Fichier vérolé

Bidji - Dernière réponse le 26 févr. 2008 à 21:35

Bonjour,
je me suis fait avoir part un fichier vérolé téléchargé sur MSN--->D'habitude je me fait pas avoir par ce genre de conneries mais c'est intervenu en pleine conversation. Le fichier en question s'appelait "Photo39". J'utilise McAfee à jour et au scan il a rien trouvé. J'ai fait le tour des posts d'infection suite à un fichier vérolé mais rien a marché.
Merci d'avance

Plus

Réponse

dorgane 13357Messages postés dimanche 29 octobre 2006Date d'inscription ContributeurStatut 18 juin 2013Dernière intervention 25 févr. 2008 à 10:31

Salut,
tu as l'adresse du fichiers ?

si oui envoie le sur : http://www.virustotal.com voir qui le détecte ;)

Ajouter un commentaire - Site web

Réponse

papyber 6395Messages postés samedi 24 mars 2007Date d'inscription Contributeur sécuritéStatut 7 mars 2010Dernière intervention 25 févr. 2008 à 10:38

1/télécharge et installe le logiciel HijackThis
http://www.pcastuces.com/logitheque/hijackthis.htm
tuto pour l’utiliser
regarde ici c'est parfaitement expliqué en images
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
2/
télécharge AVG Antispyware
http://www.ewido.net/en/download/
mode d'utilisation :
Lance AVG Anti-Spyware, mets le à jour,
Clique sur le bouton « Analyse » onglet « paramètres »
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine
3/
Télécharge : - CCleaner
http://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
Un tuto
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm
4/
Télécharge MSNFix.zip (de !aur3n7 et Regis59) sur le bureau :
http://sosvirus.changelog.fr/MSNFix.zip
Conseil : Toujours télécharger avant utilisation pour profiter des dernières mises à jour.
Remarque: Il est possible que l'antivirus détecte un virus au téléchargement, il s'agit de Process.exe qui est un faux positif.

Décompresse-le (clic droit : Extraire ici).
A la racine du système, déplace le dossier décompressé, comme suit :
C:\MSNFix.
Ouvre-le et double clique sur le fichier MSNFix.bat
Choisis l'option R.
Si l'infection est détectée, il te suffit d'appuyer sur une touche du clavier. Un redémarrage du PC peut être demandé.
Sauvegarde le rapport puis fais un copier/coller de ce rapport sur le forum,
Recommande à tes contacts d'appliquer la même procédure MSNFix, pour freiner la propagation et indique si l'éradication est réussie. S'ils ont le moindre souci, ils viennent sur le forum et postent leur rapport pour lecture et conseils...
5/
Télécharge clean.zip, de Malekal
http://www.malekal.com/download/clean.zip

décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean.
Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laisse la ouverte.
Choisis l'option 1 puis patiente
Poste le rapport obtenu
S’il te demande d’uploader un fichier, tu le fais…

Comment aller en Mode sans échec
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisis la première option : Sans Échec, et valide avec "Entrée"
5) Choisis ton compte habituel, et non Administrateur

Redémarre en mode sans échec, copie ou imprime ce qui suit car tu n'auras pas accès à internet

1*
Lance CCleaner , nettoyeur, et supprime tout ce qu'il trouve
lance CCleaner erreur et répare ce qu'il trouve, accepte les sauvegardes
2*
lance avg antispyware
Retour à l'onglet Analyse.
Clique sur Analyse complète du système.
A la fin du scan, choisis " Appliquer toutes les actions "
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Rapports du dossier d'AVG Anti-Spyware
3*
si quelque chose a été trouvé avec clean.malekal , cela devrait être le cas...
Ouvre le dossier jaune nommé clean sur ton bureau.
Double-clique sur clean.cmd
Choisis l'option 2 et copie sur le bureau le rapport généré.
Si une fenêtre s'ouvre, laisse-la.
Clique sur Q pour quitter le programme.

redémarre normalement et poste moi les rapports obtenus

MSNFix
AVG antispyware
Clean .txt
ainsi qu'un scan HijackThis.

Ajouter un commentaire

Réponse

Bidji 25 févr. 2008 à 10:40

Merci de ta réponse, malheureusement je n'ai plus le fichier mais étant donné que toutes les 30 minutes j'envoi automatiquement le virus à tout mes contacts sa ne doit pas être très difficile de le reprendre !

Ajouter un commentaire

Réponse

Bidji 25 févr. 2008 à 10:42

Merci de ta réponse, je vais essayé tout de suite, je vous tiens au courent

PS : msnfix n'avait rien trouvé

Merci beaucoup

Ajouter un commentaire

Réponse

papyber 6395Messages postés samedi 24 mars 2007Date d'inscription Contributeur sécuritéStatut 7 mars 2010Dernière intervention 25 févr. 2008 à 10:42

je ne conseille pas de le reprendre!!
fais ce que je t'ai conseillé!!

Ajouter un commentaire

Réponse

Bidji 25 févr. 2008 à 11:03

Oui je n'avait pas encore vu ton message. :-)

Ajouter un commentaire

Réponse

Bidji 25 févr. 2008 à 11:21

Pour msnfix y vient de supprimé les fichiers (ma version n'était pas à jour).Je donnerais le rapport avec les autres à la fin.

Encore merci

Ajouter un commentaire

Réponse

Bidji 25 févr. 2008 à 13:14

Alors je vais de donner tout les rapports:

msnfix

MSNFix 1.670-2

C:\MSNFix
Fix exécuté le lun. 25/02/2008 - 11:10:55,06 By Bijan Moutschen
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\poolmc.exe
... C:\DOCUME~1\BIJANM~1\LOCALS~1\Temp\photo*.zip
... C:\DOCUME~1\BIJANM~1\LOCALS~1\Temp\removalfile.bat

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\poolmc.exe
.. OK ... C:\DOCUME~1\BIJANM~1\LOCALS~1\Temp\photo*.zip
.. OK ... C:\DOCUME~1\BIJANM~1\LOCALS~1\Temp\removalfile.bat

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

Aucun Fichier trouvé

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier lun. 25022008_11175920.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

AVG antispyware

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 12:26:13 25/02/2008

+ Résultat de l'analyse:

C:\MSNFix\lun. 25022008_11175920.zip/backup/removalfile.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP94\A0040388.bat -> Not-A-Virus.Adware.Virtumonde : Nettoyé.
:mozilla.11:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.8:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.15:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.6:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.10:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.47:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.48:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.49:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.50:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.51:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.45:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé.
:mozilla.75:C:\Documents and Settings\Famille\Application Data\Mozilla\Firefox\Profiles\zezrysqf.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
:mozilla.12:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.13:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.14:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\y120mfam.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.

Fin du rapport

HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:39, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\livecall.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=5070103
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=fr&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=5070103
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [789fc415] rundll32.exe "C:\WINDOWS\system32\klwyokdl.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Windows Pool Setup] poolmc.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Unknown owner - K:\xampplite\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - K:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampplite\xampplite\service.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.ivao.aero/images/top.gif
O24 - Desktop Component 1: (no name) - http://upload.wikimedia.org/...

