Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[resolu]Analyse rapport HijackThis svp

fire_man

Par fire_man
dans Analyses et éradication malwares

 Partager

Messages recommandés

fire_man Power Member

fire_man

Posté(e)
Posté(e)

:P bonsoir,

 

un ami m'a passé un logiciel et quand j'ai voulu l'installer nod 32 m'a indiqué qu'il y avait un trojan, je pensé qu'il l'avait bloqué mais que néni!

depuis j'ai des souccis avec les mises automatique de windows(je suis sous xp).

Spybot a dectecté Vitumonde et Virtumonde.dll :P mais le probleme revient apres le redemarrage de l'ordi.

j'ai donc suivi la procédure de pré-nettoyage, antivir n'a rien trouvé et spybot a trouvé encore Vitumonde et Virtumonde.dll

 

je vous livre donc mon rapport:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:28:29, on 10/06/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe

C:\Program Files\Elantech\ktp.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {383BF5E9-E9BB-4362-85E7-DA9EEA44B74C} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {DA244C53-7D03-42B8-92CF-87DD312907BC} - C:\WINDOWS\system32\jkkHYpnN.dll (file missing)

O2 - BHO: (no name) - {F53BAFE5-CE7A-4E95-95AC-A3912EFD3739} - C:\WINDOWS\system32\xxyxVopO.dll

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe

O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe

O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe

O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: xxyxVopO - C:\WINDOWS\SYSTEM32\xxyxVopO.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

merci de m'aider :P

angelique Devil Member !

angelique

Posté(e)
Posté(e)

l est ou ton Nod32 ?? tu l'as desinstallé??

 

• relance Hijackthis "do a system scan only" , coche les lignes ci dessous et clic Fixchecked:

 

O2 - BHO: (no name) - {DA244C53-7D03-42B8-92CF-87DD312907BC} - C:\WINDOWS\system32\jkkHYpnN.dll (file missing)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

 

• Pas d'antivirus en action resident attack::

 

» Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau en le renommant dans la fenetre d'enregistrement par Combo-Fix

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

 

==> comboFix doit absolument etre sur ton bureau

 

 

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\xxyxVopO.dll

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

fire_man Power Member

fire_man

Posté(e)
  • Auteur
Posté(e)

hello,

 

étant impatient, j'ai fait quelques recherches et j'ai donc lancé combo fix avant de voir ton post

donc pour ces 2 lignes combo fix les a apparement supprimés

O2 - BHO: (no name) - {DA244C53-7D03-42B8-92CF-87DD312907BC} - C:\WINDOWS\system32\jkkHYpnN.dll (file missing)

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

 

je post les 2 rapports:

 

ComboFix 08-06-09.7 - HELLO 2008-06-10 19:48:53.1 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1581 [GMT 2:00]

Endroit: C:\Documents and Settings\HELLO\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\ammemewf.ini

C:\WINDOWS\system32\cdkcgsvk.ini

C:\WINDOWS\system32\doutvamw.dll

C:\WINDOWS\system32\efswklux.ini

C:\WINDOWS\system32\fvsbknuo.ini

C:\WINDOWS\system32\fwememma.dll

C:\WINDOWS\system32\jkwqjcrb.ini

C:\WINDOWS\system32\kvsgckdc.dll

C:\WINDOWS\system32\NnpYHkkj.ini

C:\WINDOWS\system32\NnpYHkkj.ini2

C:\WINDOWS\system32\NTstwyay.ini

C:\WINDOWS\system32\NTstwyay.ini2

C:\WINDOWS\system32\rYycIRqr.ini

C:\WINDOWS\system32\rYycIRqr.ini2

C:\WINDOWS\system32\vylfdkip.ini

C:\WINDOWS\system32\wmavtuod.ini

C:\WINDOWS\system32\xulkwsfe.dll

C:\WINDOWS\system32\xxyxVopO.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-10 19:31 . 2008-06-10 19:31 605,184 --a------ C:\WINDOWS\system32\yaywtsTN.dll

