Malware impossible à enlever - Page 2

Précédent
  • 1
  • 2
  1. Aldebaran33 Messages postés 28 Statut Membre
     
    Voila le rapport de combofix:

    mboFix 08-11-12.01 - o 2008-11-16 18:50:39.5 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.176 [GMT 1:00]
    Lancé depuis: c:\documents and settings\o\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\o\Bureau\CFScript.txt
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\onxyikd.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\onxyikd.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
    2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
    2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
    2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
    2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
    2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
    2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
    2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
    2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
    2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
    2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
    2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
    2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
    2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
    2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
    2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
    2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
    2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
    2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
    2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
    2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
    2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
    2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
    2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
    2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
    2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
    2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
    2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
    2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
    2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
    2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
    2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
    2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
    2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
    2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
    2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
    2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
    2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
    2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
    2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
    2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
    2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
    2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
    2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-26 10:45 --------- d-----w c:\program files\Logitech
    2008-10-26 09:46 --------- d-----w c:\program files\Creative
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
    2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
    2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
    2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
    2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
    2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
    2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
    2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
    2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
    2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
    2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
    2008-09-28 17:12 --------- d-----w c:\program files\AVG
    2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
    2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
    2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
    2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
    2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
    2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
    2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
    2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
    2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
    2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
    2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
    2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
    2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
    2004-07-16 13:30 3,858 ----a-w c:\program files\directx redist.txt
    2004-07-09 13:17 13,265,040 ----a-w c:\program files\dxnt.cab
    2004-07-09 08:13 703,080 ----a-w c:\program files\BDA.cab
    2004-07-09 08:13 15,493,481 ----a-w c:\program files\DirectX.cab
    2004-07-09 03:08 472,576 ----a-w c:\program files\dxsetup.exe
    2004-07-09 03:08 2,242,560 ----a-w c:\program files\dsetup32.dll
    2004-07-09 02:03 62,976 ----a-w c:\program files\DSETUP.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
    - 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
    2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
    "TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
    "SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 49152]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
    "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
    "LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
    "LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
    "nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
    "AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "VIDC.ACDV"= ACDV.dll
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "vidc.mxmc"= MimicICM.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymAppCore"=2 (0x2)
    "Symantec Core LC"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FileZilla\\FileZilla.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
    "80:TCP"= 80:TCP:@xpsp2res.dll,-22009
    "36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
    "8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
    "28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
    "34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
    "33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
    "46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
    "10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
    "5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
    "36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
    "42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
    "32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
    "56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
    "38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
    "57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
    "7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
    "16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
    "57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
    "38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
    "44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
    "43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
    "27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
    "58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
    "64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
    "36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
    "29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
    "14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
    "49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
    "23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
    "5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
    "41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
    "40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
    "9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
    "46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
    "7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
    "64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
    "16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
    "38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
    "1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
    "31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
    "24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
    "42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
    "16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
    "24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
    "15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
    "28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
    "25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
    "12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
    "28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
    "22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
    "8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
    "32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
    "46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
    "41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
    "2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
    "9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
    "29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
    "8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
    "47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
    "42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
    "19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
    "61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
    "12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
    "35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
    "1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
    "8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
    "27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
    "5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
    R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
    R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
    R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
    R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
    R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
    R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
    S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
    S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
    S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup.exe
    \Shell\LVIPCAP\command - e:\techsupt\CaptureTest\LVidCap.exe
    \Shell\PCITEST\command - e:\techsupt\SysTools\Listpci.exe
    \Shell\USBREADY\command - e:\techsupt\Systools\USBReady.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
    - c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

    2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

    2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-16 18:56:45
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\explorer.exe
    -> c:\windows\system32\DrvTrNTl.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\scardsvr.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\msdtc.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    c:\windows\system32\locator.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\vssvc.exe
    c:\windows\wanmpsvc.exe
    c:\program files\Windows Live\installer\WLSetupSvc.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Brother\Brmfcmon\BrMfimon.exe
    c:\windows\system32\imapi.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-16 19:07:57 - La machine a redémarré [o]
    ComboFix-quarantined-files.txt 2008-11-16 18:07:40
    ComboFix2.txt 2008-11-16 17:34:14
    ComboFix3.txt 2008-11-13 21:31:00
    ComboFix4.txt 2008-09-29 19:32:26
    ComboFix5.txt 2008-11-16 17:49:57

    Avant-CF: 103 310 843 904 octets libres
    Après-CF: 103,296,671,744 octets libres

    367 --- E O F --- 2008-11-12 23:39:56
    0
  2. Aldebaran33 Messages postés 28 Statut Membre
     
