Aller au contenu

scrogne

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    12

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par scrogne

  1. scrogne
    Ok Merci Bonne journée. A plouche
  2. scrogne
    Salut, j'ai tout désinstallé. [ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ] --> Recherche: C:\Combofix.txt: trouvé ! C:\_OTM: trouvé ! C:\Documents and Settings\guillaume.caulet\Bureau\HijackThis.exe: trouvé ! C:\Documents and Settings\guillaume.caulet\Bureau\OTM.exe: trouvé ! C:\Documents and Settings\guillaume.caulet\Recent\HijackThis.lnk: trouvé ! --------------------------------- --> Suppression: C:\Documents and Settings\guillaume.caulet\Bureau\HijackThis.exe: supprimé ! C:\Documents and Settings\guillaume.caulet\Bureau\OTM.exe: supprimé ! C:\Documents and Settings\guillaume.caulet\Recent\HijackThis.lnk: supprimé ! C:\Combofix.txt: supprimé ! C:\_OTM: supprimé ! Il reste sur le bureau un dossier "backup" avec un fichier : backup-20100526-183014-936 Je ne sais pas de quel programme il émane ni si je peux le supprimer ?
  3. scrogne
    Bonjour Apollo, Tout fonctionne normalement Je relancerai un scan complet ce soir. Encore une fois, je me répète mais vraiment MERCI Beaucoup ! @+
  4. scrogne
    Bonjour le scan a pris du temps. Voici le rapport : ndis.sys;C:\WINDOWS\system32\dllcache;BackDoor.Bulknet.417;Désinfecté.; 01F00000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Win32.HLLW.Cent;Supprimé.; 06F80000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.PWS.Wow.706;Supprimé.; 07740001.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.PWS.Wow.782;Supprimé.; 07B80000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.8412;Supprimé.; 07B80001.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.8412;Supprimé.; 07B80002.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80003.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Click.25308;Supprimé.; 07B80004.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.MulDrop1.15398;Supprimé.; 07B80005.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.8412;Supprimé.; 07B80006.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.DownLoader1.8412;Supprimé.; 07B80007.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80008.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.MulDrop1.15398;Supprimé.; 07B80009.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8000A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8000B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8000C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8000D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8000E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8000F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80010.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80011.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80012.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80013.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80014.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Siggen1.1385;Irréparable.Quarantaine.; 07B80015.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80016.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80017.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80018.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80019.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8001A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8001B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8001C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8001D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8001E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8001F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80020.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80021.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80022.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80023.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80024.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80025.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80026.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80027.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80028.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80029.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8002A.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8002B.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8002C.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8002D.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8002E.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B8002F.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80030.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80031.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80032.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80033.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 07B80034.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.NtRootKit.6929;Supprimé.; 08EC0000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;BackDoor.Gootkit.15;Supprimé.; 153C0000.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine;Trojan.Siggen1.1385;Irréparable.Quarantaine.; 4C7B76E1.VBN;C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08780000;Trojan.Siggen1.1385;Irréparable.Quarantaine.; pack.epk.vir/data001\___\NSUtils.dll;C:\Qoobox\Quarantine\C\WINDOWS\pack.epk.vir/data001;Dialer.Egroup.1148;; data001;C:\Qoobox\Quarantine\C\WINDOWS;Conteneur comporte des objets infectés;; pack.epk.vir;C:\Qoobox\Quarantine\C\WINDOWS;Conteneur comporte des objets infectés;Quarantaine.; msxsltsso.dll.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;BackDoor.Gootkit.15;Supprimé.; ndis.sys.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers;BackDoor.Bulknet.417;Désinfecté.; msxsltsso.dll;C:\_OTM\MovedFiles\05312010_144114\c_windows\system32;BackDoor.Gootkit.15;Supprimé.;
  5. scrogne
    M'sieur Apollo C'est Symantec pro. et je ne peux pas m'en défaire, je n'ai pas le droit ! Une version d'éval kaspersky entrerait en concurrence ? Y-a t'il un autre moyen de supprimer les saletés qui restent ? S'il en reste, Mbam n'a rien trouvé... je n'ai pas vidé la quarantaine, est-ce necessaire ? je vais redémarré en mode normal et voir si tout va bien. j'attends votre retour sur une possible suite des évènements. En tout cas, Merci beaucoup pour vos indications claires rapides et précises. Et merci pour votre patiente et votre disponibilité.
