-------- G:\Program Files\HDD Health
2008-10-08 18:39 . 2008-10-25 11:14 51 --a------ G:\WINDOWS\npornap.INI
2008-10-08 18:36 . 2008-10-08 18:36 <REP> d-------- G:\Program Files\Orange
2008-10-01 21:37 . 2008-10-01 21:37 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\ESET
2008-10-01 20:41 . 2008-10-01 22:21 <REP> d-------- G:\Program Files\ESET
2008-10-01 20:41 . 2008-10-01 20:41 <REP> d-------- G:\Documents and Settings\All Users\Application Data\ESET
2008-10-01 20:38 . 2008-10-01 21:40 174,513 --a------ G:\WINDOWS\Dasumo Fix v3.2.exe
2008-09-30 18:09 . 2008-04-17 12:12 107,368 --a------ G:\WINDOWS\system32\GEARAspi.dll
2008-09-30 18:09 . 2008-04-17 12:12 15,464 --a------ G:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-30 18:08 . 2008-09-30 18:09 <REP> d-------- G:\Program Files\iTunes
2008-09-30 18:08 . 2008-09-30 18:08 <REP> d-------- G:\Program Files\iPod
2008-09-30 18:08 . 2008-09-30 18:09 <REP> d-------- G:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 18:05 . 2008-09-30 18:06 <REP> d-------- G:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 18:37 --------- d-----w G:\Program Files\FlashGet
2008-10-28 22:09 --------- d-----w G:\Program Files\eMule
2008-10-26 13:18 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-10-21 21:09 --------- d-----w G:\Program Files\a-squared Free
2008-10-18 10:06 --------- d-----w G:\Program Files\Ad-Aware
2008-10-08 17:36 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-10-04 11:21 --------- d-----w G:\Program Files\Messenger Plus! Live
2008-10-04 11:19 --------- d-----w G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-30 17:05 --------- d-----w G:\Program Files\Fichiers communs\Apple
2008-09-30 16:56 --------- d-----w G:\Program Files\Bonjour
2008-09-27 10:48 --------- d-----w G:\Program Files\Service Record
2008-09-26 17:02 --------- d-----w G:\Program Files\ffdshow
2008-09-23 16:09 --------- d-----w G:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-09-23 16:08 --------- d-----w G:\Program Files\Team MediaPortal
2008-08-29 14:54 --------- d-----w G:\Documents and Settings\All Users\Application Data\TomTom
2008-08-29 14:48 --------- d-----w G:\Program Files\TomTom HOME 2
2008-08-29 14:48 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\TomTom
2008-08-29 08:18 87,336 ----a-w G:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w G:\WINDOWS\system32\dnssd.dll
.

------- Sigcheck -------

2007-03-08 16:37 578560 753354f594809a9b96f73999b435a533 G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2GDR\user32.dll
2007-03-08 16:50 579072 4d88aaf39adabfe45958ea1384e2c4ff G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2QFE\user32.dll
2006-12-14 23:21 578048 4a048552ca537ef146a8c21a0881b1ba G:\WINDOWS\system32\user32.dll

2008-03-01 13:58 826368 8e027981ddffa690d456fe18b37415a0 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2GDR\wininet.dll
2008-03-01 13:34 827392 5a0093f59b505c008ed0cee615563c72 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2QFE\wininet.dll
2006-12-16 00:51 838656 1cc220712da13c68aa19ab97436aed79 G:\WINDOWS\system32\wininet.dll

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2GDR\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2QFE\tcpip.sys
2004-08-04 13:57 360576 c7be59b07c6eb74bea6fd67c1b164015 G:\WINDOWS\system32\drivers\tcpip.sys

2006-12-14 23:30 507904 fb66744d525ea5df9a719f1db9b2dff4 G:\WINDOWS\system32\winlogon.exe

2007-02-28 17:02 2059648 a1d5231403329478ae4fe2778c55c77f G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntkrnlpa.exe
2007-02-28 07:08 2061440 7a56a64eb50399613587e90292dd2aab G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntkrnlpa.exe
2004-08-28 13:00 2217344 4348884ddd80826b35bcbe5bc67a4a1b G:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 17:02 2182400 7d6d19aac51a4325f6039f083c22303c G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntoskrnl.exe
2007-02-28 17:08 2184192 8e244108562e0e452eb68dff64cb08a9 G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntoskrnl.exe
2001-08-28 13:00 2340096 49f2e8f99dfa03763270bc1aaf521573 G:\WINDOWS\system32\ntoskrnl.exe