Ajouter un commentaire

Réponse

papyber 6395Messages postés samedi 24 mars 2007Date d'inscription Contributeur sécuritéStatut 7 mars 2010Dernière intervention 25 févr. 2008 à 15:55

oui mais il en reste encore pas mal!
Télécharge VundoFix.exe (par Atribune) sur ton Bureau
http://www.atribune.org/ccount/click.php?id=4
clic double sur VundoFix.exe afin de le lancer
clic sur le bouton Scan for Vundo
Lorsque le scan est complété, clic sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clic YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer;
clic OK
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci haut, à partir de "clic sur le bouton Scan for Vundo".
Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse

Télécharge SDFix d’ Andy Manchesta sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

clic double sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Comment aller en Mode sans échec lettre C
Comment faire pour....tutos C4teur
1) Redémarre ton ordi
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip"
3) Tu verras un écran avec options de démarrage apparaître
4) Choisi la première option : Sans Échec, et valide avec "Entrée"
5) Choisi ton compte régulier, et non Administrateur

Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et clic double sur RunThis.bat
Appuie sur Y pour commencer le nettoyage.
Il va supprimer les services et les entrées du Registre infectés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, poste le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,

Télécharge combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
désactive ton antivirus, antispyware, et Spybot (résident) durant l'utilisation de ComboFix . Merci. Tu réactives ensuite.
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse
NOTE : Le rapport se trouve également ici : C:\Combofix.txt

poste les rapports obtenus
VundoFix
SDFix
Combofix et un nouveau hijack this

Ajouter un commentaire

Réponse

Bidji 25 févr. 2008 à 20:05

Vundofix

VundoFix V6.7.9

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 17:16:58 25/02/2008

Listing files found while scanning....

C:\windows\system32\ddaby.dll
C:\WINDOWS\system32\klwyokdl.dll
C:\WINDOWS\system32\ldkoywlk.ini
C:\WINDOWS\system32\opnollj.dll
C:\WINDOWS\system32\pmnnnll.dll
C:\WINDOWS\system32\rpyacpql.dll
C:\WINDOWS\system32\ssqnnkh.dll
C:\windows\system32\ybadd.ini
C:\windows\system32\ybadd.ini2

Beginning removal...

Attempting to delete C:\windows\system32\ddaby.dll
C:\windows\system32\ddaby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\klwyokdl.dll
C:\WINDOWS\system32\klwyokdl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ldkoywlk.ini
C:\WINDOWS\system32\ldkoywlk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnollj.dll
C:\WINDOWS\system32\opnollj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnnll.dll
C:\WINDOWS\system32\pmnnnll.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\rpyacpql.dll
C:\WINDOWS\system32\rpyacpql.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnnkh.dll
C:\WINDOWS\system32\ssqnnkh.dll Has been deleted!

Attempting to delete C:\windows\system32\ybadd.ini
C:\windows\system32\ybadd.ini Has been deleted!

Attempting to delete C:\windows\system32\ybadd.ini2
C:\windows\system32\ybadd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\klwyokdl.dll
C:\WINDOWS\system32\klwyokdl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnnll.dll
C:\WINDOWS\system32\pmnnnll.dll Could not be deleted.

Performing Repairs to the registry.
Done!

SDfix

SDFix: Version 1.147

Run by Bijan Moutschen on lun. 25/02/2008 at 18:14

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\BIJANM~1\Bureau\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Combofix

ComboFix 08-02-25.3 - Bijan Moutschen 2008-02-25 18:37:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1130 [GMT 1:00]
Endroit: C:\Documents and Settings\Bijan Moutschen\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b /color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\ovaiagkw.dll
C:\WINDOWS\system32\pkeqedhh.dll
C:\WINDOWS\system32\pmnnnll.dll
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\wkgaiavo.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))))))))
.

