Malware impossible à enlever

Aldebaran33 Messages postés 28 Statut Membre -  
geoffrey5 Messages postés 14008 Statut Contributeur sécurité -
Bonjour,


Depuis quelques temps j'ai 3 malwares sur mon ordi détectés par le logiciel antimalwares mais ils n'arrivent pas à les supprimer. J'ai également essayé avec combifix. A la fin du nettoyage il me dit qu'il a supprimé le fichier infecté ainsi que les 2 clés mais je les retrouve au démarrage suivant. J'ai voulu utilisé combofix en mode sans échec mais je ne retrouve pas le fichier permettant d'éxécuter la commande. J'ai juste pu l'utilisé en mode diagnostic, je ne sais pas si c'est aussi efficace.
En tout cas je commence en avoir marre de ces 3 malwares sur mon ordi.

Quelqu'un pourrait il m'aider ?

D'avance merci.
A voir également:

32 réponses

Précédent
  • 1
  • 2
Réponse 21 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Voila le rapport de combofix:

mboFix 08-11-12.01 - o 2008-11-16 18:50:39.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.176 [GMT 1:00]
Lancé depuis: c:\documents and settings\o\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\o\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

FILE ::
c:\windows\system32\onxyikd.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\onxyikd.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.

2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-26 10:45 --------- d-----w c:\program files\Logitech
2008-10-26 09:46 --------- d-----w c:\program files\Creative
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
2008-09-28 17:12 --------- d-----w c:\program files\AVG
2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-16 13:30 3,858 ----a-w c:\program files\directx redist.txt
2004-07-09 13:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 08:13 703,080 ----a-w c:\program files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
"8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
"28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
"34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
"33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
"46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
"10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
"5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
"36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
"42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
"32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
"56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
"38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
"57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
"7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
"16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
"57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
"38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
"44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
"43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
"27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
"58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
"64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
"36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
"29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
"14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
"49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
"23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
"5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
"41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
"40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
"9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
"46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
"7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
"64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
"16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
"38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
"1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
"31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
"24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
"42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
"16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
"24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
"15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
"28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
"25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
"12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
"28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
"22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
"8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
"32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
"46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
"41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
"2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
"9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
"29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
"8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
"47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
"42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
"19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
"61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
"12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
"35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
"1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
"27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
"5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
\Shell\LVIPCAP\command - e:\techsupt\CaptureTest\LVidCap.exe
\Shell\PCITEST\command - e:\techsupt\SysTools\Listpci.exe
\Shell\USBREADY\command - e:\techsupt\Systools\USBReady.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 18:56:45
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\windows\system32\DrvTrNTl.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\scardsvr.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\system32\locator.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\vssvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Windows Live\installer\WLSetupSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-11-16 19:07:57 - La machine a redémarré [o]
ComboFix-quarantined-files.txt 2008-11-16 18:07:40
ComboFix2.txt 2008-11-16 17:34:14
ComboFix3.txt 2008-11-13 21:31:00
ComboFix4.txt 2008-09-29 19:32:26
ComboFix5.txt 2008-11-16 17:49:57

Avant-CF: 103 310 843 904 octets libres
Après-CF: 103,296,671,744 octets libres

367 --- E O F --- 2008-11-12 23:39:56
0
Réponse 22 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Voila le rapport de hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:50, on 16/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\o\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: www.google.fr
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 86.64.145.142 84.103.237.142
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 23 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
redémarre le PC en mode sans échec : Explication

vas supprimer manuellement ce fichier mis en gras : c:\windows\system32\onxyikd.dll

ensuite redémarre en mode normal et fais ceci stp :

▶ Télécharge RegCleaner

▶ Une fois installé, double-clique sur son icône pour l'exécuter

▶ Dans la barre de menu, clique sur Options puis sélectionne Language => Choose the language

▶ recherche French.rlg et double-clique dessus pour appliquer la langue

▶ Clique ensuite sur Outils dans la barre de menu

▶ Sélectionne Nettoyage du registre => Nettoyeur de registre automatique

▶ RegCleaner va alors lancer le nettoyage automatiquement

▶ Coche ensuite les entrées invalides et clique sur Supprimer sélections => Terminer => Quitter


Et ensuite refais un nouveau rapport hijackthis stp
0
Réponse 24 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Même en mode sans échec je n'arrive pas à supprimer manuellement le fichier onxyikd.dll

Il me met toujours accès refusé, vérifier que le disqiue n'est pas plein ou protégé en écriture et que le fichier n'est pas actuellement utilisé.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
redémarre en mode sans échec.

relance hijackthis en cliquant sur scan only et coche cette ligne :

O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll

puis tu cliques sur fix checked.

redémarre en mode normal et refais un nouveau rapport hijackthis stp
0
Réponse 26 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
J'ai eu deux messages d'erreur en cliquant sur fix checked

le premier: fix 1 selected items ? this will permently delete and/ or repar what you selected ?
donc j'ai fait oui

deuxième message: hijack is about to remove a BHO and the corresponding file from your system, close all internet explorer windows and all wndows explorer windows before continuing for the best chance of sucess.