2001-08-28 13:00 1934848 1630d57b8370b7a20a41bb4c1e459edf G:\WINDOWS\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2GDR\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2QFE\explorer.exe

2006-12-06 17:56 25088 43836cffabac8d6779e8ee55e308df2c G:\WINDOWS\system32\ctfmon.exe

2006-12-24 02:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 G:\WINDOWS\system32\spoolsv.exe

2006-12-24 01:59 297984 70921de4c83652dc301a05f0cc46c985 G:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-23_21.29.30.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w G:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w G:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 06:00:00 28,672 ----a-w G:\WINDOWS\NIRCMD.exe
+ 2000-08-31 07:00:00 28,672 ----a-w G:\WINDOWS\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w G:\WINDOWS\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w G:\WINDOWS\SWREG.exe
- 2008-10-21 19:34:29 61,918 ----a-w G:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 11:09:45 61,918 ----a-w G:\WINDOWS\system32\perfc009.dat
- 2008-10-21 19:34:29 74,448 ----a-w G:\WINDOWS\system32\perfc00C.dat
+ 2008-10-26 11:09:45 74,448 ----a-w G:\WINDOWS\system32\perfc00C.dat
- 2008-10-21 19:34:29 401,458 ----a-w G:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 11:09:45 401,458 ----a-w G:\WINDOWS\system32\perfh009.dat
- 2008-10-21 19:34:29 467,962 ----a-w G:\WINDOWS\system32\perfh00C.dat
+ 2008-10-26 11:09:45 467,962 ----a-w G:\WINDOWS\system32\perfh00C.dat
+ 2008-10-29 18:35:39 16,384 ----atw G:\WINDOWS\Temp\Perflib_Perfdata_248.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2006-12-06 25088]
"MsnMsgr"="G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Sidebar"="G:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 86016]
"Easy-PrintToolBox"="G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Flashget"="G:\Program Files\FlashGet\flashget.exe" [2007-09-25 2007088]
"Ptipbmf"="ptipbmf.dll" [2006-12-24 G:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2006-03-09 G:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 G:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="G:\WINDOWS\system32\sti_ci.dll" [2006-09-08 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2006-12-24 G:\WINDOWS\system32\advpack.dll]

G:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

G:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - G:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-27 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 g:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=G:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=G:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
G:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 G:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 G:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
--a------ 2007-12-25 22:25 937984 G:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 G:\Program Files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
--a------ 2008-06-15 11:14 1692672 G:\Program Files\HDD Health\hddhealth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 G:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 17:53 153136 G:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 G:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 09:42 202088 G:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 G:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 G:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\WirelessFTP1.exe"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\ECCenter1.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"G:\\Program Files\\FlashGet\\flashget.exe"=
"G:\\Documents and Settings\\Administrateur\\temp\\TeamViewer3\\TeamViewer.exe"=
"G:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:212.27.63.113/255.255.255.255:Enabled:freeplayer

R0 viasraid;viasraid;G:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R0 videX32;videX32;G:\WINDOWS\system32\DRIVERS\videX32.sys [2006-12-24 9728]
R1 aswSP;avast! Self Protection;G:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;G:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 USBSTOR;Pilote de stockage de masse USB;G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 26368]
S3 usbscan;Pilote de scanneur USB;G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1483a868-a131-11dd-8375-00112fd53b65}]
\shell\autorun\command - S:\EmDesk.exe
\shell\emdesk\command - S:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84236c93-75d9-11dd-8f3e-00112fd53b65}]
\Shell\AutoRun\command - T:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-14 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-28 G:\WINDOWS\Tasks\User_Feed_Synchronization-{F291CBA0-B3BF-47DD-A780-F1DCC8E365BA}.job
- G:\WINDOWS\system32\msfeedssync.exe [2006-12-24 02:07]
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 19:55:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glaide32]
"ImagePath"="\??\G:\WINDOWS\system32\drivers\glaide32.sys"
.
Heure de fin: 2008-10-29 19:57:28
ComboFix-quarantined-files.txt 2008-10-29 18:57:06
ComboFix2.txt 2008-10-23 19:30:48

Avant-CF: 2 127 798 272 octets libres
Après-CF: 2,192,621,568 octets libres

261

MrDoS · Answer

ComboFix 08-10-22.05 - Administrateur 2008-10-29 19:54:01.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.640 [GMT 1:00]
Lancé depuis: G:\Documents and Settings\Administrateur\Bureau\Maintenance PC\ComboFix.exe
Commutateurs utilisés :: G:\Documents and Settings\Administrateur\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-28 au 2008-10-29 ))))))))))))))))))))))))))))))))))))
.