2008-02-25 18:09 . 2008-02-25 18:09 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-25 18:01 . 2008-02-25 15:14 <REP> d-------- C:\SDFix
2008-02-25 17:16 . 2008-02-25 17:49 <REP> d-------- C:\VundoFix Backups
2008-02-25 11:27 . 2008-02-25 11:27 514,806 --a------ C:\upload_moi_BIJAN.tar.gz
2008-02-25 11:08 . 2008-02-25 12:25 <REP> d-------- C:\MSNFix
2008-02-25 10:53 . 2008-02-25 10:53 <REP> d-------- C:\Program Files\CCleaner
2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Grisoft
2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-25 10:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-25 10:46 . 2008-02-25 10:46 <REP> d-------- C:\Program Files\Trend Micro
2008-02-24 21:45 . 2008-02-24 21:45 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\McAfee
2008-02-24 20:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-02-24 19:01 . 2008-02-24 19:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-02-24 19:01 . 2008-02-24 19:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor
2008-02-24 18:28 . 2008-02-24 18:28 90 --a------ C:\WINDOWS\wininit.ini
2008-02-24 17:16 . 2008-02-24 17:16 <REP> d-------- C:\kav
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Program Files\Lavasoft
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 16:54 . 2008-02-24 16:54 <REP> d-------- C:\Program Files\CleanUp!
2008-02-24 16:20 . 2008-02-24 14:15 78,848 --a------ C:\WINDOWS\system32\poolmc.MSNFix
2008-02-24 10:28 . 2008-02-24 10:28 <REP> d-------- C:\Program Files\iPod
2008-02-21 16:43 . 2008-02-21 16:43 71 --a------ C:\WINDOWS\fs_earth_link_9.ini
2008-02-16 18:52 . 2008-02-16 18:52 268 --ah----- C:\sqmdata03.sqm
2008-02-16 18:52 . 2008-02-16 18:52 244 --ah----- C:\sqmnoopt03.sqm
2008-02-12 17:37 . 2008-02-12 17:37 <REP> d-------- C:\Program Files\JoyToKey
2008-02-11 21:03 . 2008-02-11 21:03 57,623 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-11 21:02 . 2008-02-11 21:02 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-11 21:01 . 2008-02-11 21:03 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-11 21:00 . 2008-02-11 21:00 <REP> d-------- C:\WINDOWS\BricoPacks
2008-02-11 20:39 . 2008-02-11 20:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-02-10 20:22 . 2008-02-24 18:14 <REP> d-------- C:\Program Files\LiveKillCleanMessenger
2008-02-10 20:22 . 2008-02-10 20:22 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Live-Prod
2008-02-10 16:31 . 2008-02-10 16:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-10 16:29 . 2008-02-25 18:43 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-02-10 16:29 . 2008-02-25 18:43 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-02-10 16:24 . 2008-02-11 20:49 <REP> d-------- C:\WINDOWS\nview
2008-02-10 16:24 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-02-10 16:23 . 2008-02-10 16:23 <REP> d-------- C:\NVIDIA
2008-02-06 20:32 . 2008-02-06 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-02-05 17:38 . 2008-02-05 17:38 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 20:20 . 2008-02-03 20:20 62 --a------ C:\WINDOWS\my.ini
2008-02-02 19:18 . 2008-02-02 19:18 32 --a------ C:\WINDOWS\tdlp32.ini
2008-02-02 19:17 . 2008-02-02 19:17 <REP> d-------- C:\Program Files\Xara
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 17:34 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Skype
2008-02-25 17:32 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\OpenOffice.org2
2008-02-25 16:54 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\skypePM
2008-02-25 11:47 --------- d-----w C:\Program Files\McAfee
2008-02-24 20:48 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-24 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-24 19:27 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-02-24 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-24 16:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-24 16:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-24 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 15:57 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Download Manager
2008-02-24 09:28 --------- d-----w C:\Program Files\iTunes
2008-02-19 17:21 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Apple Computer
2008-02-17 08:58 --------- d-----w C:\Program Files\QuickTime
2008-02-16 17:39 --------- d-----w C:\Program Files\DivX
2008-02-16 10:38 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\dvdcss
2008-02-12 16:36 --------- d-----w C:\Program Files\Fraps
2008-02-11 20:14 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\gtk-2.0
2008-02-11 19:36 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\SystemRequirementsLab
2008-02-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-10 17:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-02-10 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 15:22 --------- d-----w C:\Program Files\Broadcom
2008-02-10 15:00 --------- d-----w C:\Program Files\Google
2008-02-10 13:03 --------- d-----w C:\Program Files\Microsoft Works
2008-02-10 12:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 12:01 --------- d-----w C:\Program Files\Free Easy Burner
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Famille\Application Data\Gtek
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Bijan Moutschen\Application Data\Gtek
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek
2008-02-10 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-05 21:20 --------- d-----w C:\Program Files\YAFSScreen
2008-02-03 19:24 --------- d-----w C:\Program Files\Common Files
2008-01-22 15:58 --------- d-----w C:\Program Files\DIFX
2008-01-22 14:55 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\DivX
2008-01-21 19:26 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Smart Recorder
2008-01-21 15:50 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\teamspeak2
2008-01-09 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-06 20:27 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-06 20:27 --------- d-----w C:\Program Files\Java
2008-01-04 14:03 --------- d-----w C:\Program Files\Saitek
2008-01-04 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek
2008-01-02 21:53 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-26 15:31 --------- d-----w C:\Program Files\DVD Decrypter
2007-11-21 19:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-16 08:29 166 -c--a-w C:\Documents and Settings\Bijan Moutschen\Application Data\wklnhst.dat
2007-01-30 16:43 61 --sh--w C:\WINDOWS\cnerolf.bin
2007-02-18 10:04 61 --sh--w C:\WINDOWS\cnerolf.dat
2007-10-21 16:14 248 --sh--r C:\WINDOWS\system32\84BDB62C2A.sys
.
[code]<pre>
----a-w 29,193,625 2004-02-28 17:01:22 C:\Documents and Settings\Bijan Moutschen\Mes documents\FS Folder\fs2004\Aircraft\FS2004 - Aircraft - Eaglesoft - Cessna Citation X + SR1\Eaglesoft Cessna Citation X .exe
</pre>/code

------- Sigcheck -------

456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
-c----w 669,696 2007-06-26 14:36:02 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
-c----w 669,696 2007-08-22 12:57:30 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
-c----w 704,512 2007-10-11 05:59:29 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\wininet.dll
----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\dllcache\wininet.dll

80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A27274FA-811F-4EFC-841F-2DFB333E93EB}]
C:\WINDOWS\system32\ddaby.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WindowsLivePhone"="C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" [2007-03-29 11:21 722320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"CTHelper"="CTHELPER.EXE" [2005-11-08 20:30 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 12:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2007-05-15 16:25 137216]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 11:16 1836544]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 20:10 36904]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 13:31 259440]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-19 20:35 185896]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 10:10 233472]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 10:10 131072]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"789fc415"="C:\WINDOWS\system32\klwyokdl.dll" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\MADDOG2006\\MDCP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\IVAO\\IvAp\\ivapconfig.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\kav\\kis7.0\\french\\setup.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-04-24 13:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 Apache2.2;Apache2.2;"K:\xampplite\apache\bin\apache.exe" []
S2 XAMPP;XAMPP Service;C:\Program Files\xampplite\xampplite\service.exe []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-07-29 17:32]
S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57]
S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59]
S3 SaiH075C;SaiH075C;C:\WINDOWS\system32\DRIVERS\SaiH075C.sys [2007-05-01 16:11]
S3 SaiH0763;SaiH0763;C:\WINDOWS\system32\DRIVERS\SaiH0763.sys [2006-06-08 10:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1dfc68-741d-11dc-a552-000d0bffc227}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-06 21:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-07-09 13:39:25 C:\WINDOWS\Tasks\LifeChatTask.job"
- C:\Program Files\Microsoft LifeChat\LifeChat.exe
"2008-02-25 08:00:01 C:\WINDOWS\Tasks\Rappel.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 18:44:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-25 18:50:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-25 17:49:59
.
2008-02-13 20:36:18 --- E O F ---

Hisjack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:20, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\livecall.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=fr&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=5070103
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {2FA11ADF-3EF4-4B24-8558-02793F4A8E1E} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89B9C4A6-7F4C-424A-931D-9DB76AD5C6B1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {A27274FA-811F-4EFC-841F-2DFB333E93EB} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: (no name) - {E256E6E5-CFBF-41CC-8281-D885A853CD93} - (no file)
O2 - BHO: (no name) - {f4686172-f5bb-4388-951c-80f52534566f} - (no file)
O2 - BHO: (no name) - {F512616D-2DD7-4A91-93E2-ADDEA26C1912} - (no file)
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [789fc415] rundll32.exe "C:\WINDOWS\system32\klwyokdl.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Unknown owner - K:\xampplite\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - K:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampplite\xampplite\service.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.ivao.aero/images/top.gif
O24 - Desktop Component 1: (no name) - http://upload.wikimedia.org/...

Ajouter un commentaire

Réponse

+0

Signaler
Bidji 25 févr. 2008 à 20:05

Vundofix

VundoFix V6.7.9

Checking Java version...

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Java version is 1.5.0.11

Scan started at 17:16:58 25/02/2008

Listing files found while scanning....

C:\windows\system32\ddaby.dll
C:\WINDOWS\system32\klwyokdl.dll
C:\WINDOWS\system32\ldkoywlk.ini
C:\WINDOWS\system32\opnollj.dll
C:\WINDOWS\system32\pmnnnll.dll
C:\WINDOWS\system32\rpyacpql.dll
C:\WINDOWS\system32\ssqnnkh.dll
C:\windows\system32\ybadd.ini
C:\windows\system32\ybadd.ini2

Beginning removal...