  6. scrogne
    je ne sais pas si il y a un accès normal... Je n'ai pas bougé du mode sans échec !! Si je redémarre sans forcer le mode sans échec je vais avoir le choix entre 2 possibles c'est bien ça ? 1 - windows normal 2 - console de récup et là je fais quoi en fait ???? je dois dire que je suis un peu perdu !!! le rapport de HijackThis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:49:18, on 31/05/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\guillaume.caulet\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://123web/default.aspx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O17 - HKLM\Software\..\Telephony: DomainName = tls.123multimedia.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wonderphone.local O17 - HKLM\System\CS1\Services\Tcpip\..\{228EFAA2-BC31-40E7-B521-33001DB0A377}: NameServer = 192.168.0.7 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe -- End of file - 5257 bytes
  7. scrogne
    Je ne sais pas si Teatimer tournait ou non. je ne crois pas... J'ai désactivé (via Starter) différent bouzins de Symantec genre : Defwatch et evtmgr. ComboFix est arrivé au bout de son process. le rapport de ComboFix : ComboFix 10-05-30.08 - guillaume.caulet 31/05/2010 16:10:13.1.1 - x86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.1536.1288 [GMT 2:00] Lancé depuis: c:\documents and settings\guillaume.caulet\Bureau\panpan.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C} . ADS - svchost.exe: deleted 228 bytes in 1 streams. ADS - netcfgx.dll: deleted 196 bytes in 1 streams. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\guillaume.caulet\Application Data\inst.exe c:\documents and settings\guillaume.caulet\burutter.dll c:\windows\pack.epk c:\windows\system32\disk.dll c:\windows\system32\fjhdyfhsn.bat c:\windows\system32\msxsltsso.dll ----- BITS: Il y a peut-être des sites infectés ----- hxxp://SMSSERVER.TLS.123MULTIMEDIA.COM:80 c:\windows\system32\grpconv.exe était absent Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\grpconv.exe Une copie infectée de c:\windows\system32\drivers\ndis.sys a été trouvée et désinfectée Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\ndis.sys . ((((((((((((((((((((((((((((( Fichiers créés du 2010-04-28 au 2010-05-31 )))))))))))))))))))))))))))))))))))) . 2010-05-31 14:16 . 2004-08-19 23:09 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-05-31 12:41 . 2010-05-31 12:41 -------- d-----w- C:\_OTM 2010-05-31 11:35 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-31 11:35 . 2010-05-31 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-31 11:35 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-31 11:25 . 2010-05-31 11:25 -------- d--h--w- c:\windows\PIF 2010-05-31 08:52 . 2010-05-31 08:52 -------- d-----w- c:\program files\Sophos 2010-05-26 16:05 . 2010-05-26 16:05 -------- d-----w- c:\program files\CodeStuff 2010-05-26 14:16 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys 2010-05-26 13:19 . 2010-05-26 13:53 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2010-05-26 08:56 . 2004-08-04 04:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys 2010-05-26 08:56 . 2004-08-04 04:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys 2010-05-26 08:56 . 2004-08-04 05:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys 2010-05-26 08:56 . 2004-08-04 05:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys 2010-05-26 08:56 . 2004-08-04 05:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys 2010-05-26 08:56 . 2004-08-04 05:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys 2010-05-26 08:55 . 2010-05-26 08:55 211072 -c--a-w- c:\windows\system32\dllcache\ndis.sys 2010-05-24 09:32 . 2010-05-24 09:35 -------- d-----w- c:\documents and settings\guillaume.caulet\Application Data\FreeCDRipper . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-31 10:36 . 2007-07-06 11:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-31 08:48 . 2006-05-23 10:27 -------- d-----w- c:\program files\Symantec AntiVirus 2010-05-31 08:23 . 2001-08-28 12:00 81112 ----a-w- c:\windows\system32\perfc00C.dat 2010-05-31 08:23 . 2001-08-28 12:00 487690 ----a-w- c:\windows\system32\perfh00C.dat 2010-05-31 08:22 . 2007-02-15 10:03 -------- d-----w- c:\program files\Opera 2010-05-31 08:21 . 2007-02-15 10:04 -------- d-----w- c:\program files\Proxomitron Naoko-4 2010-05-26 08:55 . 2010-05-26 08:55 8 ----a-w- c:\windows\system32\config\systemprofile\Application Data\vlsfdq.dat 2010-05-26 07:09 . 2009-01-30 14:01 -------- d-----w- c:\program files\MediaCoder 2010-05-24 09:31 . 2010-05-24 09:31 -------- d-----w- c:\documents and settings\guillaume.caulet\Application Data\FreeAudioPack 2010-03-30 15:26 . 2009-11-30 08:49 79488 ----a-w- c:\documents and settings\guillaume.caulet\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll 2010-03-22 14:14 . 2009-03-17 13:15 47360 ----a-w- c:\documents and settings\guillaume.caulet\Application Data\pcouffin.sys 2010-03-22 14:14 . 2009-03-17 13:15 47360 ----a-w- c:\documents and settings\guillaume.caulet\Application Data\pcouffin.sys 2008-12-19 14:11 . 2008-09-16 10:02 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-12-19 14:11 . 2008-09-16 10:02 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-12-19 14:11 . 2008-09-16 10:02 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-12-19 14:11 . 2008-09-16 10:02 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-12-19 14:11 . 2008-09-16 10:02 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2005-05-13 16:12 . 2005-05-13 16:12 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 10:13 . 2005-10-24 10:13 66560 --sha-r- c:\windows\MOTA113.exe 2005-07-14 11:31 . 2005-07-14 11:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll 2005-06-26 14:32 . 2005-06-26 14:32 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-21 21:37 . 2005-06-21 21:37 45568 --sha-r- c:\windows\system32\cygz.dll 2006-05-03 09:06 . 2007-06-21 14:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2007-02-21 10:47 . 2007-06-21 14:06 31232 --sh--r- c:\windows\system32\msfDX.dll 2005-02-28 12:16 . 2005-02-28 12:16 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-24 23:00 . 2004-01-24 23:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . ------- Sigcheck ------- [7] 2004-08-19 23:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll [7] 2004-08-19 23:09 . 535D54D2AF721A3497F058CAA2C63447 . 52736 . . [9.0.1.56] . . c:\windows\ServicePackFiles\i386\mspmsnsv.dll [-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll [-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\mspmsnsv.dll [-] 2004-08-10 22:45 . A477391B7A8B0A0DAABADB17CF533A4B . 25088 . . [10.0.3790.3646] . . c:\windows\system32\dllcache\mspmsnsv.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-15 81920] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-19 144384] "ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-11-16 48800] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-12-27 85648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-13 136600] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-15 4112384] "nwiz"="nwiz.exe" [2004-07-15 843776] "C-Media Mixer"="Mixer.exe" [2002-10-15 1818624] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisablePersonalDirChange"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-1133\Scripts\Logon\0\0] "Script"=winlogon.