2008-10-24 21:22 . 2007-07-30 18:19 271,224 --a------ G:\WINDOWS\system32\mucltui.dll
2008-10-24 21:22 . 2007-07-30 18:19 207,736 --a------ G:\WINDOWS\system32\muweb.dll
2008-10-24 21:22 . 2007-07-30 18:18 30,072 --a------ G:\WINDOWS\system32\mucltui.dll.mui
2008-10-23 19:35 . 2004-08-03 21:59 36,352 --a------ G:\WINDOWS\system32\drivers\disk.sys
2008-10-22 20:02 . 2008-10-22 20:02 <REP> d-------- G:\Program Files\Sophos
2008-10-22 20:00 . 2007-01-18 13:00 3,968 --a------ G:\WINDOWS\system32\drivers\AvgArCln.sys
2008-10-21 20:33 . 2008-10-29 19:52 <REP> d-a------ G:\Documents and Settings\All Users\Application Data\TEMP
2008-10-21 20:33 . 2008-08-25 11:36 81,288 --a------ G:\WINDOWS\system32\drivers\iksyssec.sys
2008-10-21 20:33 . 2008-08-25 11:36 66,952 --a------ G:\WINDOWS\system32\drivers\iksysflt.sys
2008-10-21 20:33 . 2008-08-25 11:36 40,840 --a------ G:\WINDOWS\system32\drivers\ikfilesec.sys
2008-10-21 20:33 . 2008-06-02 15:19 29,576 --a------ G:\WINDOWS\system32\drivers\kcom.sys
2008-10-21 20:32 . 2008-10-28 21:17 <REP> d-------- G:\Program Files\Spyware Doctor
2008-10-21 20:32 . 2008-10-21 20:32 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\PC Tools
2008-10-21 05:50 . 2008-10-21 05:50 268 --ah----- G:\sqmdata00.sqm
2008-10-21 05:50 . 2008-10-21 05:50 244 --ah----- G:\sqmnoopt00.sqm
2008-10-20 17:55 . 2008-10-29 19:55 93,918 --a------ G:\WINDOWS\system32\drivers\glaide32.sys
2008-10-19 22:02 . 2008-10-19 22:09 <REP> d-------- G:\SDFix
2008-10-19 21:58 . 2007-09-05 23:22 289,144 --a------ G:\WINDOWS\system32\VCCLSID.exe
2008-10-19 21:58 . 2006-04-27 16:49 288,417 --a------ G:\WINDOWS\system32\SrchSTS.exe
2008-10-19 21:58 . 2008-09-08 22:38 88,576 --a------ G:\WINDOWS\system32\AntiXPVSTFix.exe
2008-10-19 21:58 . 2008-10-01 14:51 87,552 --a------ G:\WINDOWS\system32\VACFix.exe
2008-10-19 21:58 . 2008-10-10 07:58 82,944 --a------ G:\WINDOWS\system32\o4Patch.exe
2008-10-19 21:58 . 2008-10-10 07:58 82,944 --a------ G:\WINDOWS\system32\IEDFix.C.exe
2008-10-19 21:58 . 2008-08-18 11:19 82,432 --a------ G:\WINDOWS\system32\404Fix.exe
2008-10-19 21:58 . 2004-07-31 17:50 51,200 --a------ G:\WINDOWS\system32\dumphive.exe
2008-10-19 21:58 . 2007-10-03 23:36 25,600 --a------ G:\WINDOWS\system32\WS2Fix.exe
2008-10-19 21:58 . 2008-10-19 21:58 2,940 --a------ G:\WINDOWS\system32\tmp.reg
2008-10-19 21:51 . 2008-10-19 21:51 <REP> d-------- G:\Program Files\CCleaner
2008-10-19 12:30 . 2008-10-19 12:30 <REP> d-------- G:\Program Files\TomTom DesktopSuite
2008-10-18 23:28 . 2008-10-18 23:28 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-18 23:27 . 2008-10-18 23:27 <REP> d-------- G:\Program Files\Malwarebytes' Anti-Malware
2008-10-18 23:27 . 2008-10-18 23:27 <REP> d-------- G:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-18 23:27 . 2008-10-16 19:25 38,496 --a------ G:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-18 23:27 . 2008-10-16 19:25 15,504 --a------ G:\WINDOWS\system32\drivers\mbam.sys
2008-10-18 11:47 . 2008-10-18 11:47 <REP> d-------- G:\Program Files\Trend Micro
2008-10-18 07:56 . 2008-10-18 10:08 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\MobileSyncBrowser
2008-10-14 21:15 . 2008-10-14 21:15 <REP> d-------- G:\Program Files\HDD Health
2008-10-08 18:39 . 2008-10-25 11:14 51 --a------ G:\WINDOWS\npornap.INI
2008-10-08 18:36 . 2008-10-08 18:36 <REP> d-------- G:\Program Files\Orange
2008-10-01 21:37 . 2008-10-01 21:37 <REP> d-------- G:\Documents and Settings\Administrateur\Application Data\ESET
2008-10-01 20:41 . 2008-10-01 22:21 <REP> d-------- G:\Program Files\ESET
2008-10-01 20:41 . 2008-10-01 20:41 <REP> d-------- G:\Documents and Settings\All Users\Application Data\ESET
2008-10-01 20:38 . 2008-10-01 21:40 174,513 --a------ G:\WINDOWS\Dasumo Fix v3.2.exe
2008-09-30 18:09 . 2008-04-17 12:12 107,368 --a------ G:\WINDOWS\system32\GEARAspi.dll
2008-09-30 18:09 . 2008-04-17 12:12 15,464 --a------ G:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-30 18:08 . 2008-09-30 18:09 <REP> d-------- G:\Program Files\iTunes
2008-09-30 18:08 . 2008-09-30 18:08 <REP> d-------- G:\Program Files\iPod
2008-09-30 18:08 . 2008-09-30 18:09 <REP> d-------- G:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-30 18:05 . 2008-09-30 18:06 <REP> d-------- G:\Program Files\QuickTime