Attempting to delete C:\windows\system32\ddaby.dll
C:\windows\system32\ddaby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\klwyokdl.dll
C:\WINDOWS\system32\klwyokdl.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\ldkoywlk.ini
C:\WINDOWS\system32\ldkoywlk.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnollj.dll
C:\WINDOWS\system32\opnollj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnnll.dll
C:\WINDOWS\system32\pmnnnll.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\rpyacpql.dll
C:\WINDOWS\system32\rpyacpql.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnnkh.dll
C:\WINDOWS\system32\ssqnnkh.dll Has been deleted!

Attempting to delete C:\windows\system32\ybadd.ini
C:\windows\system32\ybadd.ini Has been deleted!

Attempting to delete C:\windows\system32\ybadd.ini2
C:\windows\system32\ybadd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\klwyokdl.dll
C:\WINDOWS\system32\klwyokdl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnnnll.dll
C:\WINDOWS\system32\pmnnnll.dll Could not be deleted.

Performing Repairs to the registry.
Done!

SDfix

SDFix: Version 1.147

Run by Bijan Moutschen on lun. 25/02/2008 at 18:14

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\BIJANM~1\Bureau\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Combofix

ComboFix 08-02-25.3 - Bijan Moutschen 2008-02-25 18:37:57.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1130 [GMT 1:00]
Endroit: C:\Documents and Settings\Bijan Moutschen\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b /color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\nqstv.ini
C:\WINDOWS\system32\nqstv.ini2
C:\WINDOWS\system32\ovaiagkw.dll
C:\WINDOWS\system32\pkeqedhh.dll
C:\WINDOWS\system32\pmnnnll.dll
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\wkgaiavo.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-25 to 2008-02-25 ))))))))))))))))))))))))))))))))))))
.

2008-02-25 18:09 . 2008-02-25 18:09 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-25 18:01 . 2008-02-25 15:14 <REP> d-------- C:\SDFix
2008-02-25 17:16 . 2008-02-25 17:49 <REP> d-------- C:\VundoFix Backups
2008-02-25 11:27 . 2008-02-25 11:27 514,806 --a------ C:\upload_moi_BIJAN.tar.gz
2008-02-25 11:08 . 2008-02-25 12:25 <REP> d-------- C:\MSNFix
2008-02-25 10:53 . 2008-02-25 10:53 <REP> d-------- C:\Program Files\CCleaner
2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Grisoft
2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-25 10:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-25 10:46 . 2008-02-25 10:46 <REP> d-------- C:\Program Files\Trend Micro
2008-02-24 21:45 . 2008-02-24 21:45 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\McAfee
2008-02-24 20:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-02-24 19:01 . 2008-02-24 19:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-02-24 19:01 . 2008-02-24 19:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor
2008-02-24 18:28 . 2008-02-24 18:28 90 --a------ C:\WINDOWS\wininit.ini
2008-02-24 17:16 . 2008-02-24 17:16 <REP> d-------- C:\kav
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Program Files\Lavasoft
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 16:54 . 2008-02-24 16:54 <REP> d-------- C:\Program Files\CleanUp!
2008-02-24 16:20 . 2008-02-24 14:15 78,848 --a------ C:\WINDOWS\system32\poolmc.MSNFix
2008-02-24 10:28 . 2008-02-24 10:28 <REP> d-------- C:\Program Files\iPod
2008-02-21 16:43 . 2008-02-21 16:43 71 --a------ C:\WINDOWS\fs_earth_link_9.ini
2008-02-16 18:52 . 2008-02-16 18:52 268 --ah----- C:\sqmdata03.sqm
2008-02-16 18:52 . 2008-02-16 18:52 244 --ah----- C:\sqmnoopt03.sqm
2008-02-12 17:37 . 2008-02-12 17:37 <REP> d-------- C:\Program Files\JoyToKey
2008-02-11 21:03 . 2008-02-11 21:03 57,623 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-11 21:02 . 2008-02-11 21:02 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-11 21:01 . 2008-02-11 21:03 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-11 21:00 . 2008-02-11 21:00 <REP> d-------- C:\WINDOWS\BricoPacks
2008-02-11 20:39 . 2008-02-11 20:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-02-10 20:22 . 2008-02-24 18:14 <REP> d-------- C:\Program Files\LiveKillCleanMessenger
2008-02-10 20:22 . 2008-02-10 20:22 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Live-Prod
2008-02-10 16:31 . 2008-02-10 16:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-10 16:29 . 2008-02-25 18:43 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-02-10 16:29 . 2008-02-25 18:43 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-02-10 16:24 . 2008-02-11 20:49 <REP> d-------- C:\WINDOWS\nview
2008-02-10 16:24 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-02-10 16:23 . 2008-02-10 16:23 <REP> d-------- C:\NVIDIA
2008-02-06 20:32 . 2008-02-06 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-02-05 17:38 . 2008-02-05 17:38 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 20:20 . 2008-02-03 20:20 62 --a------ C:\WINDOWS\my.ini
2008-02-02 19:18 . 2008-02-02 19:18 32 --a------ C:\WINDOWS\tdlp32.ini
2008-02-02 19:17 . 2008-02-02 19:17 <REP> d-------- C:\Program Files\Xara
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-25 17:34 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Skype
2008-02-25 17:32 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\OpenOffice.org2
2008-02-25 16:54 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\skypePM
2008-02-25 11:47 --------- d-----w C:\Program Files\McAfee
2008-02-24 20:48 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-24 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-24 19:27 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-02-24 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-24 16:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-24 16:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-24 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 15:57 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Download Manager
2008-02-24 09:28 --------- d-----w C:\Program Files\iTunes
2008-02-19 17:21 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Apple Computer
2008-02-17 08:58 --------- d-----w C:\Program Files\QuickTime
2008-02-16 17:39 --------- d-----w C:\Program Files\DivX
2008-02-16 10:38 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\dvdcss
2008-02-12 16:36 --------- d-----w C:\Program Files\Fraps
2008-02-11 20:14 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\gtk-2.0
2008-02-11 19:36 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\SystemRequirementsLab
2008-02-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-10 17:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-02-10 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 15:22 --------- d-----w C:\Program Files\Broadcom
2008-02-10 15:00 --------- d-----w C:\Program Files\Google
2008-02-10 13:03 --------- d-----w C:\Program Files\Microsoft Works
2008-02-10 12:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 12:01 --------- d-----w C:\Program Files\Free Easy Burner
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Famille\Application Data\Gtek
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Bijan Moutschen\Application Data\Gtek
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek
2008-02-10 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-05 21:20 --------- d-----w C:\Program Files\YAFSScreen
2008-02-03 19:24 --------- d-----w C:\Program Files\Common Files
2008-01-22 15:58 --------- d-----w C:\Program Files\DIFX
2008-01-22 14:55 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\DivX
2008-01-21 19:26 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Smart Recorder
2008-01-21 15:50 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\teamspeak2
2008-01-09 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-06 20:27 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-06 20:27 --------- d-----w C:\Program Files\Java
2008-01-04 14:03 --------- d-----w C:\Program Files\Saitek
2008-01-04 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek
2008-01-02 21:53 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-26 15:31 --------- d-----w C:\Program Files\DVD Decrypter
2007-11-21 19:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-16 08:29 166 -c--a-w C:\Documents and Settings\Bijan Moutschen\Application Data\wklnhst.dat
2007-01-30 16:43 61 --sh--w C:\WINDOWS\cnerolf.bin
2007-02-18 10:04 61 --sh--w C:\WINDOWS\cnerolf.dat
2007-10-21 16:14 248 --sh--r C:\WINDOWS\system32\84BDB62C2A.sys
.
[code]<pre>
----a-w 29,193,625 2004-02-28 17:01:22 C:\Documents and Settings\Bijan Moutschen\Mes documents\FS Folder\fs2004\Aircraft\FS2004 - Aircraft - Eaglesoft - Cessna Citation X + SR1\Eaglesoft Cessna Citation X .exe
</pre>/code