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-5893\Scripts\Logon\0\0] "Script"=winlogon.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-5896\Scripts\Logon\0\0] "Script"=winlogon.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-5899\Scripts\Logon\0\0] "Script"=winlogon.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2585863069-191951369-856499580-5917\Scripts\Logon\0\0] "Script"=winlogon.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3815223129-3390028392-2588692307-1164\Scripts\Logon\0\0] "Script"=netshare.bat [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"= "c:\\Program Files\\Windows Media Player\\wmplayer.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\FileZilla\\FileZilla.exe"= "c:\\Program Files\\Psi\\psi.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 S2 HealthService;OpsMgr Health Service;c:\program files\System Center Operations Manager 2007\HealthService.exe [16/02/2008 10:15 27696] S3 d2dc45c7-7c12-4545-bebb-3bb476714c54;d2dc45c7-7c12-4545-bebb-3bb476714c54;\??\d:\player\cds300.dll --> d:\player\cds300.dll [?] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Fichiers communs\Symantec Shared\eengine\EraserUtilRebootDrv.sys [24/05/2010 09:21 102448] S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\67.tmp [31/05/2010 13:00 6144] S3 pan_emmi;PANTECH GSM Handset EMMI Drivers (WDM);c:\windows\system32\drivers\pan_emmi.sys [06/12/2006 17:26 82112] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [27/12/2005 09:19 172176] S4 AdtAgent;Operations Manager Audit Forwarding Service;c:\windows\system32\AdtAgent.exe [16/02/2008 08:34 264192] . . ------- Examen supplémentaire ------- . uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\guillaume.caulet\Application Data\Mozilla\Firefox\Profiles\s30msyt6.default\ FF - prefs.js: browser.startup.homepage - FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . - - - - ORPHELINS SUPPRIMES - - - - SSODL-GootkitSSO-{72D46582-F875-47A5-BF54-10EA9F17915F} - c:\windows\System32\msxsltsso.dll ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-31 16:18 Windows 5.1.2600 Service Pack 2 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2] "ImagePath"="\??\c:\windows\system32\67.tmp" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_LOCAL_MACHINE\software\Adobe\CommonFiles\{AC76BA86-1033-0000-7760-000000000001}\ColorProfiles] @DACL=(02 0000) "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\AdobeRGB1998.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\AppleRGB.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Color Management Off.csf"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\ColorMatchRGB.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Emulate Acrobat 4.csf"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Emulate Photoshop 4.csf"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Europe Prepress Defaults.csf"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\EuroscaleCoated.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\EuroscaleUncoated.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Japan Color Prepress.csf"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\JapanColor2001Coated.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\JapanColor2001Uncoated.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\JapanWebCoated.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\BlackWhite.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\CIERGB.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\JapanStandard.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\NTSC1953.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\PAL_SECAM.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Photoshop4DefaultCMYK.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Photoshop5DefaultCMYK.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\SMPTE-C.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\WideGamutRGB.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Photoshop 5 Default Spaces.csf"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\sRGB Color Space Profile.icm"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\US Prepress Defaults.csf"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\USSheetfedCoated.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\USSheetfedUncoated.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\USWebCoatedSWOP.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Profiles\\Recommended\\USWebUncoated.icc"=dword:00000001 "c:\\Program Files\\Fichiers communs\\Adobe\\Color\\Settings\\Web Graphics Defaults.csf"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\LocalServer32] @DACL=(02 0000) @="c:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat\\plug_ins\\Accessibility.api" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\ProgID] @DACL=(02 0000) @="AcroAccess.AcroAccess.1" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\Programmable] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\TypeLib] @DACL=(02 0000) @="{C523F390-9C83-11D3-9094-00104BD0D535}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{C523F39F-9C83-11D3-9094-00104BD0D535}\VersionIndependentProgID] @DACL=(02 0000) @="AcroAccess.AcroAccess" [HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\AURestartRecover] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\DisplayName] @DACL=(02 0000) @="RealPlayer" [HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\MainApp] @DACL=(02 0000) @="c:\\Program Files\\Real\\RealPlayer\\realjbox.exe" [HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\Free:6.0\File38\ACCESSPOINT] @DACL=(02 0000) @="DESKTOP" [HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.2\File0\OCX] @DACL=(02 0000) @="" [HKEY_LOCAL_MACHINE\software\Classes\Software\RealNetworks\Update\6.0\Preferences\Components\gtoolbar:6.2\File0\Version] @DACL=(02 0000) @="2.0.0.8" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{120737E0-FA99-4334-8D19-38B124EDCB1D}\2.0] @DACL=(02 0000) @="Microsoft Forms 2.0 Object Library" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{156BDF10-C6E0-4C24-B817-E57DB1A46240}\1.0] @DACL=(02 0000) @="Ref Edit Control" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{590FDA32-42DB-4E76-9899-FB92CF400DBE}\2.0] @DACL=(02 0000) @="Microsoft Forms 2.0 Object Library" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{6DB9FA9D-1275-47E9-9676-D2F9EE458A02}\2.0] @DACL=(02 0000) @="Microsoft Forms 2.0 Object Library" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{81431F4E-AD97-4594-955B-4150247478E6}\1.0] @DACL=(02 0000) @="Ref Edit Control" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{A56D934B-5E56-4B24-8A25-DF0FAD3FEA96}\1.0] @DACL=(02 0000) @="Ref Edit Control" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E11FAE5B-376E-447E-9513-716BB70FCB28}\1.0] @DACL=(02 0000) @="Ref Edit Control" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E12DBC38-A68E-47C0-B4AB-41D0A4CD58F3}\2.0] @DACL=(02 