Bien entendu javais tout fermé avant d'éxécuter cette commande.

Si ça peut t'aider le nom du trojan est "Trojan.BHO.H"



J'ai refait un log en mode normal quand meme:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Documents and Settings\o\Bureau\Crazy Browser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\o\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: www.google.fr
0
Réponse 27 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
vas refaire une analyse avec combofix en mode sans échec stp.

Enregistre le rapport, redémarre en mode normal et poste le rapport
0
Réponse 28 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Voila le rapport de combo en mode sans echec:


omboFix 08-11-12.01 - Administrateur 2008-11-16 22:12:56.7 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.374 [GMT 1:00]
Lancé depuis: c:\nouveau dossier\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.

2008-11-16 20:50 . 2008-11-16 21:47 <REP> d-------- C:\Nouveau dossier
2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-26 10:45 --------- d-----w c:\program files\Logitech
2008-10-26 09:46 --------- d-----w c:\program files\Creative
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-12 17:36 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
2008-10-12 17:05 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-10-12 17:05 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
2008-10-05 16:14 88,576 ----a-w c:\windows\system32\AntiXPVSTFix.exe
2008-10-05 16:14 87,552 ----a-w c:\windows\system32\VACFix.exe
2008-10-05 16:14 82,944 ----a-w c:\windows\system32\o4Patch.exe
2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.exe
2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.C.exe
2008-10-05 16:14 82,432 ----a-w c:\windows\system32\404Fix.exe
2008-10-05 16:14 53,248 ----a-w c:\windows\system32\Process.exe
2008-10-05 16:14 51,200 ----a-w c:\windows\system32\dumphive.exe
2008-10-05 16:14 289,144 ----a-w c:\windows\system32\VCCLSID.exe
2008-10-05 16:14 288,417 ----a-w c:\windows\system32\SrchSTS.exe
2008-10-05 16:14 25,600 ----a-w c:\windows\system32\WS2Fix.exe
2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
2008-09-28 17:12 --------- d-----w c:\program files\AVG
2008-09-28 16:31 104,960 ----a-w c:\windows\system32\znngdin.dll
2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
2008-09-14 14:24 69,120 ----a-w c:\windows\system32\olethk32.dll
2008-09-14 14:24 69,120 ----a-w c:\windows\system32\dllcache\olethk32.dll
2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-27 09:11 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
.

((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
"8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
"28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
"34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
"33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
"46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
"10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
"5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
"36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
"42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
"32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
"56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
"38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
"57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
"7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
"16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
"57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
"38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
"44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
"43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
"27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
"58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
"64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
"36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
"29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
"14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
"49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
"23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
"5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
"41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
"40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
"9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
"46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
"7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
"64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
"16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
"38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
"1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
"31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
"24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
"42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
"16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
"24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
"15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
"28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
"25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
"12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
"28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
"22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
"8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
"32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
"46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
"41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
"2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
"9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
"29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
"8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
"47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
"42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
"19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
"61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
"12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
"35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
"1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
"27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
"5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
S3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contenu du dossier 'Tâches planifiées'

2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
.
.
------- Examen supplémentaire -------
.
R0 -: HKLM-Main,Start Page = hxxp://www.google.com

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: teleir_cert - hxxps://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
c:\windows\Downloaded Program Files\teleir_cert.osd

O16 -: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
c:\windows\Downloaded Program Files\FileUploader.inf
c:\windows\Downloaded Program Files\FileUploader.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 22:16:39
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\windows\system32\DrvTrNTl.dll
.
Heure de fin: 2008-11-16 22:18:14
ComboFix-quarantined-files.txt 2008-11-16 21:18:11
ComboFix2.txt 2008-11-16 20:59:19
ComboFix3.txt 2008-11-16 18:08:01
ComboFix4.txt 2008-11-16 17:34:14
ComboFix5.txt 2008-11-16 21:12:22

Avant-CF: 103 855 185 920 octets libres
Après-CF: 103,831,564,288 octets libres

377 --- E O F --- 2008-11-12 23:39:56
0
Réponse 29 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
Toujours en mode sans échec, fais ceci stp :

▶ Copie le texte en gras ci-dessous :

File::
c:\windows\system32\onxyikd.dll


Folder::


Registry::



▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

▶ Cela va relancer Combofix,

▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

▶ Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 30 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Voila le rapport de combo :

omboFix 08-11-12.01 - Administrateur 2008-11-16 22:51:10.8 - NTFSx86 MINIMAL
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.381 [GMT 1:00]
Lancé depuis: c:\nouveau dossier\ComboFix.exe
Commutateurs utilisés :: c:\nouveau dossier\CFScript.txt

FILE ::
c:\windows\system32\onxyikd.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\onxyikd.dll . . . . impossible à supprimer

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.