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-29 18:37 --------- d-----w G:\Program Files\FlashGet
2008-10-28 22:09 --------- d-----w G:\Program Files\eMule
2008-10-26 13:18 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\Apple Computer
2008-10-21 21:09 --------- d-----w G:\Program Files\a-squared Free
2008-10-18 10:06 --------- d-----w G:\Program Files\Ad-Aware
2008-10-08 17:36 --------- d--h--w G:\Program Files\InstallShield Installation Information
2008-10-04 11:21 --------- d-----w G:\Program Files\Messenger Plus! Live
2008-10-04 11:19 --------- d-----w G:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-30 17:05 --------- d-----w G:\Program Files\Fichiers communs\Apple
2008-09-30 16:56 --------- d-----w G:\Program Files\Bonjour
2008-09-27 10:48 --------- d-----w G:\Program Files\Service Record
2008-09-26 17:02 --------- d-----w G:\Program Files\ffdshow
2008-09-23 16:09 --------- d-----w G:\Documents and Settings\All Users\Application Data\Team MediaPortal
2008-09-23 16:08 --------- d-----w G:\Program Files\Team MediaPortal
2008-08-29 14:54 --------- d-----w G:\Documents and Settings\All Users\Application Data\TomTom
2008-08-29 14:48 --------- d-----w G:\Program Files\TomTom HOME 2
2008-08-29 14:48 --------- d-----w G:\Documents and Settings\Administrateur\Application Data\TomTom
2008-08-29 08:18 87,336 ----a-w G:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w G:\WINDOWS\system32\dnssd.dll
.

------- Sigcheck -------

2007-03-08 16:37 578560 753354f594809a9b96f73999b435a533 G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2GDR\user32.dll
2007-03-08 16:50 579072 4d88aaf39adabfe45958ea1384e2c4ff G:\WINDOWS\SoftwareDistribution\Download\807aa275a612b3508a3d1d613bbf6226\SP2QFE\user32.dll
2006-12-14 23:21 578048 4a048552ca537ef146a8c21a0881b1ba G:\WINDOWS\system32\user32.dll

2008-03-01 13:58 826368 8e027981ddffa690d456fe18b37415a0 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2GDR\wininet.dll
2008-03-01 13:34 827392 5a0093f59b505c008ed0cee615563c72 G:\WINDOWS\SoftwareDistribution\Download\23798f43285e69a97e68a8b959c90f21\SP2QFE\wininet.dll
2006-12-16 00:51 838656 1cc220712da13c68aa19ab97436aed79 G:\WINDOWS\system32\wininet.dll