0000) @="Microsoft Forms 2.0 Object Library" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{E6D7C9AC-B08F-4BB3-B8EA-29DAF18AB2CE}\1.0] @DACL=(02 0000) @="Ref Edit Control" [HKEY_LOCAL_MACHINE\software\Classes\TypeLib\{EFA0568B-7769-4C75-A97A-9659D82E2510}\2.0] @DACL=(02 0000) @="Microsoft Forms 2.0 Object Library" [HKEY_LOCAL_MACHINE\software\Clients\Media\Winamp\DefaultIcon] @DACL=(02 0000) @="c:\\Program Files\\Winamp\\Winamp.exe,1" [HKEY_LOCAL_MACHINE\software\Clients\Media\Winamp\InstallInfo] @DACL=(02 0000) "IconsVisible"=dword:00000000 "ReinstallCommand"="\"c:\\Program Files\\Winamp\\Winamp.exe\" /REG=AVCDL" "ShowIconsCommand"="\"c:\\Program Files\\Winamp\\Winamp.exe\" /REG=AVCDL" "HideIconsCommand"="\"c:\\Program Files\\Winamp\\Winamp.exe\" /UNREG" [HKEY_LOCAL_MACHINE\software\Clients\Media\Winamp\shell] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Java VM\Security] @DACL=(02 0000) "EditCustomPermissions"=hex:00,00,00,00 [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\10.0\Registration] @DACL=(02 0000) "UDBVersion"="11.0.5721.5145" "UDBRev"="0" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\9.0\Registration] @DACL=(02 0000) "UDBVersion"="9.0.0.3126" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Monitors\//./DISPLAY1] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\ButtonElement] @DACL=(02 0000) "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2114" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\FFWDElement] @DACL=(02 0000) "enabled"="wmpenabled:player.controls.FastForward" "upToolTip"="res://wmploc.dll/RT_STRING/#1804" "onclick"="player.controls.FastForward()" "accName"="res://wmploc.dll/RT_STRING/#2120" "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2121" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\ImageElement] @DACL=(02 0000) "cursor"="hand" "accName"="res://wmploc.dll/RT_STRING/#2140" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\NextElement] @DACL=(02 0000) "enabled"="wmpenabled:player.controls.Next" "upToolTip"="res://wmploc.dll/RT_STRING/#1806" "onclick"="player.controls.Next()" "accName"="res://wmploc.dll/RT_STRING/#2124" "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2125" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\PauseElement] @DACL=(02 0000) "enabled"="wmpenabled:player.controls.Pause" "upToolTip"="res://wmploc.dll/RT_STRING/#1801" "onclick"="player.controls.Pause()" "accName"="res://wmploc.dll/RT_STRING/#2116" "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\PlayElement] @DACL=(02 0000) "enabled"="wmpenabled:player.controls.Play" "upToolTip"="res://wmploc.dll/RT_STRING/#1800" "onclick"="player.controls.Play()" "accName"="res://wmploc.dll/RT_STRING/#2115" "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2117" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\PrevElement] @DACL=(02 0000) "enabled"="wmpenabled:player.controls.Previous" "upToolTip"="res://wmploc.dll/RT_STRING/#1805" "onclick"="player.controls.Previous()" "accName"="res://wmploc.dll/RT_STRING/#2126" "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2127" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\REWElement] @DACL=(02 0000) "enabled"="wmpenabled:player.controls.FastReverse" "upToolTip"="res://wmploc.dll/RT_STRING/#1803" "onclick"="player.controls.FastReverse()" "accName"="res://wmploc.dll/RT_STRING/#2122" "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2123" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ButtonGroup\StopElement] @DACL=(02 0000) "enabled"="wmpenabled:player.controls.Stop" "upToolTip"="res://wmploc.dll/RT_STRING/#1802" "onclick"="player.controls.Stop()" "accName"="res://wmploc.dll/RT_STRING/#2118" "accKeyboardShortcut"="res://wmploc.dll/RT_STRING/#2119" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\DropDownPlaylist\Column] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Alchemy\Properties] @DACL=(02 0000) "classid"="{0AA02E8D-F851-4CB0-9F64-BBA9BE7A983D}" "name"="res://mpvis.dll/RT_STRING/#100" "description"="res://mpvis.dll/RT_STRING/#100" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Ambience\Properties] @DACL=(02 0000) "classid"="{9CA6AD35-A548-4c7b-8E0A-EF29748FAA16}" "name"="res://wmploc.dll/RT_STRING/#5528" "description"="res://wmploc.dll/RT_STRING/#5529" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Bars\Properties] @DACL=(02 0000) "classid"="{48501FF0-F6A9-11D2-9435-00A0C92A2F2D}" "name"="res://wmploc.dll/RT_STRING/#5500" "description"="res://wmploc.dll/RT_STRING/#5512" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Dotplane\Properties] @DACL=(02 0000) "classid"="{61180810-EF20-11D2-9431-00A0C92A2F2D}" "name"="res://wmploc.dll/RT_STRING/#5508" "description"="res://wmploc.dll/RT_STRING/#5514" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Plenoptic\Properties] @DACL=(02 0000) "classid"="{607C27E9-AB27-11d3-A116-A0EA50C10801}" "name"="res://wmploc.dll/RT_STRING/#5530" "description"="res://wmploc.dll/RT_STRING/#5531" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Effects\Spikes\Properties] @DACL=(02 0000) "classid"="{4B657E70-08EF-11D3-9447-00A0C92A2F2D}" "name"="res://wmploc.dll/RT_STRING/#5505" "description"="res://wmploc.dll/RT_STRING/#5513" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ItemsPlaylist\Column] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\ListBox\Item] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\Playlist\Column] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Objects\PopUp\Item] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\services\VirginMega.Fr] @DACL=(02 0000) "ColorPlayer"="#af0a0a" "ColorPlayerText"="#FFFFFF" "FriendlyName"="VirginMega.Fr\00dband\00tation" "ImageLargeURL"="http://infocenter.virginmega.fr/Premium/Images/ServiceLargeURL.png" "ImageMenuURL"="http://infocenter.virginmega.fr/Premium/Images/MenuURL.png\00all_globe02.png" "Task1ButtonText"="Virg\0aMega\\nMusic" "Task2ButtonText"="Virg\0aMega\\nRadio" "Task1ButtonTip"="VirginMega 1er Self Service Music" "Task2ButtonTip"="VirginMega 1er Self Service Music" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\Settings\MP3Encoding] @DACL=(02 0000) "LowRate"=dword:0001f400 "MediumRate"=dword:0002ee00 "MediumHighRate"=dword:0003e800 "HighRate"=dword:0004e200 "PreferredCodecName"="mp3" "PreferredCodecPath"="c:\\WINDOWS\\system32\\l3codecp.acm" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList\FMPLAYER.DLL] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList\HWAUDIO.DLL] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimDllExclusionList\XACTMP.DLL] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\ENC2002.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\EXCEL.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\MPLAYER2.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\NHL2003.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\NHL2003DEMO.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\POWERPNT.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimExclusionList\WINWORD.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\AOLTRAY.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\firefox.exe] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\MSN6.