------- Sigcheck -------

456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
-c----w 669,696 2007-06-26 14:36:02 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
-c----w 669,696 2007-08-22 12:57:30 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
-c----w 704,512 2007-10-11 05:59:29 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\wininet.dll
----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\dllcache\wininet.dll

80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A27274FA-811F-4EFC-841F-2DFB333E93EB}]
C:\WINDOWS\system32\ddaby.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WindowsLivePhone"="C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" [2007-03-29 11:21 722320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"CTHelper"="CTHELPER.EXE" [2005-11-08 20:30 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 12:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2007-05-15 16:25 137216]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 11:16 1836544]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 20:10 36904]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 13:31 259440]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-19 20:35 185896]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 10:10 233472]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 10:10 131072]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"789fc415"="C:\WINDOWS\system32\klwyokdl.dll" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\MADDOG2006\\MDCP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\IVAO\\IvAp\\ivapconfig.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\kav\\kis7.0\\french\\setup.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-04-24 13:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 Apache2.2;Apache2.2;"K:\xampplite\apache\bin\apache.exe" []
S2 XAMPP;XAMPP Service;C:\Program Files\xampplite\xampplite\service.exe []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-07-29 17:32]
S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57]
S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59]
S3 SaiH075C;SaiH075C;C:\WINDOWS\system32\DRIVERS\SaiH075C.sys [2007-05-01 16:11]
S3 SaiH0763;SaiH0763;C:\WINDOWS\system32\DRIVERS\SaiH0763.sys [2006-06-08 10:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1dfc68-741d-11dc-a552-000d0bffc227}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-06 21:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-07-09 13:39:25 C:\WINDOWS\Tasks\LifeChatTask.job"
- C:\Program Files\Microsoft LifeChat\LifeChat.exe
"2008-02-25 08:00:01 C:\WINDOWS\Tasks\Rappel.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 18:44:15
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-25 18:50:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-25 17:49:59
.
2008-02-13 20:36:18 --- E O F ---

Hisjack this

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:20, on 25/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\livecall.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.live.com/?mkt=en-us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.euro.dell.com/content/default.aspx?c=be&l=fr&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.be/ig/dell?hl=fr&client=dell-row&channel=be&ibd=5070103
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O2 - BHO: (no name) - {2FA11ADF-3EF4-4B24-8558-02793F4A8E1E} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - C:\Program Files\McAfee\MSK\mcapbho.dll
O2 - BHO: (no name) - {3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89B9C4A6-7F4C-424A-931D-9DB76AD5C6B1} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
O2 - BHO: (no name) - {A27274FA-811F-4EFC-841F-2DFB333E93EB} - C:\WINDOWS\system32\ddaby.dll (file missing)
O2 - BHO: (no name) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - (no file)
O2 - BHO: (no name) - {E256E6E5-CFBF-41CC-8281-D885A853CD93} - (no file)
O2 - BHO: (no name) - {f4686172-f5bb-4388-951c-80f52534566f} - (no file)
O2 - BHO: (no name) - {F512616D-2DD7-4A91-93E2-ADDEA26C1912} - (no file)
O2 - BHO: (no name) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [PMX Daemon] ICO.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6253\SiteAdv.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [789fc415] rundll32.exe "C:\WINDOWS\system32\klwyokdl.dll",b
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WindowsLivePhone] "C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" /AutoRun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Lancer l'utilitaire d'enregistrement.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apache2.2 - Unknown owner - K:\xampplite\apache\bin\apache.exe (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: mysql - Unknown owner - K:\xampplite\mysql\bin\mysqld-nt.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - C:\Program Files\xampplite\xampplite\service.exe (file missing)
O24 - Desktop Component 0: (no name) - http://www.ivao.aero/images/top.gif
O24 - Desktop Component 1: (no name) - http://upload.wikimedia.org/...

Ajouter un commentaire

Ajouter un commentaire

Réponse

+0

Signaler
papyber 6395Messages postés samedi 24 mars 2007Date d'inscription Contributeur sécuritéStatut 7 mars 2010Dernière intervention 25 févr. 2008 à 22:52

Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-note) et copie-colle le texte entre tirets :
---------------------------------------------------------------------------------------------------------------------------------------------------
RENV::
C:\Documents and Settings\Bijan Moutschen\Mes documents\FS Folder\fs2004\Aircraft\FS2004 - Aircraft - Eaglesoft - Cessna Citation X + SR1\Eaglesoft Cessna Citation X .exe
---------------------------------------------------------------------------------------------------------------------------------------------------
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

http://img115.imageshack.us/img115/6742/cfscriptws3.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Ajouter un commentaire

Ajouter un commentaire

Réponse

+0

Signaler
Bidji 26 févr. 2008 à 17:28

ComboFix 08-02-25.3 - Bijan Moutschen 2008-02-26 17:13:16.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1015 [GMT 1:00]
Endroit: C:\Documents and Settings\Bijan Moutschen\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bijan Moutschen\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b /color
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.

