Sujet Précédent Sujet Suivant

"warning dangerous spyware"

Résolu/Fermé
stephaanie - 2 déc. 2008 à 15:26
 spayks - 25 janv. 2010 à 17:46
Bonjour,

depuis hier j'ai ce message qui s'affiche en fond d'ecran ainsi qu'une icone rouge avec une croix blanche.

J'ai lancé Norton antivirus qui n'a rien trouvé, ainsi qu'AdAware, et CCCleaner : sans résultat.

J'ai téléchargé Malawarebytes et j'ai lancé l'application, puis après avoir supprimé les fichiers malveillants, j'ai redémarré, et j'ai toujours le message en fond d'ecran.
De plus, toutes les 5 minutes environ le fichier "mes documents" s'ouvre tout seul.

J'ai vraiment d'aide là ! Merci par avance
A voir également:

45 réponses

Précédent
Réponse 41 / 45
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
19 déc. 2008 à 04:15
ok alexe654,
@+
0
Réponse 42 / 45
lesotho Messages postés 2 Date d'inscription mardi 3 février 2009 Statut Membre Dernière intervention 5 février 2009
4 févr. 2009 à 18:23
salut, j'ai le même problème, je suis tenté de faire les manip décrites au dessus mais il me semble que chacune d'entre elles est propre aux rapports générés par les utilisateurs. J'aimerais juste savoir ! Si je dois refaire la manip, ce ne sera pas un problème, par contre je suis incapable de décoder les rapports !!
De plus, le gestionnaire des taches est inaccessible, j'ai aussi l'impression que certains dossiers dans le registre ont tout simplement disparu.
Voila je suis un peu embêté mais je comprendrais si vous n'avez le temps !

--------
windows xp
firefox 3.0.5
0
Réponse 43 / 45
lesotho Messages postés 2 Date d'inscription mardi 3 février 2009 Statut Membre Dernière intervention 5 février 2009
5 févr. 2009 à 17:31
voici quand même mon rapport au cas ou vous passeriez par ce post...

ComboFix 09-02-04.04 - nicolas 2009-02-05 17:11:30.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1022.567 [GMT 1:00]
Lancé depuis: c:\documents and settings\nicolas\Bureau\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\nicolas\Application Data\inst.exe
c:\documents and settings\nicolas\Local Settings\Application Data\ikywoow.dat
c:\documents and settings\nicolas\Local Settings\Application Data\ikywoow.exe
c:\documents and settings\nicolas\Local Settings\Application Data\ikywoow_nav.dat
c:\documents and settings\nicolas\Local Settings\Application Data\ikywoow_navps.dat
c:\windows\pack.epk
c:\windows\system32\ahtn.htm
c:\windows\system32\frmwrk32.exe
c:\windows\system32\hqkluopjst_navtmp.dat
c:\windows\system32\jhauambmz.dat
c:\windows\system32\jhauambmz_nav.dat
c:\windows\system32\jhauambmz_navps.dat
c:\windows\system32\nvs2.inf
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_PACKET
-------\Service_Boonty Games
-------\Service_Packet


((((((((((((((((((((((((((((( Fichiers créés du 2009-01-05 au 2009-02-05 ))))))))))))))))))))))))))))))))))))
.

2009-02-03 18:39 . 2009-02-03 18:39 136,981 --a------ C:\cc_20090203_1839.reg
2009-02-03 18:16 . 2009-02-03 18:16 3 --a------ c:\windows\sbacknt.bin
2009-02-03 18:15 . 2009-02-03 18:54 <REP> d-------- c:\documents and settings\nicolas\Application Data\vghd
2009-02-03 18:15 . 2009-02-03 18:15 152,904 --a------ c:\windows\system32\vghd.scr
2009-02-02 15:30 . 2009-02-04 18:00 <REP> d-------- c:\program files\Norton Security Scan
2009-02-02 15:30 . 2009-02-04 18:00 <REP> d-------- c:\program files\Fichiers communs\Symantec Shared
2009-01-30 12:47 . 2009-01-30 12:47 <REP> d-------- c:\program files\K-Lite Codec Pack
2009-01-30 12:47 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
2009-01-30 12:47 . 2008-12-07 19:08 795,648 --a------ c:\windows\system32\xvidcore.dll
2009-01-30 12:47 . 2004-01-25 17:18 217,088 --a------ c:\windows\system32\yv12vfw.dll
2009-01-30 12:47 . 2008-09-16 20:23 168,448 --a------ c:\windows\system32\unrar.dll
2009-01-30 12:47 . 2008-12-07 19:08 130,048 --a------ c:\windows\system32\xvidvfw.dll
2009-01-30 12:47 . 2007-09-21 01:52 118,784 --a------ c:\windows\system32\ac3acm.acm
2009-01-30 12:47 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
2009-01-30 12:47 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
2009-01-30 12:47 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
2009-01-07 08:31 . 2009-01-07 08:31 <REP> d-------- c:\program files\Fichiers communs\Adobe AIR
2009-01-07 08:31 . 2009-01-07 08:31 <REP> d-------- c:\program files\Adobe Media Player
2009-01-07 08:10 . 2009-01-07 08:10 <REP> d-------- c:\program files\Veoh Networks