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\NETSCAPE.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\NETSCP.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\NETSCP6.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\ShimInclusionList\WAOL.EXE] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist\NonSourceFilters] @DACL=(02 0000) "{BC5E21B0-504C-46F6-82BF-FB975C911AD6}"="" [HKEY_LOCAL_MACHINE\software\Microsoft\MediaPlayer\SmartPlaylist\SourceFilters] @DACL=(02 0000) "{4202947A-A563-4B05-A754-A1B4B5989849}"="" "{B2D9BDDC-8E49-444B-9BA4-193ABF9C7870}"="" "{CC823400-A8E4-4081-B073-D3B6D952FE69}"="" "{E5415A66-7763-4BDE-B97F-5557CA73C303}"="" [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Internet Explorer 6\SP1\KB889293-IE6SP1-20041111.235619\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB834707\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB867282\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB873333\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB873339\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB885250\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB885835\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB885836\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB886185\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB887472\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB887742\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB888113\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB888302\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB890047\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB890175\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Updates\Windows XP\SP3\KB891781\Filelist] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{077ACEC7-979C-40AB-9835-435BA1511E0D}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{077ACEC7-979C-40AB-9835-435BA1511E0D}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\MPPRE10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{077ACEC7-979C-40AB-9835-435BA1511E0D}\\mppre10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{30C7234B-6482-4A55-A11D-ECD9030313F2}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{30C7234B-6482-4A55-A11D-ECD9030313F2}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\WMDM10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{30C7234B-6482-4A55-A11D-ECD9030313F2}\\wmdm10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{3FDF25EE-E592-4495-8391-6E9C504DAC2B}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\\WMSET10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\\wmset10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{60204BB3-7078-4F70-8F69-68297621941C}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{60204BB3-7078-4F70-8F69-68297621941C}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60204BB3-7078-4F70-8F69-68297621941C}\\MPSTUB10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{60204BB3-7078-4F70-8F69-68297621941C}\\mpstub10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{981FB688-E76B-4246-987B-92083185B90A}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{981FB688-E76B-4246-987B-92083185B90A}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\WPD10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{981FB688-E76B-4246-987B-92083185B90A}\\wpd10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{A47B3654-48EE-48A5-B629-97D70175E58F}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{A47B3654-48EE-48A5-B629-97D70175E58F}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{A47B3654-48EE-48A5-B629-97D70175E58F}\\codecs10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\WMFSDK10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\\wmfsdk10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\DRM10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\\drm10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\\MPCD10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\\mpcd10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\ExceptionComponents\{DD90D410-1823-43EB-9A16-A2331BF08799}] @DACL=(02 0000) "FriendlyName"="Windows Media Files" "ComponentGUID"="{DD90D410-1823-43EB-9A16-A2331BF08799}" "Version"=dword:000a0000 "Sub-Version"=dword:00000e3e "ExceptionInfName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{DD90D410-1823-43EB-9A16-A2331BF08799}\\WMP10.inf" "ExceptionCatalogName"=expand:"c:\\WINDOWS\\RegisteredPackages\\{DD90D410-1823-43EB-9A16-A2331BF08799}\\wmp10.cat" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Setup\OptionalComponents\SwFlash] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDeviceClasses] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\KnownDevices] @DACL=(02 0000) [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SCP\SCPTRANS] @DACL=(02 0000) "ProgID"="MsScp.SCPTRANS.1" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\MSPMSP\KBDeviceList] @DACL=(02 0000) "SanDiskIM"="SanDisk ;ImageMate III ;2.3" "SanDiskIMb"="E-USB Fl;ash ; " "Lexmark"="Parallel; Flash Unit;" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WMDMCESP] @DACL=(02 0000) "ProgID"="WMDMCESP.WMDMCESP" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows Media Device Manager\Plugins\SP\WPDSp] @DACL=(02 0000) "PnPAware"=dword:00000001 "ProgID"="WPDSp.WPDServiceProvider" [HKEY_LOCAL_MACHINE\software\Nullsoft\Winamp] @DACL=(02 0000) . Heure de fin: 2010-05-31 16:24:54 - La machine a redémarré ComboFix-quarantined-files.txt 2010-05-31 14:24 Avant-CF: 9 889 869 824 octets libres Après-CF: 9 870 635 008 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn - - End Of File - - F943A2A6CEF1A9B182111908F7B044F7
  8. scrogne
    Mieux je suppose Toujours en mode sans echec. examen rapide MBam : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4157 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 6.0.2900.2180 31/05/2010 15:30:47 mbam-log-2010-05-31 (15-30-47).txt Type d'examen: Examen rapide Elément(s) analysé(s): 151593 Temps écoulé: 6 minute(s), 35 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{e81b3727-f91c-4411-91fa-d551395f3432} (Trojan.GootKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f6b0450a-7666-46c3-85a9-f7fb3ea0be8f} (Trojan.GootKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot. hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:31:44, on 31/05/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\guillaume.caulet\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://123web/default.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://123web/default.aspx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O17 - HKLM\Software\..\Telephony: DomainName = tls.123multimedia.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wonderphone.local O17 - HKLM\System\CS1\Services\Tcpip\..\{228EFAA2-BC31-40E7-B521-33001DB0A377}: NameServer = 192.168.0.7 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 6188 bytes Je vais redémarrer (toujours en mode sans echec) et relancer Mbam mais j'ai bien peur qu'il y ait encore des "trucs"... J'attends vos conseils/instructions Merci.