2008-11-16 20:50 . 2008-11-16 22:51 <REP> d-------- C:\Nouveau dossier
2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-26 10:45 --------- d-----w c:\program files\Logitech
2008-10-26 09:46 --------- d-----w c:\program files\Creative
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
2008-09-28 17:12 --------- d-----w c:\program files\AVG
2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
2004-07-16 13:30 3,858 ----a-w c:\program files\directx redist.txt
2004-07-09 13:17 13,265,040 ----a-w c:\program files\dxnt.cab
2004-07-09 08:13 703,080 ----a-w c:\program files\BDA.cab
2004-07-09 08:13 15,493,481 ----a-w c:\program files\DirectX.cab
2004-07-09 03:08 472,576 ----a-w c:\program files\dxsetup.exe
2004-07-09 03:08 2,242,560 ----a-w c:\program files\dsetup32.dll
2004-07-09 02:03 62,976 ----a-w c:\program files\DSETUP.dll
.

((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
+ 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
- 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
- 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
+ 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
"TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll
"VIDC.ACDV"= ACDV.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.mxmc"= MimicICM.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SymAppCore"=2 (0x2)
"Symantec Core LC"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FileZilla\\FileZilla.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
"80:TCP"= 80:TCP:@xpsp2res.dll,-22009
"36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
"8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
"28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
"34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
"33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
"46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
"10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
"5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
"36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
"42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
"32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
"56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
"38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
"57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
"7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
"16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
"57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
"38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
"44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
"43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
"27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
"58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
"64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
"36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
"29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
"14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
"49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
"23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
"5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
"41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
"40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
"9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
"46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
"7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
"64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
"16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
"38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
"1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
"31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
"24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
"42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
"16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
"24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
"15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
"28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
"25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
"12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
"28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
"22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
"8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
"32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
"46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
"41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
"2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
"9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
"29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
"8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
"47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
"42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
"19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
"61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
"12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
"35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
"1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
"8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
"27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
"5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\setup.exe
\Shell\LVIPCAP\command - e:\techsupt\CaptureTest\LVidCap.exe
\Shell\PCITEST\command - e:\techsupt\SysTools\Listpci.exe
\Shell\USBREADY\command - e:\techsupt\Systools\USBReady.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 22:57:30
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\explorer.exe
-> c:\windows\system32\DrvTrNTl.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\scardsvr.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
c:\windows\system32\locator.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\vssvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Windows Live\installer\WLSetupSvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-11-16 23:07:36 - La machine a redémarré [o]
ComboFix-quarantined-files.txt 2008-11-16 22:07:19
ComboFix2.txt 2008-11-16 21:18:15
ComboFix3.txt 2008-11-16 20:59:19
ComboFix4.txt 2008-11-16 18:08:01
ComboFix5.txt 2008-11-16 21:50:31

Avant-CF: 103 850 409 984 octets libres
Après-CF: 103,284,203,520 octets libres

366 --- E O F --- 2008-11-12 23:39:56
0
Réponse 31 / 32
Aldebaran33 Messages postés 28 Statut Membre
 
Rapport hijack:

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:12, on 2008-11-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\msdtc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\dmadmin.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\o\Bureau\Crazy Browser.exe
C:\Documents and Settings\o\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: www.google.fr
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 84.103.237.142 86.64.145.142
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 32 / 32
geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
 
il a vraiment l air impossible à supprimer et je ne vois vraiment pas comment on pourrait faire d autre :s
0

Discussions similaires

Comment désactiver le mode sécurisé de la Freebox POP.
Cycy -
bazfile -

18 réponses
supprimer tor.jack android
sabinelouisonbruno -
akaloupile -

4 réponses
Tor.Jack.Malware
Camille -
bazfile -

1 réponse
Retirer le mode sécurisé sur l'écran de la TV connectée Free
beatrice -
baladur13 -

1 réponse
je n'arrive pas a supprimer un virus sur mon téléphone
nath340 -
christou -

26 réponses