    Voila le rapport de hijack:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:11:50, on 16/11/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\msdtc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\o\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O15 - Trusted Zone: www.google.fr
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 86.64.145.142 84.103.237.142
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  3. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    redémarre le PC en mode sans échec : Explication

    vas supprimer manuellement ce fichier mis en gras : c:\windows\system32\onxyikd.dll

    ensuite redémarre en mode normal et fais ceci stp :

    ▶ Télécharge RegCleaner

    ▶ Une fois installé, double-clique sur son icône pour l'exécuter

    ▶ Dans la barre de menu, clique sur Options puis sélectionne Language => Choose the language

    ▶ recherche French.rlg et double-clique dessus pour appliquer la langue

    ▶ Clique ensuite sur Outils dans la barre de menu

    ▶ Sélectionne Nettoyage du registre => Nettoyeur de registre automatique

    ▶ RegCleaner va alors lancer le nettoyage automatiquement

    ▶ Coche ensuite les entrées invalides et clique sur Supprimer sélections => Terminer => Quitter

    Et ensuite refais un nouveau rapport hijackthis stp
    0
  4. Aldebaran33 Messages postés 28 Statut Membre
     
    Même en mode sans échec je n'arrive pas à supprimer manuellement le fichier onxyikd.dll

    Il me met toujours accès refusé, vérifier que le disqiue n'est pas plein ou protégé en écriture et que le fichier n'est pas actuellement utilisé.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    redémarre en mode sans échec.

    relance hijackthis en cliquant sur scan only et coche cette ligne :

    O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll

    puis tu cliques sur fix checked.

    redémarre en mode normal et refais un nouveau rapport hijackthis stp
    0
  7. Aldebaran33 Messages postés 28 Statut Membre
     
    J'ai eu deux messages d'erreur en cliquant sur fix checked

    le premier: fix 1 selected items ? this will permently delete and/ or repar what you selected ?
    donc j'ai fait oui

    deuxième message: hijack is about to remove a BHO and the corresponding file from your system, close all internet explorer windows and all wndows explorer windows before continuing for the best chance of sucess.

    Bien entendu javais tout fermé avant d'éxécuter cette commande.

    Si ça peut t'aider le nom du trojan est "Trojan.BHO.H"

    J'ai refait un log en mode normal quand meme:

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\msdtc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    C:\WINDOWS\system32\sessmgr.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\WINDOWS\System32\dmadmin.exe
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Documents and Settings\o\Bureau\Crazy Browser.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\o\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O15 - Trusted Zone: www.google.fr
    0
  8. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    vas refaire une analyse avec combofix en mode sans échec stp.

    Enregistre le rapport, redémarre en mode normal et poste le rapport
    0
  9. Aldebaran33 Messages postés 28 Statut Membre
     
    Voila le rapport de combo en mode sans echec:

    omboFix 08-11-12.01 - Administrateur 2008-11-16 22:12:56.7 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.374 [GMT 1:00]
    Lancé depuis: c:\nouveau dossier\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-16 20:50 . 2008-11-16 21:47 <REP> d-------- C:\Nouveau dossier
    2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
    2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
    2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
    2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
    2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
    2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
    2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
    2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
    2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
    2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
    2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
    2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
    2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
    2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
    2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
    2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
    2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
    2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
    2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
    2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
    2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
    2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
    2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
    2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
    2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
    2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
    2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
    2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
    2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
    2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
    2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
    2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
    2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
    2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
    2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
    2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
    2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
    2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
    2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
    2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
    2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
    2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
    2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
    2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-26 10:45 --------- d-----w c:\program files\Logitech
    2008-10-26 09:46 --------- d-----w c:\program files\Creative
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
    2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
    2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
    2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2008-10-12 17:36 10,520 ----a-w c:\windows\system32\avgrsstx.dll
    2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
    2008-10-12 17:05 499,712 ----a-w c:\windows\system32\msvcp71.dll
    2008-10-12 17:05 348,160 ----a-w c:\windows\system32\msvcr71.dll
    2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
    2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
    2008-10-05 16:14 88,576 ----a-w c:\windows\system32\AntiXPVSTFix.exe
    2008-10-05 16:14 87,552 ----a-w c:\windows\system32\VACFix.exe
    2008-10-05 16:14 82,944 ----a-w c:\windows\system32\o4Patch.exe
    2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.exe
    2008-10-05 16:14 82,944 ----a-w c:\windows\system32\IEDFix.C.exe
    2008-10-05 16:14 82,432 ----a-w c:\windows\system32\404Fix.exe
    2008-10-05 16:14 53,248 ----a-w c:\windows\system32\Process.exe
    2008-10-05 16:14 51,200 ----a-w c:\windows\system32\dumphive.exe
    2008-10-05 16:14 289,144 ----a-w c:\windows\system32\VCCLSID.exe
    2008-10-05 16:14 288,417 ----a-w c:\windows\system32\SrchSTS.exe
    2008-10-05 16:14 25,600 ----a-w c:\windows\system32\WS2Fix.exe
    2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
    2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
    2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-10-03 17:12 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
    2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
    2008-09-28 17:12 --------- d-----w c:\program files\AVG
    2008-09-28 16:31 104,960 ----a-w c:\windows\system32\znngdin.dll
    2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
    2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
    2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
    2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
    2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
    2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
    2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
    2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
    2008-09-15 15:26 1,846,528 ----a-w c:\windows\system32\win32k.sys
    2008-09-14 14:24 69,120 ----a-w c:\windows\system32\olethk32.dll
    2008-09-14 14:24 69,120 ----a-w c:\windows\system32\dllcache\olethk32.dll
    2008-09-10 01:15 1,307,648 ----a-w c:\windows\system32\msxml6.dll
    2008-09-10 01:15 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
    2008-09-04 17:16 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    2008-08-27 09:11 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
    2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
    2008-08-25 08:38 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
    2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
    2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
    2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
    2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
    2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
    2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
    - 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
    2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
    "TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
    "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
    "LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
    "LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
    "nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
    "AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "VIDC.ACDV"= ACDV.dll
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "vidc.mxmc"= MimicICM.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymAppCore"=2 (0x2)
    "Symantec Core LC"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FileZilla\\FileZilla.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
    "80:TCP"= 80:TCP:@xpsp2res.dll,-22009
    "36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
    "8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
    "28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
    "34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
    "33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
    "46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
    "10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
    "5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
    "36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
    "42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
    "32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
    "56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
    "38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
    "57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
    "7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
    "16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
    "57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
    "38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
    "44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
    "43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
    "27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
    "58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
    "64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
    "36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
    "29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
    "14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
    "49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
    "23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
    "5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
    "41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
    "40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
    "9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
    "46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
    "7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
    "64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
    "16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
    "38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
    "1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
    "31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
    "24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
    "42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
    "16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
    "24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
    "15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
    "28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
    "25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
    "12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
    "28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
    "22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
    "8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
    "32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
    "46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
    "41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
    "2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
    "9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
    "29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
    "8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
    "47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
    "42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
    "19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
    "61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
    "12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
    "35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
    "1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
    "8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
    "27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
    "5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
    R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
    R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
    S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
    S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
    S1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
    S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
    S2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
    S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
    S3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
    S3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
    S3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
    S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
    - c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

    2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

    2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    R0 -: HKLM-Main,Start Page = hxxp://www.google.com

    O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
    c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

    O16 -: teleir_cert - hxxps://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    c:\windows\Downloaded Program Files\teleir_cert.osd

    O16 -: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    c:\windows\Downloaded Program Files\FileUploader.inf
    c:\windows\Downloaded Program Files\FileUploader.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-16 22:16:39
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\explorer.exe
    -> c:\windows\system32\DrvTrNTl.dll
    .
    Heure de fin: 2008-11-16 22:18:14
    ComboFix-quarantined-files.txt 2008-11-16 21:18:11
    ComboFix2.txt 2008-11-16 20:59:19
    ComboFix3.txt 2008-11-16 18:08:01
    ComboFix4.txt 2008-11-16 17:34:14
    ComboFix5.txt 2008-11-16 21:12:22

    Avant-CF: 103 855 185 920 octets libres
    Après-CF: 103,831,564,288 octets libres

    377 --- E O F --- 2008-11-12 23:39:56
    0
  10. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    Toujours en mode sans échec, fais ceci stp :

    ▶ Copie le texte en gras ci-dessous :

    File::
    c:\windows\system32\onxyikd.dll

    Folder::

    Registry::


    ▶ Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    ▶ Sauvegarde ce fichier sous le nom de CFScript.txt.

    ▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    ▶ Cela va relancer Combofix,

    ▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    ▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    ▶ Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    ▶ S'il n'y a pas de rédémarrage, poste quand même les rapports.
    0
  11. Aldebaran33 Messages postés 28 Statut Membre
     
    Voila le rapport de combo :

    omboFix 08-11-12.01 - Administrateur 2008-11-16 22:51:10.8 - NTFSx86 MINIMAL
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.381 [GMT 1:00]
    Lancé depuis: c:\nouveau dossier\ComboFix.exe
    Commutateurs utilisés :: c:\nouveau dossier\CFScript.txt

    FILE ::
    c:\windows\system32\onxyikd.dll
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\onxyikd.dll . . . . impossible à supprimer

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
    .