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 00:50 --------- d-----w c:\documents and settings\nicolas\Application Data\Ableton
2009-02-05 00:48 --------- d-----w c:\program files\Ableton
2009-02-04 19:23 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-04 16:15 --------- d-----w c:\program files\McAfee
2009-02-03 17:40 --------- d-----w c:\program files\Windows Live Toolbar
2009-02-03 17:32 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-03 17:06 --------- d-----w c:\documents and settings\nicolas\Application Data\uTorrent
2009-01-30 11:23 --------- d-----w c:\program files\uTorrent
2009-01-29 19:19 --------- d-----w c:\documents and settings\nicolas\Application Data\SiteAdvisor
2009-01-26 20:44 --------- d-----w c:\program files\Google
2009-01-15 12:05 --------- d-----w c:\documents and settings\nicolas\Application Data\U3
2008-12-29 00:01 --------- d-----w c:\documents and settings\nicolas\Application Data\dvdcss
2008-12-17 15:28 --------- d-----w c:\program files\Microsoft
2008-12-17 15:27 --------- d-----w c:\program files\Windows Live
2008-12-17 15:26 --------- d-----w c:\program files\Microsoft Sync Framework
2008-12-17 15:24 --------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2008-12-17 15:15 --------- d-----w c:\program files\MSN Messenger
2008-12-17 15:13 --------- d-----w c:\program files\Windows Live SkyDrive
2008-12-17 14:01 --------- d-----w c:\program files\Fichiers communs\Windows Live
2008-12-16 20:53 --------- d-----w c:\program files\VstPlugins
2008-12-16 20:53 --------- d-----w c:\program files\Common Files
2008-12-16 20:52 --------- d-----w c:\program files\Native Instruments
2008-12-16 20:52 --------- d-----w c:\program files\Fichiers communs\Native Instruments
2008-12-14 21:20 --------- d-----w c:\program files\DivX
2008-12-11 18:24 --------- d-----w c:\program files\UsbFix
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:55 --------- d-----w c:\program files\Paint.NET
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2007-12-23 22:03 47,360 ----a-w c:\documents and settings\nicolas\Application Data\pcouffin.sys
2006-12-25 18:32 251 ----a-w c:\program files\wt3d.ini
2007-02-17 22:39 168 --sh--r c:\windows\system32\B67B3FC35E.sys
2007-02-17 22:40 5,486 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"= ma_cmidn.dll
"midi2"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk
backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^QuickTV.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\QuickTV.lnk
backup=c:\windows\pss\QuickTV.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^TrayMin230.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\TrayMin230.lnk
backup=c:\windows\pss\TrayMin230.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^nicolas^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\nicolas\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-23 19:33 57344 c:\program files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
--a------ 2006-01-02 18:41 45056 c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-10-31 10:51 57344 c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
--a------ 2006-08-28 22:57 395776 c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-12-06 02:05 127035 c:\windows\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
--a------ 2008-03-20 07:22 320168 c:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gnetmous]
--a------ 2002-08-02 09:34 153088 c:\program files\Samsung\Samsung RF Wheel Mouse\gnetmous.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-08-03 13:46 1836544 c:\program files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2005-08-11 15:30 249856 c:\program files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2005-08-11 15:30 81920 c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdxamon]
--a------ 2008-03-20 07:25 16040 c:\program files\Lexmark 3600-4600 Series\lxdxamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdxmon.exe]
--a------ 2008-03-20 07:25 668328 c:\program files\Lexmark 3600-4600 Series\lxdxmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
--------- 2003-09-10 03:24 20480 c:\program files\NetWaiting\netwaiting.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 17:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-09-07 13:44 3100672 c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
--------- 2007-05-02 17:16 184320 c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
--a------ 2008-02-21 17:19 613792 c:\program files\Philips\Intelligent Agent\Philips Intelligent Agent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-07 16:47 155648 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sclauncher]
--a------ 2007-01-30 10:41 94208 c:\program files\SimpleCenter\bin\win\sclauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
--a------ 2007-03-05 20:10 36904 c:\program files\SiteAdvisor\6172\SiteAdv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC230NC_Monitor]
--a------ 2007-12-10 15:55 323584 c:\windows\Philips\SPC230NC\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SPC_Monitor]
--a------ 2007-12-10 15:55 323584 c:\windows\Philips\SPC230NC\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 03:25 144784 c:\program files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-11 11:58 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-03-08 19:48 761947 c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
--a------ 2008-12-16 18:07 3528440 c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VoiceCenter]
--------- 2006-02-16 10:20 1118208 c:\program files\Creative\VoiceCenter\AndreaVC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]
--a------ 2006-06-29 07:12 1355042 c:\windows\system32\CTMBHA.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]
--a------ 2004-12-22 19:40 24576 c:\windows\MIDIDEF.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2006-03-25 00:30 282624 c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"SiteAdvisor Service"=2 (0x2)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"IDriverT"=3 (0x3)
"gusvc"=2 (0x2)
"EvtEng"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"Creative Labs Licensing Service"=2 (0x2)
"Boonty Games"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"StarWindService"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Alcohol Soft\\Alcohol 120\\Alcohol.exe"=
"c:\\Program Files\\eMule\\eMule.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Activision\\Quantum of Solace(TM)\\JB_LiveEngine_s.exe"=
"c:\\Program Files\\Philips\\Intelligent Agent\\Philips Intelligent Agent.exe"=
"c:\\WINDOWS\\system32\\lxdxcoms.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxamon.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxmon.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdxjswx.exe"=
"c:\\Program Files\\Lexmark 3600-4600 Series\\lxdxlscn.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"17314:TCP"= 17314:TCP:u Torrent