  9. scrogne
    Sympa le petit champignon atomique ! Fait.. Pratiquement dès le clic sur "moveit!" : "OTM a rencontré une erreur et doit fermer etc..." il paraissait continuer de tourner quand même mais comme cela durait j'ai préféré cliquer sur : "ne pas envoyer le message d'erreur..." et tout s'est fermé. j'ai relancé explorer... redémarré. voici le rapport: Files moved on Reboot... File C:\Documents and Settings\guillaume.caulet\Local Settings\Temp\1E1626.dmp not found! C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXA349AV\common[1] moved successfully. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXA349AV\iframe2[1].script scheduled to be moved on reboot. File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WXA349AV\zakachayka[1].script scheduled to be moved on reboot. Registry entries deleted on Reboot... Reetencoremerci
  10. scrogne
    Re, merci pour toutes ces indications. j'ai tout suivi à la lettre, j'ai du réinstaller mbam. rkill : This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Ran as guillaume.caulet on 31/05/2010 at 13:27:00. Processes terminated by Rkill or while it was running: C:\Documents and Settings\guillaume.caulet\Bureau\rkill.exe Rkill completed on 31/05/2010 at 13:27:15. Mbam : Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Version de la base de données: 4157 Windows 5.1.2600 Service Pack 2 (Safe Mode) Internet Explorer 6.0.2900.2180 31/05/2010 14:07:06 mbam-log-2010-05-31 (14-07-06).txt Type d'examen: Examen complet (C:\|) Elément(s) analysé(s): 329696 Temps écoulé: 28 minute(s), 30 seconde(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 7 Valeur(s) du Registre infectée(s): 3 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 4 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): C:\WINDOWS\system32\uf0268bybv.dll (Trojan.Ertfor) -> Delete on reboot. C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{195e97ee-880f-4713-a736-8b726343d63a} (Trojan.GootKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b48006bb-db9d-4d74-9edb-5d38e098384a} (Trojan.GootKit) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{ee2ed8ae-f399-4214-a751-9079526cf7ff} (Trojan.GootKit) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{c7ba40a1-74f2-52bd-f411-04b15a2c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\gootkitsso (Trojan.GootKit) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\system32\uf0268bybv.dll (Trojan.Ertfor) -> Delete on reboot. C:\WINDOWS\system32\msxsltsso.dll (Trojan.GootKit) -> Delete on reboot. C:\WINDOWS\system32\wbem\grpconv.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\Documents and Settings\guillaume.caulet\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully. hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:09:58, on 31/05/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\guillaume.caulet\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://123web/default.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://123web/default.aspx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O17 - HKLM\Software\..\Telephony: DomainName = tls.123multimedia.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wonderphone.local O17 - HKLM\System\CS1\Services\Tcpip\..\{228EFAA2-BC31-40E7-B521-33001DB0A377}: NameServer = 192.168.0.7 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O21 - SSODL: GootkitSSO - {E81B3727-F91C-4411-91FA-D551395F3432} - C:\WINDOWS\System32\msxsltsso.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 6290 bytes Merci.
  11. scrogne
    Bonjour, voici le rapport de TDSS (lancé sous windows mode sans échec) : 13:01:50:015 0868 TDSS rootkit removing tool 2.3.1.0 May 25 2010 12:52:14 13:01:50:015 0868 ================================================================================ 13:01:50:015 0868 SystemInfo: 13:01:50:015 0868 OS Version: 5.1.2600 ServicePack: 2.0 13:01:50:015 0868 Product type: Workstation 13:01:50:015 0868 ComputerName: PC-WP-CAULET 13:01:50:015 0868 UserName: guillaume.caulet 13:01:50:015 0868 Windows directory: C:\WINDOWS 13:01:50:015 0868 Processor architecture: Intel x86 13:01:50:015 0868 Number of processors: 1 13:01:50:015 0868 Page size: 0x1000 13:01:50:015 0868 Boot type: Safe boot with network 13:01:50:015 0868 ================================================================================ 13:01:50:234 0868 Initialize success 13:01:50:234 0868 13:01:50:234 0868 Scanning Services ... 13:01:50:562 0868 Raw services enum returned 339 services 13:01:50:578 0868 13:01:50:578 0868 Scanning Drivers ... 13:01:51:562 0868 ACPI (0bd94fbfc14ea3606cd6ca4c0255baa3) C:\WINDOWS\system32\DRIVERS\ACPI.sys 13:01:51:609 0868 ACPIEC (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\drivers\ACPIEC.sys 13:01:51:687 0868 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys 13:01:51:734 0868 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 13:01:51:781 0868 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys 13:01:51:937 0868 AmdK7 (c0f59933070392e662b3c2bb2be77955) C:\WINDOWS\system32\DRIVERS\amdk7.sys 13:01:52:062 0868 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 13:01:52:140 0868 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 13:01:52:218 0868 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 13:01:52:265 0868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 13:01:52:328 0868 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys 13:01:52:359 0868 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys 13:01:52:406 0868 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 13:01:52:468 0868 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 13:01:52:531 0868 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 13:01:52:578 0868 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 13:01:52:625 0868 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 13:01:52:656 0868 Changer (daf1a8193b6caf0fb858cadcc5c4af4a) C:\WINDOWS\system32\drivers\Changer.sys 13:01:52:750 0868 cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys 13:01:52:859 0868 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder\SysInfo.sys 13:01:52:953 0868 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 13:01:53:015 0868 dmboot (e2d3b7620310fe56685f9b15a6b404b3) C:\WINDOWS\system32\drivers\dmboot.sys 13:01:53:125 0868 dmio (c77f5c20aa70197a69aa84baa9de43c8) C:\WINDOWS\system32\drivers\dmio.sys 13:01:53:187 0868 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 