    2008-11-16 20:50 . 2008-11-16 22:51 <REP> d-------- C:\Nouveau dossier
    2008-11-16 08:38 . 2008-11-16 08:38 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes
    2008-11-16 08:15 . 2008-11-16 08:15 11,020,722 --a------ C:\upload_moi_SN301833070001.tar.gz
    2008-11-15 22:56 . 2008-11-15 22:56 <REP> d-------- C:\VundoFix Backups
    2008-11-13 22:45 . 2008-11-13 23:01 <REP> d-------- C:\SDFix
    2008-11-13 21:49 . 2008-11-13 22:00 <REP> d-------- c:\program files\Enigma Software Group
    2008-11-13 00:01 . 2008-11-13 00:01 19,969 --a------ c:\windows\yfalebiby.ban
    2008-11-13 00:01 . 2008-11-13 00:01 19,734 --a------ c:\windows\zugukyg.ban
    2008-11-13 00:01 . 2008-11-13 00:01 18,946 --a------ c:\windows\fefomokon.dl
    2008-11-13 00:01 . 2008-11-13 00:01 18,384 --a------ c:\documents and settings\o\Application Data\bywizenow.bat
    2008-11-13 00:01 . 2008-11-13 00:01 16,953 --a------ c:\windows\pubowoky.inf
    2008-11-13 00:01 . 2008-11-13 00:01 15,533 --a------ c:\documents and settings\o\Application Data\wefozogeh.vbs
    2008-11-13 00:01 . 2008-11-13 00:01 13,575 --a------ c:\documents and settings\o\Application Data\azaga.sys
    2008-11-13 00:01 . 2008-11-13 00:01 12,891 --a------ c:\program files\Fichiers communs\qolylefyja.exe
    2008-11-13 00:01 . 2008-11-13 00:01 12,002 --a------ c:\windows\system32\aboh.ban
    2008-11-13 00:01 . 2008-11-13 00:01 11,979 --a------ c:\documents and settings\o\Application Data\ofeq.reg
    2008-11-13 00:01 . 2008-11-13 00:01 10,429 --a------ c:\windows\ojepuq.sys
    2008-11-12 18:45 . 2008-10-24 12:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
    2008-11-12 18:44 . 2008-09-04 18:16 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
    2008-11-09 14:57 . 2008-11-09 14:57 164 --a------ C:\install.dat
    2008-10-29 21:43 . 2008-10-30 18:52 <REP> d-------- c:\program files\NOS
    2008-10-26 12:13 . 2007-03-12 16:42 3,495,784 --a------ c:\windows\system32\d3dx9_33.dll
    2008-10-26 12:09 . 2008-10-26 12:09 <REP> d-------- c:\windows\Logs
    2008-10-26 12:06 . 2008-10-26 12:06 <REP> d-------- c:\program files\Microsoft Silverlight
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\program files\Fichiers communs\FotoWire
    2008-10-26 11:45 . 2008-10-26 11:45 <REP> d-------- c:\documents and settings\o\Application Data\FotoWire
    2008-10-26 11:45 . 2002-12-06 12:22 466,944 --a------ c:\windows\system32\CIMSVR.exe
    2008-10-26 11:45 . 2002-12-06 12:23 233,472 --a------ c:\windows\system32\CIMVIEW.dll
    2008-10-26 11:45 . 2002-12-06 12:19 147,456 --a------ c:\windows\system32\MimicICM.dll
    2008-10-26 11:45 . 2002-12-06 12:22 28,672 --a------ c:\windows\system32\CIMSVRps.dll
    2008-10-26 10:46 . 2004-06-03 12:10 71,596 --------- c:\windows\system32\drivers\PfModNT.sys
    2008-10-26 10:46 . 1999-12-13 02:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
    2008-10-26 10:46 . 1999-11-18 02:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
    2008-10-24 17:50 . 2008-10-15 17:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
    2008-10-19 17:28 . 2008-10-19 17:42 <REP> d-------- c:\documents and settings\All Users\Application Data\Logishrd
    2008-10-17 18:23 . 2008-04-13 08:36 144,384 --------- c:\windows\system32\drivers\hdaudbus.sys
    2008-10-17 18:23 . 2008-04-13 10:40 10,240 --------- c:\windows\system32\drivers\sffp_mmc.sys
    2008-10-17 18:21 . 2006-12-28 11:01 19,569 --a------ c:\windows\[u]0/u03180_.tmp
    2008-10-16 19:46 . 2008-09-08 11:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
    2008-10-16 19:45 . 2008-08-14 14:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
    2008-10-16 19:45 . 2008-08-14 14:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
    2008-10-16 19:45 . 2008-09-15 16:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
    2008-10-16 19:44 . 2008-08-14 14:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-11-15 21:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2008-11-15 19:32 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2008-11-14 18:01 1,928 ----a-w c:\program files\hqynyslu.txt
    2008-11-12 23:01 19,578 ----a-w c:\program files\Fichiers communs\sarezer.lib
    2008-11-12 23:01 15,179 ----a-w c:\program files\Fichiers communs\ucovu.db
    2008-11-12 23:01 14,562 ----a-w c:\program files\Fichiers communs\zujofirajy.lib
    2008-11-12 23:01 14,077 ----a-w c:\program files\Fichiers communs\exufuzezyx._sy
    2008-11-12 23:01 11,393 ----a-w c:\program files\Fichiers communs\erygimuli._dl
    2008-11-09 11:05 --------- d-----w c:\program files\AOL 8.0
    2008-11-08 10:30 --------- d-----w c:\documents and settings\o\Application Data\OpenOffice.org2
    2008-10-30 17:52 --------- d-----w c:\documents and settings\All Users\Application Data\NOS
    2008-10-29 20:47 --------- d-----w c:\program files\Fichiers communs\Adobe
    2008-10-26 10:45 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-10-26 10:45 --------- d-----w c:\program files\Logitech
    2008-10-26 09:46 --------- d-----w c:\program files\Creative
    2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
    2008-10-22 15:10 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2008-10-22 15:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2008-10-19 16:42 --------- d-----w c:\program files\Fichiers communs\LogiShrd
    2008-10-18 10:09 --------- d-----w c:\program files\MSN Messenger
    2008-10-12 21:15 --------- d-----w c:\program files\QuickTime
    2008-10-12 21:15 --------- d-----w c:\program files\Fichiers communs\Apple
    2008-10-12 21:12 --------- d-----w c:\program files\Apple Software Update
    2008-10-12 21:12 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
    2008-10-12 17:36 97,928 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2008-10-12 17:36 76,040 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2008-10-12 17:34 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\xing shared
    2008-10-12 17:06 --------- d-----w c:\program files\Fichiers communs\Real
    2008-10-08 20:21 --------- d-----w c:\program files\Services en ligne
    2008-10-06 17:00 --------- d-----w c:\documents and settings\Damien.SN301833070001\Application Data\Malwarebytes
    2008-10-05 14:26 --------- d-----w c:\program files\SUPERAntiSpyware
    2008-10-05 14:26 --------- d-----w c:\documents and settings\o\Application Data\SUPERAntiSpyware.com
    2008-10-05 13:38 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2008-09-29 20:34 --------- d-----w c:\program files\Windows Live
    2008-09-29 19:52 --------- dcsh--w c:\program files\Fichiers communs\WindowsLiveInstaller
    2008-09-29 19:50 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
    2008-09-28 20:04 --------- d-----w c:\program files\Crazy Browser
    2008-09-28 17:12 --------- d-----w c:\program files\AVG
    2008-09-28 14:43 --------- d-----w c:\documents and settings\o\Application Data\Malwarebytes
    2008-09-28 14:43 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-09-21 18:57 --------- d-----w c:\program files\ACD Systems
    2008-09-21 18:56 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
    2008-09-21 09:28 --------- d-----w c:\documents and settings\o\Application Data\SumatraPDF
    2008-09-21 09:27 --------- d-----w c:\program files\SumatraPDF
    2008-09-20 20:20 85 ----a-w c:\documents and settings\o\reparation.bat
    2008-09-20 13:54 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
    2008-09-19 10:49 --------- d-----w c:\documents and settings\o\Application Data\IDMComp
    2008-09-19 10:47 --------- d-----w c:\program files\UltraEdit
    2008-07-15 17:47 58 ----a-w c:\documents and settings\All Users\Application Data\ustore.dat
    2007-12-11 22:15 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
    2006-12-01 00:15 22,904 ----a-w c:\documents and settings\o\Application Data\GDIPFONTCACHEV1.DAT
    2004-07-22 09:51 3,432,656 ----a-w c:\program files\ManagedDX.CAB
    2004-07-19 21:58 1,156,363 ----a-w c:\program files\BDANT.cab
    2004-07-19 21:53 976,020 ----a-w c:\program files\BDAXP.cab
    2004-07-16 13:30 3,858 ----a-w c:\program files\directx redist.txt
    2004-07-09 13:17 13,265,040 ----a-w c:\program files\dxnt.cab
    2004-07-09 08:13 703,080 ----a-w c:\program files\BDA.cab
    2004-07-09 08:13 15,493,481 ----a-w c:\program files\DirectX.cab
    2004-07-09 03:08 472,576 ----a-w c:\program files\dxsetup.exe
    2004-07-09 03:08 2,242,560 ----a-w c:\program files\dsetup32.dll
    2004-07-09 02:03 62,976 ----a-w c:\program files\DSETUP.dll
    .