2008-06-10 19:27 . 2008-06-10 19:29 <REP> d-------- C:\Hijackthis

2008-06-10 17:43 . 2008-06-10 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-10 15:59 . 2008-06-10 15:59 <REP> dr-h----- C:\Documents and Settings\HELLO\Application Data\SecuROM

2008-06-10 15:59 . 2008-06-10 15:59 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-06-10 15:17 . 2008-06-10 19:21 211 --a------ C:\WINDOWS\wininit.ini

2008-06-10 13:22 . 2008-06-10 13:22 <REP> d-------- C:\Program Files\Fichiers communs\BioWare

2008-06-06 21:17 . 2008-06-06 21:17 <REP> d-------- C:\Documents and Settings\HELLO\Application Data\vlc

2008-06-06 21:16 . 2008-06-06 21:16 <REP> d-------- C:\Program Files\VideoLAN

2008-05-30 14:09 . 2008-05-30 14:09 <REP> d-------- C:\Program Files\CCleaner

2008-05-28 19:09 . 2008-05-28 19:09 <REP> d-------- C:\Program Files\foobar2000

2008-05-19 18:19 . 2008-05-19 18:19 <REP> d-------- C:\Program Files\Auslogics

2008-05-19 18:19 . 2008-05-19 18:19 <REP> d-------- C:\Documents and Settings\HELLO\Application Data\Auslogics

2008-05-18 16:34 . 2008-05-18 16:34 <REP> d-------- C:\Program Files\Neoact

2008-05-18 16:34 . 2007-02-05 13:11 139,264 --a------ C:\WINDOWS\NeoUninstall.exe

2008-05-18 16:34 . 2008-05-18 16:34 26 --a------ C:\WINDOWS\neosetup.INI

2008-05-18 16:27 . 2008-05-18 16:31 120 --a------ C:\WINDOWS\csmash.ini

2008-05-18 16:01 . 2008-05-18 16:26 <REP> d-------- C:\Documents and Settings\HELLO\.xmoto

2008-05-17 16:15 . 2008-05-17 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-05-17 16:14 . 2008-05-17 16:14 <REP> d-------- C:\WINDOWS\nvidia icons

2008-05-17 16:09 . 2008-05-02 12:46 13,529,088 --a------ C:\WINDOWS\system32\nvcpl.dll

2008-05-14 21:12 . 2008-05-14 21:12 <REP> d-------- C:\Program Files\DVD Shrink

2008-05-14 18:33 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-05-14 18:33 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-05-14 18:33 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-05-14 16:30 . 2008-05-14 16:30 <REP> d-------- C:\Program Files\TomTom DesktopSuite

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-10 13:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-10 11:57 --------- d-----w C:\Documents and Settings\HELLO\Application Data\uTorrent

2008-06-05 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis

2008-06-04 20:03 --------- d-----w C:\Documents and Settings\HELLO\Application Data\foobar2000

2008-06-04 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-28 17:09 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-05-21 22:23 --------- d-----w C:\Program Files\Intel

2008-05-19 16:19 --------- d-----w C:\Program Files\AusLogics Disk Defrag

2008-05-18 11:23 --------- d-----w C:\Documents and Settings\HELLO\Application Data\dvdcss

2008-05-11 16:40 --------- d-----w C:\Documents and Settings\HELLO\Application Data\XnView

2008-05-11 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-05-05 18:50 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys

2008-05-02 17:24 --------- d-----w C:\Program Files\Notebook Hardware Control

2008-05-02 10:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-04-27 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft

2008-04-27 13:38 22,328 ----a-w C:\Documents and Settings\HELLO\Application Data\PnkBstrK.sys

2008-04-27 12:40 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Acronis

2008-04-27 12:03 --------- d-----w C:\Documents and Settings\HELLO\Application Data\Media Player Classic

2008-04-27 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom

2008-04-26 16:46 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys

2008-04-26 16:46 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys

2008-04-26 16:46 368,736 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys

2008-04-26 16:46 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys

2008-04-26 16:46 --------- d-----w C:\Program Files\Fichiers communs\Acronis

2008-04-26 16:46 --------- d-----w C:\Program Files\Acronis

2008-04-26 16:41 65,112 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-04-26 16:41 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-04-26 16:28 --------- d-----w C:\Program Files\Zeb-Utility