2007-10-30 18:20 360064 90caff4b094573449a0872a0f919b178 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2GDR\tcpip.sys
2007-10-30 17:53 360832 64798ecfa43d78c7178375fcdd16d8c8 G:\WINDOWS\SoftwareDistribution\Download\2505e060ecbf87977746a5abaaa7bc96\SP2QFE\tcpip.sys
2004-08-04 13:57 360576 c7be59b07c6eb74bea6fd67c1b164015 G:\WINDOWS\system32\drivers\tcpip.sys

2006-12-14 23:30 507904 fb66744d525ea5df9a719f1db9b2dff4 G:\WINDOWS\system32\winlogon.exe

2007-02-28 17:02 2059648 a1d5231403329478ae4fe2778c55c77f G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntkrnlpa.exe
2007-02-28 07:08 2061440 7a56a64eb50399613587e90292dd2aab G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntkrnlpa.exe
2004-08-28 13:00 2217344 4348884ddd80826b35bcbe5bc67a4a1b G:\WINDOWS\system32\ntkrnlpa.exe

2007-02-28 17:02 2182400 7d6d19aac51a4325f6039f083c22303c G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2GDR\ntoskrnl.exe
2007-02-28 17:08 2184192 8e244108562e0e452eb68dff64cb08a9 G:\WINDOWS\SoftwareDistribution\Download\47cec0c462f6cbdcf7ca5941c1ec0b4a\SP2QFE\ntoskrnl.exe
2001-08-28 13:00 2340096 49f2e8f99dfa03763270bc1aaf521573 G:\WINDOWS\system32\ntoskrnl.exe

2001-08-28 13:00 1934848 1630d57b8370b7a20a41bb4c1e459edf G:\WINDOWS\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2GDR\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 G:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\SP2QFE\explorer.exe

2006-12-06 17:56 25088 43836cffabac8d6779e8ee55e308df2c G:\WINDOWS\system32\ctfmon.exe

2006-12-24 02:00 57856 ad3d9d191aea7b5445fe1d82ffbb4788 G:\WINDOWS\system32\spoolsv.exe

2006-12-24 01:59 297984 70921de4c83652dc301a05f0cc46c985 G:\WINDOWS\system32\termsrv.dll
.
((((((((((((((((((((((((((((( snapshot@2008-10-23_21.29.30.87 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-20 18:02:28 163,328 ----a-w G:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 19:02:28 163,328 ----a-w G:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
- 2000-08-31 06:00:00 28,672 ----a-w G:\WINDOWS\NIRCMD.exe
+ 2000-08-31 07:00:00 28,672 ----a-w G:\WINDOWS\NIRCMD.exe
- 2000-08-31 06:00:00 161,792 ----a-w G:\WINDOWS\SWREG.exe
+ 2000-08-31 07:00:00 161,792 ----a-w G:\WINDOWS\SWREG.exe
- 2008-10-21 19:34:29 61,918 ----a-w G:\WINDOWS\system32\perfc009.dat
+ 2008-10-26 11:09:45 61,918 ----a-w G:\WINDOWS\system32\perfc009.dat
- 2008-10-21 19:34:29 74,448 ----a-w G:\WINDOWS\system32\perfc00C.dat
+ 2008-10-26 11:09:45 74,448 ----a-w G:\WINDOWS\system32\perfc00C.dat
- 2008-10-21 19:34:29 401,458 ----a-w G:\WINDOWS\system32\perfh009.dat
+ 2008-10-26 11:09:45 401,458 ----a-w G:\WINDOWS\system32\perfh009.dat
- 2008-10-21 19:34:29 467,962 ----a-w G:\WINDOWS\system32\perfh00C.dat
+ 2008-10-26 11:09:45 467,962 ----a-w G:\WINDOWS\system32\perfh00C.dat
+ 2008-10-29 18:35:39 16,384 ----atw G:\WINDOWS\Temp\Perflib_Perfdata_248.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="G:\WINDOWS\system32\ctfmon.exe" [2006-12-06 25088]
"MsnMsgr"="G:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"Sidebar"="G:\Program Files\Windows Sidebar\sidebar.exe" [2007-01-10 1235456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="G:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"NvCplDaemon"="G:\WINDOWS\system32\NvCpl.dll" [2006-03-09 7561216]
"NvMediaCenter"="G:\WINDOWS\system32\NvMcTray.dll" [2006-03-09 86016]
"Easy-PrintToolBox"="G:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"QuickTime Task"="G:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="G:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="G:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"Flashget"="G:\Program Files\FlashGet\flashget.exe" [2007-09-25 2007088]
"Ptipbmf"="ptipbmf.dll" [2006-12-24 G:\WINDOWS\system32\ptipbmf.dll]
"nwiz"="nwiz.exe" [2006-03-09 G:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 G:\WINDOWS\system32\bthprops.cpl]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="G:\WINDOWS\system32\sti_ci.dll" [2006-09-08 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2006-12-24 G:\WINDOWS\system32\advpack.dll]

G:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Yahoo! Widgets.lnk - G:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

G:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - G:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-06-27 805392]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 g:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\G:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Bluetooth Manager.lnk]
path=G:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Bluetooth Manager.lnk
backup=G:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
G:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 21:16 39792 G:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 16:05 81920 G:\Program Files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
--a------ 2007-12-25 22:25 937984 G:\Program Files\FileZilla Server\FileZilla Server Interface.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 09:10 2007088 G:\Program Files\FlashGet\flashget.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDDHealth]
--a------ 2008-06-15 11:14 1692672 G:\Program Files\HDD Health\hddhealth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 16:40 289576 G:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 17:53 153136 G:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 G:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
--a------ 2008-05-06 09:42 202088 G:\Program Files\TomTom HOME 2\HOMERunner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 G:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2008-02-29 02:12 76304 G:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NMIndexingService"=3 (0x3)
"iPod Service"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"Bonjour Service"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"G:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"G:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\WirelessFTP1.exe"=
"G:\\Program Files\\Toshiba\\Bluetooth Toshiba Stack\\ECCenter1.exe"=
"G:\\Program Files\\eMule\\emule.exe"=
"G:\\Program Files\\FlashGet\\flashget.exe"=
"G:\\Documents and Settings\\Administrateur\\temp\\TeamViewer3\\TeamViewer.exe"=
"G:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"G:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"G:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:212.27.63.113/255.255.255.255:Enabled:freeplayer

R0 viasraid;viasraid;G:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R0 videX32;videX32;G:\WINDOWS\system32\DRIVERS\videX32.sys [2006-12-24 9728]
R1 aswSP;avast! Self Protection;G:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;G:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 USBSTOR;Pilote de stockage de masse USB;G:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-28 26368]
S3 usbscan;Pilote de scanneur USB;G:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1483a868-a131-11dd-8375-00112fd53b65}]
\shell\autorun\command - S:\EmDesk.exe
\shell\emdesk\command - S:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{84236c93-75d9-11dd-8f3e-00112fd53b65}]
\Shell\AutoRun\command - T:\InstallTomTomHOME.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-14 G:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- G:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-10-28 G:\WINDOWS\Tasks\User_Feed_Synchronization-{F291CBA0-B3BF-47DD-A780-F1DCC8E365BA}.job
- G:\WINDOWS\system32\msfeedssync.exe [2006-12-24 02:07]
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-ITBarLayout - (no file)
Toolbar-ITBarLayout - (no file)

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-29 19:55:47
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"="\??\G:\WINDOWS\system32\15.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glaide32]
"ImagePath"="\??\G:\WINDOWS\system32\drivers\glaide32.sys"
.
Heure de fin: 2008-10-29 19:57:28
ComboFix-quarantined-files.txt 2008-10-29 18:57:06
ComboFix2.txt 2008-10-23 19:30:48

Avant-CF: 2 127 798 272 octets libres
Après-CF: 2,192,621,568 octets libres

261

MrDoS · Answer

juste apres le scan j'ai eu l'alerte me signalant la presence du fameux rootkit glaide 32 donc visiblement ca n'a pas suffit a le supprimer*

Merci de ton aide

jlpjlp · Answer

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

driver::
glaide32

File::
G:\WINDOWS\system32\15.tmp
G:\WINDOWS\system32\drivers\glaide32.sys 

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\memsweep2]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\system\ControlSet002\Services\glaide32]
"ImagePath"=-


Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

MrDoS · Answer

Je te contacte des que c'est fait j'ai du mal a trouver le temps pour remettre ca d'aplomp, merci de t'interesser a mon probleme!

Au secour contaminé par exmdnk

29 réponses

Votre réponse

Discussions similaires

Newsletters