    ((((((((((((((((((((((((((((( snapshot_2008-11-13_22.29.42.07 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2008-11-03 20:59:45 56,364 ----a-w c:\windows\system32\perfc009.dat
    + 2008-11-15 18:16:51 56,364 ----a-w c:\windows\system32\perfc009.dat
    - 2008-11-03 20:59:45 68,498 ----a-w c:\windows\system32\perfc00C.dat
    + 2008-11-15 18:16:51 68,498 ----a-w c:\windows\system32\perfc00C.dat
    - 2008-11-03 20:59:45 386,010 ----a-w c:\windows\system32\perfh009.dat
    + 2008-11-15 18:16:51 386,010 ----a-w c:\windows\system32\perfh009.dat
    - 2008-11-03 20:59:45 451,712 ----a-w c:\windows\system32\perfh00C.dat
    + 2008-11-15 18:16:51 451,712 ----a-w c:\windows\system32\perfh00C.dat
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F}]
    2008-09-28 17:31 104960 --a------ c:\windows\system32\onxyikd.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
    "Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VCSPlayer"="c:\program files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 299008]
    "TotalRecorderScheduler"="c:\program files\HighCriteria\TotalRecorder\TotRecSched.exe" [2002-03-12 32768]
    "TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-10-12 185872]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-26 36975]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
    "LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
    "LogitechImageStudioTray"="c:\program files\Logitech\ImageStudio\LogiTray.exe" [2002-12-10 61440]
    "LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-02-08 278528]
    "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
    "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-10-12 1234712]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "SoundMan"="SOUNDMAN.EXE" [2004-02-26 c:\windows\SOUNDMAN.EXE]
    "nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]
    "AdslTaskBar"="stmctrl.dll" [2005-02-11 c:\windows\system32\stmctrl.dll]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer"= DrvTrNTm.dll
    "wave"= DrvTrNTm.dll
    "VIDC.ACDV"= ACDV.dll
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
    "vidc.mxmc"= MimicICM.DLL