2008-02-25 18:09 . 2008-02-25 18:09 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-25 18:01 . 2008-02-25 15:14 <REP> d-------- C:\SDFix
2008-02-25 17:16 . 2008-02-25 17:49 <REP> d-------- C:\VundoFix Backups
2008-02-25 11:27 . 2008-02-25 11:27 514,806 --a------ C:\upload_moi_BIJAN.tar.gz
2008-02-25 11:08 . 2008-02-25 12:25 <REP> d-------- C:\MSNFix
2008-02-25 10:53 . 2008-02-25 10:53 <REP> d-------- C:\Program Files\CCleaner
2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Grisoft
2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-25 10:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-25 10:46 . 2008-02-25 10:46 <REP> d-------- C:\Program Files\Trend Micro
2008-02-24 21:45 . 2008-02-24 21:45 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\McAfee
2008-02-24 20:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-02-24 19:01 . 2008-02-24 19:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-02-24 19:01 . 2008-02-24 19:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor
2008-02-24 18:28 . 2008-02-24 18:28 90 --a------ C:\WINDOWS\wininit.ini
2008-02-24 17:16 . 2008-02-24 17:16 <REP> d-------- C:\kav
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Program Files\Lavasoft
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 16:54 . 2008-02-24 16:54 <REP> d-------- C:\Program Files\CleanUp!
2008-02-24 16:20 . 2008-02-24 14:15 78,848 --a------ C:\WINDOWS\system32\poolmc.MSNFix
2008-02-24 10:28 . 2008-02-24 10:28 <REP> d-------- C:\Program Files\iPod
2008-02-21 16:43 . 2008-02-21 16:43 71 --a------ C:\WINDOWS\fs_earth_link_9.ini
2008-02-16 18:52 . 2008-02-16 18:52 268 --ah----- C:\sqmdata03.sqm
2008-02-16 18:52 . 2008-02-16 18:52 244 --ah----- C:\sqmnoopt03.sqm
2008-02-12 17:37 . 2008-02-12 17:37 <REP> d-------- C:\Program Files\JoyToKey
2008-02-11 21:03 . 2008-02-11 21:03 57,623 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-11 21:02 . 2008-02-11 21:02 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-11 21:01 . 2008-02-11 21:03 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-11 21:00 . 2008-02-11 21:00 <REP> d-------- C:\WINDOWS\BricoPacks
2008-02-11 20:39 . 2008-02-11 20:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-02-10 20:22 . 2008-02-24 18:14 <REP> d-------- C:\Program Files\LiveKillCleanMessenger
2008-02-10 20:22 . 2008-02-10 20:22 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Live-Prod
2008-02-10 16:31 . 2008-02-10 16:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-10 16:29 . 2008-02-25 21:49 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-02-10 16:29 . 2008-02-25 21:49 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-02-10 16:24 . 2008-02-11 20:49 <REP> d-------- C:\WINDOWS\nview
2008-02-10 16:24 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-02-10 16:23 . 2008-02-10 16:23 <REP> d-------- C:\NVIDIA
2008-02-06 20:32 . 2008-02-06 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-02-05 17:38 . 2008-02-05 17:38 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 20:20 . 2008-02-03 20:20 62 --a------ C:\WINDOWS\my.ini
2008-02-02 19:18 . 2008-02-02 19:18 32 --a------ C:\WINDOWS\tdlp32.ini
2008-02-02 19:17 . 2008-02-02 19:17 <REP> d-------- C:\Program Files\Xara
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 16:08 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Skype
2008-02-26 16:07 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\skypePM
2008-02-26 16:07 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\OpenOffice.org2
2008-02-25 11:47 --------- d-----w C:\Program Files\McAfee
2008-02-24 20:48 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-24 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-24 19:27 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-02-24 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-24 16:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-24 16:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-24 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 15:57 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Download Manager
2008-02-24 09:28 --------- d-----w C:\Program Files\iTunes
2008-02-19 17:21 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Apple Computer
2008-02-17 08:58 --------- d-----w C:\Program Files\QuickTime
2008-02-16 17:39 --------- d-----w C:\Program Files\DivX
2008-02-16 10:38 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\dvdcss
2008-02-12 16:36 --------- d-----w C:\Program Files\Fraps
2008-02-11 20:14 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\gtk-2.0
2008-02-11 20:03 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-02-11 19:36 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\SystemRequirementsLab
2008-02-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-10 17:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-02-10 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 15:22 --------- d-----w C:\Program Files\Broadcom
2008-02-10 15:00 --------- d-----w C:\Program Files\Google
2008-02-10 13:03 --------- d-----w C:\Program Files\Microsoft Works
2008-02-10 12:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 12:01 --------- d-----w C:\Program Files\Free Easy Burner
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Famille\Application Data\Gtek
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Bijan Moutschen\Application Data\Gtek
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek
2008-02-10 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-05 21:20 --------- d-----w C:\Program Files\YAFSScreen
2008-02-03 19:24 --------- d-----w C:\Program Files\Common Files
2008-01-22 15:58 --------- d-----w C:\Program Files\DIFX
2008-01-22 14:55 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\DivX
2008-01-21 19:26 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Smart Recorder
2008-01-21 15:50 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\teamspeak2
2008-01-12 17:11 10,796 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-09 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-09 11:18 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18 129,784 -c----w C:\WINDOWS\system32\pxafs.dll
2008-01-09 11:18 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-09 11:18 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2008-01-09 11:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-01-06 20:27 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-06 20:27 --------- d-----w C:\Program Files\Java
2008-01-04 14:03 --------- d-----w C:\Program Files\Saitek
2008-01-04 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek
2008-01-02 21:53 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-26 15:31 --------- d-----w C:\Program Files\DVD Decrypter
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 19:44 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 19:43 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-21 19:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-16 08:29 166 -c--a-w C:\Documents and Settings\Bijan Moutschen\Application Data\wklnhst.dat
2007-01-30 16:43 61 --sh--w C:\WINDOWS\cnerolf.bin
2007-02-18 10:04 61 --sh--w C:\WINDOWS\cnerolf.dat
2007-10-21 16:14 248 --sh--r C:\WINDOWS\system32\84BDB62C2A.sys

Ajouter un commentaire

Ajouter un commentaire

Réponse

+0

Signaler
papyber 6395Messages postés samedi 24 mars 2007Date d'inscription Contributeur sécuritéStatut 7 mars 2010Dernière intervention 26 févr. 2008 à 17:56

le rapport est incomplet, il me le faut entier, même en plusieurs morceaux...

Ajouter un commentaire

Ajouter un commentaire

Réponse

+0

Signaler
Bidji 26 févr. 2008 à 19:34

Voila

ComboFix 08-02-25.3 - Bijan Moutschen 2008-02-26 19:07:54.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1213 [GMT 1:00]
Endroit: C:\Documents and Settings\Bijan Moutschen\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bijan Moutschen\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b /color
.

((((((((((((((((((((((((((((( Fichiers créés 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))))))
.