13:01:53:234 0868 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 13:01:53:281 0868 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 13:01:53:359 0868 eeCtrl (96bcd90ed9235a21629effde5e941fb1) C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys 13:01:53:390 0868 EraserUtilRebootDrv (392c86f6b45c0bc696c32c27f51e749f) C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 13:01:53:484 0868 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 13:01:53:531 0868 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 13:01:53:593 0868 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys 13:01:53:656 0868 Fips (8b121ff880683607ab2aef0340721718) C:\WINDOWS\system32\drivers\Fips.sys 13:01:53:718 0868 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 13:01:53:781 0868 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\drivers\fltmgr.sys 13:01:53:843 0868 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 13:01:53:890 0868 Ftdisk (a86859b77b908c18c2657f284aa29fe3) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 13:01:53:921 0868 gameenum (5f92fd09e5610a5995da7d775eadcd12) C:\WINDOWS\system32\DRIVERS\gameenum.sys 13:01:53:968 0868 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 13:01:54:015 0868 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 13:01:54:093 0868 HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys 13:01:54:140 0868 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 13:01:54:203 0868 i8042prt (d1efcbd693b5ba21314d06368c471070) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 13:01:54:265 0868 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 13:01:54:343 0868 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys 13:01:54:390 0868 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 13:01:54:437 0868 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 13:01:54:484 0868 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 13:01:54:546 0868 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 13:01:54:609 0868 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys 13:01:54:671 0868 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 13:01:54:734 0868 isapnp (54632f1a7de61dc3615d756f2a90fa72) C:\WINDOWS\system32\DRIVERS\isapnp.sys 13:01:54:781 0868 Kbdclass (e798705e8dc7fab596ef6bfdf167e007) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 13:01:54:828 0868 kbdhid (62dd5eefcec4ef4163f1168d4262a9e4) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 13:01:54:906 0868 klmd23 (0b06b0a25e08df0d536402bce3bde61e) C:\WINDOWS\system32\drivers\klmd.sys 13:01:54:968 0868 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 13:01:55:015 0868 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys 13:01:55:093 0868 lbrtfdc (cc50a66548c2f285bc8a7b0b8aa578e3) C:\WINDOWS\system32\drivers\lbrtfdc.sys 13:01:55:140 0868 MEMSWEEP2 (1595fecffbe9ea2417e06d5fd0bfa4c4) C:\WINDOWS\system32\67.tmp 13:01:55:203 0868 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 13:01:55:234 0868 Modem (5ac7e16f5b40a6da14b5f2b3ada4693e) C:\WINDOWS\system32\drivers\Modem.sys 13:01:55:281 0868 Mouclass (7d4f19411bd941e1d432a99e24230386) C:\WINDOWS\system32\DRIVERS\mouclass.sys 13:01:55:328 0868 mouhid (124d6846040c79b9c997f78ef4b2a4e5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 13:01:55:375 0868 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 13:01:55:453 0868 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 13:01:55:531 0868 MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 13:01:55:593 0868 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 13:01:55:656 0868 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 13:01:55:671 0868 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 13:01:55:703 0868 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 13:01:55:750 0868 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 13:01:55:796 0868 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 13:01:55:890 0868 NAVENG (83518e6cc82bdc3c3db0c12d1c9a2275) C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100523.004\naveng.sys 13:01:56:000 0868 NAVEX15 (85cf37740fe06c7a2eaa7f6c81f0819c) C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20100523.004\navex15.sys 13:01:56:093 0868 NDIS (93b984ecaff503d80c61e76a9959ceea) C:\WINDOWS\system32\drivers\NDIS.sys 13:01:56:171 0868 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 13:01:56:218 0868 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 13:01:56:265 0868 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 13:01:56:328 0868 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 13:01:56:375 0868 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 13:01:56:421 0868 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 13:01:56:468 0868 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 13:01:56:531 0868 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 13:01:56:578 0868 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 13:01:56:718 0868 nv (8e836672c1e476772cd18b7b4a671b4b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 13:01:56:796 0868 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 13:01:56:859 0868 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 13:01:56:906 0868 pan_emmi (98be22219b5f5dbf8ddeb9fcb991f088) C:\WINDOWS\system32\DRIVERS\pan_emmi.sys 13:01:56:984 0868 Parport (318696359ac7df48d1e51974ec527dd2) C:\WINDOWS\system32\DRIVERS\parport.sys 13:01:57:046 0868 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 13:01:57:093 0868 ParVdm (9575c5630db8fb804649a6959737154c) C:\WINDOWS\system32\drivers\ParVdm.sys 13:01:57:156 0868 PCI (7c5da5c1ed801ad8b0309d5514f0b75e) C:\WINDOWS\system32\DRIVERS\pci.sys 13:01:57:296 0868 Pcmcia (641da274e163617ea7a33506bc6da8e3) C:\WINDOWS\system32\drivers\Pcmcia.sys 13:01:57:359 0868 Pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\Pcouffin.sys 13:01:57:546 0868 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 13:01:57:609 0868 prepdrvr (3909be53ad8e2bfcac9d9148e4b2b270) C:\WINDOWS\system32\CCM\prepdrv.sys 13:01:57:671 0868 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 13:01:57:718 0868 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 13:01:57:765 0868 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 13:01:57:906 0868 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 13:01:57:937 0868 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 13:01:58:015 0868 