2008-04-26 15:07 --------- d-----w C:\Documents and Settings\HELLO\Application Data\TomTom

2008-04-26 15:06 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Acronis

2008-04-26 14:20 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1

2008-04-26 14:01 --------- d-----w C:\Program Files\uTorrent

2008-04-26 13:54 --------- d-----w C:\Program Files\Windows Live

2008-04-26 13:32 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-04-26 13:24 --------- d-----w C:\Program Files\TomTom HOME 2

2008-04-26 13:23 --------- d-----w C:\Program Files\XnView

2008-04-26 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-26 11:20 --------- d-----w C:\Documents and Settings\HELLO\Application Data\TuneUp Software

2008-04-26 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-04-26 11:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-26 11:16 --------- d-----w C:\Program Files\AbiSuite2

2008-04-26 11:15 --------- d-----w C:\Program Files\Torrent Harvester

2008-04-26 11:15 --------- d-----w C:\Program Files\Sleepy

2008-04-26 11:13 --------- d-----w C:\Documents and Settings\HELLO\Application Data\CyberLink

2008-04-26 11:12 --------- d-----w C:\Program Files\Serials 2000 7.1 Plus

2008-04-26 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink

2008-04-26 11:09 --------- d-----w C:\Program Files\Smart Projects

2008-04-26 11:08 --------- d-----w C:\Program Files\CyberLink

2008-04-26 11:05 --------- d-----w C:\Program Files\Real Alternative

2008-04-26 11:03 --------- d-----w C:\Program Files\QuickTime Alternative

2008-04-26 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-04-26 11:02 --------- d-----w C:\Program Files\FLVPlayer

2008-04-26 10:41 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-04-26 10:39 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-04-26 10:39 --------- d-----w C:\Documents and Settings\HELLO\Application Data\DAEMON Tools

2008-04-26 10:37 --------- d-----w C:\Documents and Settings\HELLO\Application Data\Ahead

2008-04-26 10:35 --------- d-----w C:\Program Files\Ahead

2008-04-26 10:32 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2008-04-26 09:57 737,280 ----a-w C:\WINDOWS\iun6002.exe

2008-04-26 09:57 --------- d-----w C:\Program Files\FireTune

2008-04-26 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations

2008-04-26 07:35 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-04-25 22:58 --------- d-----w C:\Program Files\AGEIA Technologies

2008-04-25 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-25 22:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-04-25 22:51 --------- d-----w C:\Program Files\Fraps

2008-04-25 22:45 --------- d-----w C:\Program Files\Java

2008-04-25 22:44 --------- d-----w C:\Program Files\Gadwin Systems

2008-04-25 22:43 --------- d-----w C:\Program Files\Fichiers communs\Java

2008-04-25 22:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-04-25 22:37 --------- d-----w C:\Program Files\e-Carte Bleue Banque Populaire

2008-04-25 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET

2008-04-25 22:10 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-04-25 22:10 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel

2008-04-25 22:10 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel

2008-04-25 22:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel

2008-04-25 22:10 --------- d-----w C:\Documents and Settings\HELLO\Application Data\Intel

2008-04-25 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel

2008-04-25 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\XP32

2008-04-25 21:56 --------- d-----w C:\Program Files\EzButton

2008-04-25 21:55 --------- d-----w C:\Program Files\Fichiers communs\snp2uvc

2008-04-25 21:55 --------- d-----w C:\Documents and Settings\HELLO\Application Data\InstallShield

2008-04-25 21:54 --------- d-----w C:\Program Files\Elantech

2008-04-25 21:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-04-25 21:50 --------- d-----w C:\Program Files\WIDCOMM

2008-04-25 21:49 --------- d-----w C:\Program Files\Compal

2008-04-25 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vista64

2008-04-25 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vista32

2008-04-25 21:48 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-04-25 21:47 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-04-25 21:47 --------- d-----w C:\Program Files\Realtek

2008-04-25 20:49 --------- d-----w C:\Program Files\microsoft frontpage

2008-04-25 20:47 --------- d-----w C:\Program Files\Services en ligne

2008-04-13 17:34 979,968 ----a-w C:\WINDOWS\explorer.exe

2008-04-13 17:34 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-13 17:34 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-13 17:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-13 17:34 230,912 ----a-w C:\WINDOWS\regedit.exe

2008-04-13 17:34 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-13 17:34 156,672 ----a-w C:\WINDOWS\notepad.exe

.