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wineg57.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfi60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winnq60.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "SymAppCore"=2 (0x2)
    "Symantec Core LC"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\FileZilla\\FileZilla.exe"=
    "c:\\Program Files\\EA GAMES\\Battlefield Vietnam\\bfvietnam.exe"=
    "c:\\Program Files\\Shareaza\\Shareaza.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Crazy Browser\\Crazy Browser.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\MSN Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26827:TCP"= 26827:TCP:@xpsp2res.dll,-22009
    "80:TCP"= 80:TCP:@xpsp2res.dll,-22009
    "36316:TCP"= 36316:TCP:@xpsp2res.dll,-22009
    "8758:TCP"= 8758:TCP:@xpsp2res.dll,-22009
    "28385:TCP"= 28385:TCP:@xpsp2res.dll,-22009
    "34784:TCP"= 34784:TCP:@xpsp2res.dll,-22009
    "33922:TCP"= 33922:TCP:@xpsp2res.dll,-22009
    "46786:TCP"= 46786:TCP:@xpsp2res.dll,-22009
    "10433:TCP"= 10433:TCP:@xpsp2res.dll,-22009
    "5317:TCP"= 5317:TCP:@xpsp2res.dll,-22009
    "36558:TCP"= 36558:TCP:@xpsp2res.dll,-22009
    "42202:TCP"= 42202:TCP:@xpsp2res.dll,-22009
    "32958:TCP"= 32958:TCP:@xpsp2res.dll,-22009
    "56777:TCP"= 56777:TCP:@xpsp2res.dll,-22009
    "38313:TCP"= 38313:TCP:@xpsp2res.dll,-22009
    "57401:TCP"= 57401:TCP:@xpsp2res.dll,-22009
    "7985:TCP"= 7985:TCP:@xpsp2res.dll,-22009
    "16793:TCP"= 16793:TCP:@xpsp2res.dll,-22009
    "57143:TCP"= 57143:TCP:@xpsp2res.dll,-22009
    "38889:TCP"= 38889:TCP:@xpsp2res.dll,-22009
    "44764:TCP"= 44764:TCP:@xpsp2res.dll,-22009
    "43429:TCP"= 43429:TCP:@xpsp2res.dll,-22009
    "27696:TCP"= 27696:TCP:@xpsp2res.dll,-22009
    "58315:TCP"= 58315:TCP:@xpsp2res.dll,-22009
    "64640:TCP"= 64640:TCP:@xpsp2res.dll,-22009
    "36304:TCP"= 36304:TCP:@xpsp2res.dll,-22009
    "29078:TCP"= 29078:TCP:@xpsp2res.dll,-22009
    "14484:TCP"= 14484:TCP:@xpsp2res.dll,-22009
    "49835:TCP"= 49835:TCP:@xpsp2res.dll,-22009
    "23779:TCP"= 23779:TCP:@xpsp2res.dll,-22009
    "5592:TCP"= 5592:TCP:@xpsp2res.dll,-22009
    "41661:TCP"= 41661:TCP:@xpsp2res.dll,-22009
    "40097:TCP"= 40097:TCP:@xpsp2res.dll,-22009
    "9346:TCP"= 9346:TCP:@xpsp2res.dll,-22009
    "46244:TCP"= 46244:TCP:@xpsp2res.dll,-22009
    "7994:TCP"= 7994:TCP:@xpsp2res.dll,-22009
    "64766:TCP"= 64766:TCP:@xpsp2res.dll,-22009
    "16026:TCP"= 16026:TCP:@xpsp2res.dll,-22009
    "38301:TCP"= 38301:TCP:@xpsp2res.dll,-22009
    "1441:TCP"= 1441:TCP:@xpsp2res.dll,-22009
    "31963:TCP"= 31963:TCP:@xpsp2res.dll,-22009
    "24624:TCP"= 24624:TCP:@xpsp2res.dll,-22009
    "42983:TCP"= 42983:TCP:@xpsp2res.dll,-22009
    "16098:TCP"= 16098:TCP:@xpsp2res.dll,-22009
    "24766:TCP"= 24766:TCP:@xpsp2res.dll,-22009
    "15054:TCP"= 15054:TCP:@xpsp2res.dll,-22009
    "28465:TCP"= 28465:TCP:@xpsp2res.dll,-22009
    "25744:TCP"= 25744:TCP:@xpsp2res.dll,-22009
    "12499:TCP"= 12499:TCP:@xpsp2res.dll,-22009
    "28398:TCP"= 28398:TCP:@xpsp2res.dll,-22009
    "22503:TCP"= 22503:TCP:@xpsp2res.dll,-22009
    "8391:TCP"= 8391:TCP:@xpsp2res.dll,-22009
    "32238:TCP"= 32238:TCP:@xpsp2res.dll,-22009
    "46333:TCP"= 46333:TCP:@xpsp2res.dll,-22009
    "41167:TCP"= 41167:TCP:@xpsp2res.dll,-22009
    "2284:TCP"= 2284:TCP:@xpsp2res.dll,-22009
    "9155:TCP"= 9155:TCP:@xpsp2res.dll,-22009
    "29881:TCP"= 29881:TCP:@xpsp2res.dll,-22009
    "8507:TCP"= 8507:TCP:@xpsp2res.dll,-22009
    "47417:TCP"= 47417:TCP:@xpsp2res.dll,-22009
    "42646:TCP"= 42646:TCP:@xpsp2res.dll,-22009
    "19163:TCP"= 19163:TCP:@xpsp2res.dll,-22009
    "61881:TCP"= 61881:TCP:@xpsp2res.dll,-22009
    "12249:TCP"= 12249:TCP:@xpsp2res.dll,-22009
    "35481:TCP"= 35481:TCP:@xpsp2res.dll,-22009
    "1424:TCP"= 1424:TCP:@xpsp2res.dll,-22009
    "8394:TCP"= 8394:TCP:@xpsp2res.dll,-22009
    "27629:TCP"= 27629:TCP:@xpsp2res.dll,-22009
    "5023:TCP"= 5023:TCP:@xpsp2res.dll,-22009
    "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
    "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
    "500:UDP"= 500:UDP:@xpsp2res.dll,-22017