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 13:01:58:078 0868 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 13:01:58:140 0868 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 13:01:58:234 0868 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 13:01:58:312 0868 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 13:01:58:390 0868 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 13:01:58:468 0868 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 13:01:58:546 0868 redbook (2cc30b68dd62b73d444a41322cd7fc4c) C:\WINDOWS\system32\DRIVERS\redbook.sys 13:01:58:656 0868 SAVRT (21ba125b956a513f85f6ab1dd603f917) C:\Program Files\Symantec AntiVirus\savrt.sys 13:01:58:671 0868 SAVRTPEL (0f8e1c05fc1298f8e7cea935429f66ff) C:\Program Files\Symantec AntiVirus\Savrtpel.sys 13:01:58:750 0868 sdcplh (dac1594437cd44ff57fafc71256fe7f3) C:\WINDOWS\system32\drivers\sdcplh.sys 13:01:58:828 0868 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 13:01:58:890 0868 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 13:01:58:937 0868 Serial (653201755ca96ab4aaa4131daf6da356) C:\WINDOWS\system32\DRIVERS\serial.sys 13:01:58:968 0868 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 13:01:59:031 0868 smsmdd (4b4ab78e866bbecf93f6eabc3270178a) C:\WINDOWS\system32\DRIVERS\smsmdm.sys 13:01:59:125 0868 smwdm (1d381a07361e4d6a8be95026b3eba47a) C:\WINDOWS\system32\drivers\smwdm.sys 13:01:59:203 0868 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 13:01:59:328 0868 SPBBCDrv (c30fa11923892a4dbd1c747db8492e8f) C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys 13:01:59:390 0868 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 13:01:59:453 0868 sr (b52181023b827acda36c1b76751ebffd) C:\WINDOWS\System32\DRIVERS\sr.sys 13:01:59:515 0868 Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys 13:01:59:593 0868 STIrUsb (a1a16662c6b1a665d965d61b9eecc5a7) C:\WINDOWS\system32\DRIVERS\irstusb.sys 13:01:59:640 0868 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 13:01:59:703 0868 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 13:01:59:796 0868 SymEvent (9c4737086dee2d302d5d2d69478f6611) C:\Program Files\Symantec\SYMEVENT.SYS 13:01:59:859 0868 SYMREDRV (c1bbd1d20acc5ecadca086228ad52bdd) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 13:01:59:921 0868 SYMTDI (9bf7fddab95f8aabc361774dc844f755) C:\WINDOWS\System32\Drivers\SYMTDI.SYS 13:02:00:000 0868 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 13:02:00:078 0868 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 13:02:00:171 0868 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 13:02:00:234 0868 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 13:02:00:328 0868 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 13:02:00:406 0868 uagp35 (49c805d42d75eddc9b6a7130999c9054) C:\WINDOWS\system32\DRIVERS\uagp35.sys 13:02:00:468 0868 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 13:02:00:562 0868 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 13:02:00:625 0868 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 13:02:00:687 0868 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 13:02:00:750 0868 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 13:02:00:781 0868 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 13:02:00:843 0868 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 13:02:00:875 0868 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 13:02:00:937 0868 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 13:02:00:968 0868 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 13:02:01:000 0868 videX32 (c8ee49fa76eb7c41a9cddfe58151a74e) C:\WINDOWS\system32\DRIVERS\videX32.sys 13:02:01:062 0868 VolSnap (313b1a0d5db26dfe1c34a6c13b2ce0a7) C:\WINDOWS\system32\drivers\VolSnap.sys 13:02:01:140 0868 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 13:02:01:218 0868 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 13:02:01:281 0868 WpdUsb (c1b3d9d75c3fb735f5fa3a5806aded57) C:\WINDOWS\system32\Drivers\wpdusb.sys 13:02:01:281 0868 13:02:01:281 0868 Completed 13:02:01:281 0868 13:02:01:281 0868 Results: 13:02:01:281 0868 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 13:02:01:281 0868 File objects infected / cured / cured on reboot: 0 / 0 / 0 13:02:01:281 0868 13:02:01:296 0868 KLMD(ARK) unloaded successfully Merci.
  12. scrogne
    Bonjour, Je me suis chopé un malware/trojan je ne sais pas exactement mais qui me faisais une alerte : "Windows security alerte - vous êtes infecté - cliquez là pour mettre à jour etc..." Impossible de mettre à jour Mbam qui ne trouve rien. Au démarrage j'ai une alerte : Kernel Veryfier planté... Ensuite spybot remonte : "modification base de registre : Browser Helper Object" J'ai ensuite en continu/a répétition des alertes, a priori de symantec : "analyse message spam" Spybot trouve 2 entrées suspectes : Microsoft.Windows.disableSystemRestore: [sBI $6296EC95] Réglages (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\DisableSR PWS.LDPinchIE: [sBI $32D83D62] Réglages utilisateur (Valeur du registre, nothing done) HKEY_USERS\S-1-5-21-2585863069-191951369-856499580-5893\Software\Microsoft\Windows\CurrentVersion\Explorer\idstrf voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:57:47, on 31/05/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\guillaume.caulet\Bureau\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://123web/default.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe O2 - BHO: C:\WINDOWS\system32\uf0268bybv.dll - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\WINDOWS\system32\uf0268bybv.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://123web/default.aspx O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O17 - HKLM\Software\..\Telephony: DomainName = tls.123multimedia.com O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wonderphone.local O17 - HKLM\System\CS1\Services\Tcpip\..\{228EFAA2-BC31-40E7-B521-33001DB0A377}: NameServer = 192.168.0.7 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = tls.123multimedia.com O21 - SSODL: GootkitSSO - {EE2ED8AE-F399-4214-A751-9079526CF7FF} - C:\WINDOWS\System32\msxsltsso.dll O22 - SharedTaskScheduler: har98fefiesjfs93s8i9sejsdf - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\WINDOWS\system32\uf0268bybv.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- End of file - 6422 bytes Si qq'un peut m'aider... Au secours !!!!! Merci.
×
×
  • Créer...