 

------- Sigcheck -------

 

2008-04-13 19:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe

2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2008-04-13 19:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7885AECB-851F-45D1-9845-C2900AF43524}]

2008-06-10 19:31 605184 --a------ C:\WINDOWS\system32\yaywtsTN.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA244C53-7D03-42B8-92CF-87DD312907BC}]

C:\WINDOWS\system32\jkkHYpnN.dll

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVHotkey"="nvHotkey.dll" [2008-02-22 09:46 86016 C:\WINDOWS\system32\nvhotkey.dll]

"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 17:51 951856]

"WLSS"="C:\Program Files\Compal\Wireless Select Switch\WLSS.exe" [2007-04-23 18:55 190000]

"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2007-02-14 04:11 647168]

"CplBCL50"="C:\Program Files\EzButton\CplBCL50.EXE" [2004-06-15 14:11 401408]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19 819200]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17 970752]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 12:46 13529088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe"

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

"RTHDCPL"=RTHDCPL.EXE

"Alcmtr"=ALCMTR.EXE

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet

"nwiz"=nwiz.exe /install

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"D:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

"D:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=

 

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-04-26 18:46]

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37]

R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-18 09:55]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]

S3 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-08 11:19]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-26 13:22]

S3 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:34]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-10 19:52:24

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-10 19:53:32 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-10 17:53:29

 

Pre-Run: 23,911,026,688 octets libres

Post-Run: 23,834,816,512 octets libres

 

262 --- E O F --- 2008-05-28 16:50:20

 

 

 

ET

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 19:58:25, on 10/06/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe

C:\Program Files\Compal\Wireless Select Switch\WLSS.exe

C:\Program Files\Elantech\ktp.exe

C:\Program Files\EzButton\CplBCL50.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe

O4 - HKLM\..\Run: [WLSS] C:\Program Files\Compal\Wireless Select Switch\WLSS.exe

O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe

O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [4c3a030f] rundll32.exe "C:\WINDOWS\system32\evslojrs.dll",b

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: BTTray.lnk = ?

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

merci d'avance :P

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• to systeme est nickel sans antivirus :P , on va remedier à ça apres:

 

Deconnecte toi d'internet physiquement [cable debranché le temp de la manip] patiente 10mn le temp de te reconnecter et poster le rapport

 

 

» ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\yaywtsTN.dll
C:\WINDOWS\wininit.ini
C:\WINDOWS\system32\jkkHYpnN.dll
C:\WINDOWS\system32\evslojrs.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7885AECB-851F-45D1-9845-C2900AF43524}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DA244C53-7D03-42B8-92CF-87DD312907BC}]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• Parole de Malekal !

 

link DL antivir » http://dl1.avgate.net/down/windows/antivir...n_winu_en_h.exe

 

 

Mon avis est Avast!, McAfee et Norton sont loin de ce que l'on a fait de mieux en matière de protection, ce sont des antivirus que je déconseille :

Avast! VS Antivir (Mai 2007) » http://forum.malekal.com/viewtopic.php?f=45&t=3528

Avast! VS Antivir VS AVG 8 (Mai 2008) » http://forum.malekal.com/viewtopic.php?f=45&t=11659

Si vous avez Avast!, Norton ou McAfee: A lire » http://forum.malekal.com/viewtopic.php?f=3&t=9631

 

Pour moi, Antivir et AVG 8 sont beaucoup plus performants : C'est pourquoi, je te conseille TRES VIVEMENT de désinstaller ton antivirus et installer Antivir ou AVG 8 à la place (selon ton choix) .... ce n'est bien sûr pas une obligation mais un conseil.