    R0 ztzmgbnf;ztzmgbnf;c:\windows\system32\drivers\ztzmgbnf.sys [2002-08-30 23424]
    R1 Asapi;Asapi;c:\windows\system32\drivers\Asapi.sys [2002-08-06 11264]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-10-12 97928]
    R1 vcsmpdrv;vcsmpdrv;c:\windows\system32\DRIVERS\vcsmpdrv.sys [2003-06-16 49024]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-12 231704]
    R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-10-12 76040]
    R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);c:\program files\Virtual CD v4 SDK\system\vcssecs.exe [2002-05-16 139264]
    R3 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-10-12 875288]
    R3 Stmatm;ATM/ADSL miniport;c:\windows\system32\DRIVERS\stmatm.sys [2004-11-16 60191]
    R3 TaurusUsb;ADSL Modem USB Service;c:\windows\system32\DRIVERS\torususb.sys [2005-04-19 543555]
    R3 USBSTOR;Pilote de stockage de masse USB;c:\windows\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
    S0 Wineg57;Wineg57;c:\windows\system32\Drivers\Wineg57.sys [ ]
    S0 Winfi60;Winfi60;c:\windows\system32\Drivers\Winfi60.sys [ ]
    S0 Winnq60;Winnq60;c:\windows\system32\Drivers\Winnq60.sys [ ]
    S2 p2pgasvc;Authentification de groupe réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S2 PNRPSvc;Protocole de résolution de noms d'homologues;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 p2pimsvc;Gestionnaire d'identité réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]
    S4 p2psvc;Réseau homologue;c:\windows\system32\svchost.exe [2008-04-13 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
    \Shell\AutoRun\command - E:\setup.exe
    \Shell\LVIPCAP\command - e:\techsupt\CaptureTest\LVidCap.exe
    \Shell\PCITEST\command - e:\techsupt\SysTools\Listpci.exe
    \Shell\USBREADY\command - e:\techsupt\Systools\USBReady.exe
    .
    Contenu du dossier 'Tâches planifiées'