R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2008-01-01 11264]
R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [2006-07-14 13824]
R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe -service --> c:\windows\system32\lxdxcoms.exe -service [?]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
R2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [2006-07-14 13696]
R3 PAEAFLT.sys;USB Composite Device;c:\windows\system32\drivers\PAEAFLT.sys [2008-11-10 8576]
R3 SPC230NC;Philips SPC230NC Webcam;c:\windows\system32\drivers\SPC230NC.SYS [2008-11-10 461056]
S2 lxdxCATSCustConnectService;lxdxCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdxserv.exe [2008-11-10 98984]
S3 AVerHybrid;AVerMedia Hybrid Tuner (NTSC/PAL/SECAM/DVB-T/FM);c:\windows\system32\drivers\averhbtv.sys [2008-09-09 283648]
S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [2008-09-08 466048]
S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [2008-09-08 13440]
S3 SNP325;USB PC Camera (SNPSTD325);c:\windows\system32\DRIVERS\snp325.sys --> c:\windows\system32\DRIVERS\snp325.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70687b32-aae1-11dc-91a9-0018dec1e8df}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contenu du dossier 'Tâches planifiées'

2009-02-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-29 13:13]

2009-01-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-02-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]

2009-02-04 c:\windows\Tasks\Norton Security Scan for nicolas.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 04:18]

2009-02-04 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []

2007-10-03 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-ikywoow - c:\documents and settings\nicolas\local settings\application data\ikywoow.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-jhauambmz - c:\windows\system32\jhauambmz.exe
MSConfigStartUp-LDM - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
MSConfigStartUp-LWBKEYBOARD - c:\program files\Belkin\Belkin keypad driver\KbdAp32A.exe
MSConfigStartUp-LWBMOUSE - c:\program files\Belkin\Wireless Mouse Driver\MOUSE32A.EXE
MSConfigStartUp-PMCLoader - c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe
MSConfigStartUp-Veoh - c:\program files\Veoh Networks\Veoh\VeohClient.exe
MSConfigStartUp-Wallpaper - c:\program files\Wallpaper\Wallpaper.exe
MSConfigStartUp-WengoPhoneNG - f:\student key\Apps\PortableWengoPhone\qtwengophone.exe
MSConfigStartUp-Windows Registry Repair Pro - c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe


.
------- Examen supplémentaire -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.fr/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = www-cache.u-picardie.fr:3130
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: Download with Go!Zilla - file://c:\program files\Go!Zilla\download-with-gozilla.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\nicolas\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
TCP: {48D18239-B789-4F6B-AA91-7B75BC4E20BC} = 192.168.1.1
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan8/oscan8.cab
DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - hxxps://www.vm-wl.com/DownloadManager/Release/Prod/DownMan.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game06.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\nicolas\Application Data\Mozilla\Firefox\Profiles\vw4ba3sr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\program files\SiteAdvisor\6172\FF\components\FFHook.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 17:20:14
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2503427321-786648308-3189268515-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D78D6535-632A-A0CB-739B-9DA660EB8453}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abbieoknmfbdgaaekiffgkfdobmaajbigi"=hex:61,61,00,00
"bbbieoknmfbdgaaekigfdkfkeoiplablkgjb"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,0d,6f,03,e6,fc,
e5,cc,71,e2,63,26,f1,3f,c8,ff,68,ac,73,29,78,82,76,6f,ce,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,92,64,db,e7,a7,
e8,78,71,6a,9c,d6,61,af,45,84,18,b5,c3,a5,7d,48,24,a0,9d,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,13,8f,ee,e0,80,
fb,66,37,ff,7c,85,e0,43,d4,0e,fe,f1,c9,b6,a2,17,0d,c2,98,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,59,95,0b,79,34,
74,7e,5b,86,8c,21,01,be,91,eb,e7,cc,dc,e8,9e,8f,e1,76,e4,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,f0,99,a9,6c,c0,
b0,92,9d,f5,1d,4d,73,a8,13,5c,05,88,ea,ab,49,0b,88,29,3d,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e4,7b,e4,17,29,
20,bc,50,df,20,58,62,78,6b,cf,c8,1d,7e,1e,b8,09,77,5a,3f,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,da,a3,35,6f,e8,
77,73,e8,fb,a7,78,e6,12,2f,9a,ea,75,5e,c0,a2,c0,6c,8c,87,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,88,2c,44,6c,b2,
da,3b,94,01,3a,48,fc,e8,04,4a,f1,9d,a8,be,18,b3,9b,74,c9,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,41,ac,ce,e3,44,
07,46,72,f6,0f,4e,58,98,5b,89,c9,c4,dd,36,22,0f,a8,bb,7b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,ab,5d,d4,49,f8,
27,36,6b,3d,ce,ea,26,2d,45,aa,78,5e,0b,d0,e0,7e,af,6b,01,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,3b,9d,7d,e9,e2,
22,d2,6a,2a,b7,cc,b5,b9,7f,41,e7,45,b1,99,17,9a,f9,91,f2,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,5c,a1,f8,2b,64,
f4,82,f4,6c,43,2d,1e,aa,22,2f,9c,c4,1f,46,7b,36,52,df,26,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\windows\system32\lxdxcoms.exe
c:\program files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\program files\Fichiers communs\McAfee\MNA\McNASvc.exe
c:\progra~1\FICHIE~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\program files\McAfee\MSK\msksrver.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Heure de fin: 2009-02-05 17:26:20 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-02-05 16:26:14

Avant-CF: 9 488 482 304 octets libres
Après-CF: 9,401,364,480 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

441 --- E O F --- 2009-02-01 00:07:42

0
Réponse 44 / 45
peter
30 avril 2009 à 13:53
Une solution a tester:
http://hotline.galerie-cesar.com/viewtopic.php?f=31&t=50
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 45
spayks
25 janv. 2010 à 17:46
La solution pour le virus ntdll64.exe :
https://blog.galerie-cesar.com/solution-pour-le-virus-ntdll64exe/
0

Discussions similaires

Musique dans le film Réussir ou Mourrir
Ksharp -
shi ki -

1 réponse
Message " Your chassis has been opened"
tophe70 -
Anonyme -

14 réponses
Cpu fan fail
Mistik -
Bobo -

2 réponses
musique du film reussir ou mourir de 50 cent
dydou.09 -
link -

89 réponses
Warning your dimm1 and dimm2 module organization is not same
soulbledar -
Corentin -

4 réponses