2008-02-25 18:09 . 2008-02-25 18:09 <REP> d-------- C:\WINDOWS\ERUNT
2008-02-25 18:01 . 2008-02-25 15:14 <REP> d-------- C:\SDFix
2008-02-25 17:16 . 2008-02-25 17:49 <REP> d-------- C:\VundoFix Backups
2008-02-25 11:27 . 2008-02-25 11:27 514,806 --a------ C:\upload_moi_BIJAN.tar.gz
2008-02-25 11:08 . 2008-02-25 12:25 <REP> d-------- C:\MSNFix
2008-02-25 10:53 . 2008-02-25 10:53 <REP> d-------- C:\Program Files\CCleaner
2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Grisoft
2008-02-25 10:51 . 2008-02-25 10:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-25 10:51 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-25 10:46 . 2008-02-25 10:46 <REP> d-------- C:\Program Files\Trend Micro
2008-02-24 21:45 . 2008-02-24 21:45 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\McAfee
2008-02-24 20:17 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-02-24 19:01 . 2008-02-24 19:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-02-24 19:01 . 2008-02-24 19:01 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SiteAdvisor
2008-02-24 18:28 . 2008-02-24 18:28 90 --a------ C:\WINDOWS\wininit.ini
2008-02-24 17:16 . 2008-02-24 17:16 <REP> d-------- C:\kav
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Program Files\Lavasoft
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-24 17:10 . 2008-02-24 17:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-24 16:54 . 2008-02-24 16:54 <REP> d-------- C:\Program Files\CleanUp!
2008-02-24 16:20 . 2008-02-24 14:15 78,848 --a------ C:\WINDOWS\system32\poolmc.MSNFix
2008-02-24 10:28 . 2008-02-24 10:28 <REP> d-------- C:\Program Files\iPod
2008-02-21 16:43 . 2008-02-21 16:43 71 --a------ C:\WINDOWS\fs_earth_link_9.ini
2008-02-16 18:52 . 2008-02-16 18:52 268 --ah----- C:\sqmdata03.sqm
2008-02-16 18:52 . 2008-02-16 18:52 244 --ah----- C:\sqmnoopt03.sqm
2008-02-12 17:37 . 2008-02-12 17:37 <REP> d-------- C:\Program Files\JoyToKey
2008-02-11 21:03 . 2008-02-11 21:03 57,623 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-02-11 21:02 . 2008-02-11 21:02 5,760,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-02-11 21:01 . 2008-02-11 21:03 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-02-11 21:00 . 2008-02-11 21:00 <REP> d-------- C:\WINDOWS\BricoPacks
2008-02-11 20:39 . 2008-02-11 20:39 <REP> d-------- C:\Program Files\SystemRequirementsLab
2008-02-10 20:22 . 2008-02-24 18:14 <REP> d-------- C:\Program Files\LiveKillCleanMessenger
2008-02-10 20:22 . 2008-02-10 20:22 <REP> d-------- C:\Documents and Settings\Bijan Moutschen\Application Data\Live-Prod
2008-02-10 16:31 . 2008-02-10 16:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-10 16:29 . 2008-02-26 17:23 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-02-10 16:29 . 2008-02-26 17:23 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-02-10 16:24 . 2008-02-11 20:49 <REP> d-------- C:\WINDOWS\nview
2008-02-10 16:24 . 2007-12-17 13:53 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-02-10 16:23 . 2008-02-10 16:23 <REP> d-------- C:\NVIDIA
2008-02-06 20:32 . 2008-02-06 20:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Dell
2008-02-05 17:38 . 2008-02-05 17:38 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-02-03 20:20 . 2008-02-03 20:20 62 --a------ C:\WINDOWS\my.ini
2008-02-02 19:18 . 2008-02-02 19:18 32 --a------ C:\WINDOWS\tdlp32.ini
2008-02-02 19:17 . 2008-02-02 19:17 <REP> d-------- C:\Program Files\Xara
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 18:12 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Skype
2008-02-26 17:39 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\gtk-2.0
2008-02-26 16:25 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\skypePM
2008-02-26 16:24 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\OpenOffice.org2
2008-02-25 11:47 --------- d-----w C:\Program Files\McAfee
2008-02-24 20:48 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-02-24 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-24 19:27 --------- d-----w C:\Program Files\Fichiers communs\McAfee
2008-02-24 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-24 16:57 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-24 16:01 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-24 16:01 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 2
2008-02-24 15:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-24 15:57 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Download Manager
2008-02-24 09:28 --------- d-----w C:\Program Files\iTunes
2008-02-19 17:21 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Apple Computer
2008-02-17 08:58 --------- d-----w C:\Program Files\QuickTime
2008-02-16 17:39 --------- d-----w C:\Program Files\DivX
2008-02-16 10:38 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\dvdcss
2008-02-12 16:36 --------- d-----w C:\Program Files\Fraps
2008-02-11 20:03 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-02-11 19:36 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\SystemRequirementsLab
2008-02-10 17:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-10 17:29 --------- d-----w C:\Program Files\Fichiers communs\Corel
2008-02-10 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-10 15:22 --------- d-----w C:\Program Files\Broadcom
2008-02-10 15:00 --------- d-----w C:\Program Files\Google
2008-02-10 13:03 --------- d-----w C:\Program Files\Microsoft Works
2008-02-10 12:21 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-10 12:01 --------- d-----w C:\Program Files\Free Easy Burner
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Famille\Application Data\Gtek
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Bijan Moutschen\Application Data\Gtek
2008-02-10 11:57 --------- d--h--w C:\Documents and Settings\Administrateur\Application Data\GTek
2008-02-10 11:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-05 21:20 --------- d-----w C:\Program Files\YAFSScreen
2008-02-03 19:24 --------- d-----w C:\Program Files\Common Files
2008-01-22 15:58 --------- d-----w C:\Program Files\DIFX
2008-01-22 14:55 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\DivX
2008-01-21 19:26 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\Smart Recorder
2008-01-21 15:50 --------- d-----w C:\Documents and Settings\Bijan Moutschen\Application Data\teamspeak2
2008-01-12 17:11 10,796 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-01-09 18:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-09 11:18 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-09 11:18 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-01-09 11:18 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-09 11:18 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-09 11:18 129,784 -c----w C:\WINDOWS\system32\pxafs.dll
2008-01-09 11:18 120,056 -c----w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-09 11:18 118,520 -c----w C:\WINDOWS\system32\pxinsi64.exe
2008-01-09 11:18 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-09 11:16 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-09 11:16 81,920 -c--a-w C:\WINDOWS\system32\dpl100.dll
2008-01-09 11:16 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-09 11:16 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-09 11:16 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-01-06 20:27 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-01-06 20:27 --------- d-----w C:\Program Files\Java
2008-01-04 14:03 --------- d-----w C:\Program Files\Saitek
2008-01-04 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Saitek
2008-01-02 21:53 --------- d-----w C:\Program Files\Fichiers communs\Apple
2007-12-26 15:31 --------- d-----w C:\Program Files\DVD Decrypter
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 10:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-11 19:44 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-12-11 19:44 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2007-12-11 19:44 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-12-11 19:44 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2007-12-11 19:44 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2007-12-11 19:44 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-12-11 19:43 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-12-06 10:05 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2007-12-05 01:53 356,352 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-21 19:06 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-09-16 08:29 166 -c--a-w C:\Documents and Settings\Bijan Moutschen\Application Data\wklnhst.dat
2007-01-30 16:43 61 --sh--w C:\WINDOWS\cnerolf.bin
2007-02-18 10:04 61 --sh--w C:\WINDOWS\cnerolf.dat
2007-10-21 16:14 248 --sh--r C:\WINDOWS\system32\84BDB62C2A.sys
.