    2008-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2008-11-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
    - c:\documents and settings\o\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []

    2004-06-04 c:\windows\Tasks\Rappel d'enregistrement 2.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]

    2004-05-28 c:\windows\Tasks\Rappel d'enregistrement 3.job
    - c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 18:34]
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-11-16 22:57:30
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    PROCESSUS: c:\windows\explorer.exe
    -> c:\windows\system32\DrvTrNTl.dll
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\windows\system32\scardsvr.exe
    c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
    c:\windows\system32\CTSVCCDA.EXE
    c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    c:\windows\system32\msdtc.exe
    c:\windows\system32\nvsvc32.exe
    c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
    c:\windows\system32\locator.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\wdfmgr.exe
    c:\windows\system32\vssvc.exe
    c:\windows\wanmpsvc.exe
    c:\program files\Windows Live\installer\WLSetupSvc.exe
    c:\windows\system32\wbem\wmiapsrv.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\windows\system32\dllhost.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Brother\Brmfcmon\BrMfimon.exe
    c:\windows\system32\imapi.exe
    .
    **************************************************************************
    .
    Heure de fin: 2008-11-16 23:07:36 - La machine a redémarré [o]
    ComboFix-quarantined-files.txt 2008-11-16 22:07:19
    ComboFix2.txt 2008-11-16 21:18:15
    ComboFix3.txt 2008-11-16 20:59:19
    ComboFix4.txt 2008-11-16 18:08:01
    ComboFix5.txt 2008-11-16 21:50:31

    Avant-CF: 103 850 409 984 octets libres
    Après-CF: 103,284,203,520 octets libres

    366 --- E O F --- 2008-11-12 23:39:56
    0
  12. Aldebaran33 Messages postés 28 Statut Membre
     
    Rapport hijack:

    ogfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:12, on 2008-11-16
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\msdtc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\WINDOWS\System32\vssvc.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Windows Live\installer\WLSetupSvc.exe
    C:\WINDOWS\System32\wbem\wmiapsrv.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\System32\dmadmin.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\System32\dllhost.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\o\Bureau\Crazy Browser.exe
    C:\Documents and Settings\o\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {3F2E6C22-39B0-4A89-8DE9-AB4E99F6C35F} - c:\windows\system32\onxyikd.dll
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [TotalRecorderScheduler] C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
    O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Packard Bell EverSafe Tray Control.lnk = C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
    O15 - Trusted Zone: www.google.fr
    O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
    O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097952190140
    O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f012.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/unibet/FlashAX.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C3E509A-C512-45E6-B89C-F9F2CD33136B}: NameServer = 84.103.237.142 86.64.145.142
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
    0
  13. geoffrey5 Messages postés 14008 Statut Contributeur sécurité 10
     
    il a vraiment l air impossible à supprimer et je ne vois vraiment pas comment on pourrait faire d autre :s
    0
Précédent
  • 1
  • 2