------- Sigcheck -------

456f6f2eeaa0d975581e745c6ecfd140 C:\WINDOWS\system32\wininet.dll
-c----w 669,696 2007-06-26 14:36:02 C:\WINDOWS\$NtUninstallKB939653$\wininet.dll
-c----w 669,696 2007-08-22 12:57:30 C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
-c----w 704,512 2007-10-11 05:59:29 C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\wininet.dll
----a-w 704,512 2007-12-07 00:47:21 C:\WINDOWS\system32\dllcache\wininet.dll

80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\explorer.exe
----a-w 979,456 2007-06-13 13:22:28 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FA11ADF-3EF4-4B24-8558-02793F4A8E1E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89B9C4A6-7F4C-424A-931D-9DB76AD5C6B1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A27274FA-811F-4EFC-841F-2DFB333E93EB}]
C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E256E6E5-CFBF-41CC-8281-D885A853CD93}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4686172-f5bb-4388-951c-80f52534566f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F512616D-2DD7-4A91-93E2-ADDEA26C1912}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-11-12 15:48 21760296]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"RocketDock"="C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 23:05 630784]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"WindowsLivePhone"="C:\PROGRA~1\WI1F86~1\MESSEN~1\DEVICE~1\msgrdvmn.exe" [2007-03-29 11:21 722320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"CTHelper"="CTHELPER.EXE" [2005-11-08 20:30 16384 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 12:00 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2007-05-15 16:25 137216]
"PMX Daemon"="ICO.EXE" [2006-11-08 16:01 49152 C:\WINDOWS\system32\ico.exe]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 02:00 45056]
"VolPanel"="C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 12:01 122880]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 19:07 49152]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 17:50 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2004-07-27 17:50 81920]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-29 11:16 1836544]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2007-03-05 20:10 36904]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 13:31 259440]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-11-19 20:35 185896]
"ProfilerU"="C:\Program Files\Saitek\SD6\Software\ProfilerU.exe" [2007-10-02 10:10 233472]
"SaiMfd"="C:\Program Files\Saitek\SD6\Software\SaiMfd.exe" [2007-10-02 10:10 131072]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"789fc415"="C:\WINDOWS\system32\klwyokdl.dll" [ ]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\Bijan Moutschen\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 23:05:02 630784]
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 20:41:18 65536]
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Lancer l'utilitaire d'enregistrement.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2007-09-17 18:31:29 1175552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Microsoft Games\\Microsoft Flight Simulator X\\fsx.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\IVAO\\IvAp\\ivapnetint.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\Program Files\\adslTV\\adsltv.exe"=
"C:\\Program Files\\Microsoft Games\\Flight Simulator 9\\MADDOG2006\\MDCP.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=
"C:\\Program Files\\IVAO\\IvAp\\ivapconfig.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\kav\\kis7.0\\french\\setup.exe"=
"C:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 SBKUPNT;SBKUPNT;C:\WINDOWS\system32\Drivers\SBKUPNT.SYS [2001-07-13 12:56]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-04-24 13:12]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 Apache2.2;Apache2.2;"K:\xampplite\apache\bin\apache.exe" []
S2 XAMPP;XAMPP Service;C:\Program Files\xampplite\xampplite\service.exe []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2007-07-29 17:32]
S3 pmxmouse;PMXMOUSE;C:\WINDOWS\system32\DRIVERS\pmxmouse.sys [2006-04-24 11:57]
S3 pmxusblf;PMXUSBLF;C:\WINDOWS\system32\DRIVERS\pmxusblf.sys [2006-04-24 11:59]
S3 SaiH075C;SaiH075C;C:\WINDOWS\system32\DRIVERS\SaiH075C.sys [2007-05-01 16:11]
S3 SaiH0763;SaiH0763;C:\WINDOWS\system32\DRIVERS\SaiH0763.sys [2006-06-08 10:37]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a1dfc68-741d-11dc-a552-000d0bffc227}]
\Shell\AutoRun\command - wd_windows_tools\setup.exe

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-06 21:08:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-07-09 13:39:25 C:\WINDOWS\Tasks\LifeChatTask.job"
- C:\Program Files\Microsoft LifeChat\LifeChat.exe
"2008-02-25 08:00:01 C:\WINDOWS\Tasks\Rappel.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 19:12:26
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
.
Temps d'accomplissement: 2008-02-26 19:15:01
ComboFix-quarantined-files.txt 2008-02-26 18:14:58
ComboFix2.txt 2008-02-25 17:50:02
.
2008-02-13 20:36:18 --- E O F ---

Ajouter un commentaire

Ajouter un commentaire

Réponse

+0

Signaler
papyber 6395Messages postés samedi 24 mars 2007Date d'inscription Contributeur sécuritéStatut 7 mars 2010Dernière intervention 26 févr. 2008 à 21:35

Ouvre le bloc-note (Démarrer>programmes>Accessoires>Bloc-note) et copie-colle le texte en citation :
File:: C:\WINDOWS\system32\poolmc.MSNFix C:\WINDOWS\fs_earth_link_9.ini C:\WINDOWS\system32\ddaby.dll C:\WINDOWS\system32\klwyokdl.dll Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2FA11ADF-3EF4-4B24-8558-02793F4A8E1E}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3A2FF3C5-EDFF-46CE-BBA0-7A68B2499DBA}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89B9C4A6-7F4C-424A-931D-9DB76AD5C6B1}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A27274FA-811F-4EFC-841F-2DFB333E93EB}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E256E6E5-CFBF-41CC-8281-D885A853CD93}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f4686172-f5bb-4388-951c-80f52534566f}] [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F512616D-2DD7-4A91-93E2-ADDEA26C1912}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "789fc415"=-

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.

Sauvegarde ce fichier sous le nom de CFScript.txt

http://img115.imageshack.us/img115/6742/cfscriptws3.gif

Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Rends toi sur ESET Online Scanner Link
http://www.eset.com/onlinescan/
Coche la case YES, I accept the Terms Of Use
Clique sur le bouton Start
Clique maintenant sur Install button
Clique a nouveau sur Start

Les mises à jours du scan en ligne vont se faire.
Ne coche pas Remove found threats
Clique sur Scan button

Le scan va démarrer, sois patient.

Quand le scan sera terminé, clique sur Details tab

Copie colle en réponse le contenu de C:\Program Files\EsetOnlineScanner\log.txt back

Ajouter un commentaire

Ajouter un commentaire

Répondre au sujet
Posez votre question

Ce document intitulé « Fichier vérolé » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.

S'inscrire maintenant

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Les membres obtiennent plus de réponses que les utilisateurs anonymes.

Le fait d'être membre vous permet d'avoir un suivi détaillé de vos demandes.

Le fait d'être membre vous permet d'avoir des options supplémentaires.

Dossier à la une

Passage au tout numérique : quel coût pour les particuliers ?

Combien cela coûte-t-il au total ? Quelles aides apportent l'état et les acteurs du marché pour alléger cette charge non choisie ? Tous les détails sur Commentçamarche.net.

Fichier vérolé

Vous n'êtes pas encore membre ? inscrivez-vous, c'est gratuit et ça prend moins d'une minute !

Passage au tout numérique : quel coût pour les particuliers ?

Vous n'êtes pas encore membre ?

inscrivez-vous, c'est gratuit et ça prend moins d'une minute !