 

Tu trouveras un tutorial Antivir depuis ce lien : http://www.malekal.com/tutorial_antivir.php

et une page qui explique comment migrer d'Avast! à Antivir : http://forum.malekal.com/ftopic4192.php

Si tu préféres AVG 8, voici la page pour migrer d'Avast! à AVG 8 : http://forum.malekal.com/viewtopic.php?f=45&t=11703

 

===> donc tu postes un rapport d'un des 2 antivrus[ 1 seul!!!!!! installé]

fire_man Power Member

fire_man

Posté(e)
  • Auteur
Posté(e)

bon voila le nouveau rapport de combofix, apparement tu veux également un post d'un antivirus comme antivir ou avg mais le quel tu me conseils personnellement?

 

en attendant le post de l'antivirus.....

 

 

ComboFix 08-06-09.7 - HELLO 2008-06-10 20:17:33.2 - NTFSx86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1554 [GMT 2:00]

Endroit: C:\Documents and Settings\HELLO\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\HELLO\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\system32\jkkHYpnN.dll

C:\WINDOWS\system32\yaywtsTN.dll

C:\WINDOWS\wininit.ini

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\WINDOWS\system32\evslojrs.dll

C:\WINDOWS\system32\klxouagv.dll

C:\WINDOWS\system32\NTstwyay.ini

C:\WINDOWS\system32\NTstwyay.ini2

C:\WINDOWS\system32\srjolsve.ini

C:\WINDOWS\system32\srjolsve.tmp

C:\WINDOWS\system32\ugifqlgy.dll

C:\WINDOWS\system32\vgauoxlk.ini

C:\WINDOWS\system32\yaywtsTN.dll

C:\WINDOWS\system32\yglqfigu.ini

C:\WINDOWS\wininit.ini

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-10 to 2008-06-10 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-10 19:27 . 2008-06-10 20:06 <REP> d-------- C:\Hijackthis

2008-06-10 17:43 . 2008-06-10 19:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira

2008-06-10 15:59 . 2008-06-10 15:59 <REP> dr-h----- C:\Documents and Settings\HELLO\Application Data\SecuROM

2008-06-10 15:59 . 2008-06-10 15:59 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-06-10 13:22 . 2008-06-10 13:22 <REP> d-------- C:\Program Files\Fichiers communs\BioWare

2008-06-06 21:17 . 2008-06-06 21:17 <REP> d-------- C:\Documents and Settings\HELLO\Application Data\vlc

2008-06-06 21:16 . 2008-06-06 21:16 <REP> d-------- C:\Program Files\VideoLAN

2008-05-30 14:09 . 2008-05-30 14:09 <REP> d-------- C:\Program Files\CCleaner

2008-05-28 19:09 . 2008-05-28 19:09 <REP> d-------- C:\Program Files\foobar2000

2008-05-19 18:19 . 2008-05-19 18:19 <REP> d-------- C:\Program Files\Auslogics

2008-05-19 18:19 . 2008-05-19 18:19 <REP> d-------- C:\Documents and Settings\HELLO\Application Data\Auslogics

2008-05-18 16:34 . 2008-05-18 16:34 <REP> d-------- C:\Program Files\Neoact

2008-05-18 16:34 . 2007-02-05 13:11 139,264 --a------ C:\WINDOWS\NeoUninstall.exe

2008-05-18 16:34 . 2008-05-18 16:34 26 --a------ C:\WINDOWS\neosetup.INI

2008-05-18 16:27 . 2008-05-18 16:31 120 --a------ C:\WINDOWS\csmash.ini

2008-05-18 16:01 . 2008-05-18 16:26 <REP> d-------- C:\Documents and Settings\HELLO\.xmoto

2008-05-17 16:15 . 2008-05-17 16:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

2008-05-17 16:14 . 2008-05-17 16:14 <REP> d-------- C:\WINDOWS\nvidia icons

2008-05-17 16:09 . 2008-05-02 12:46 13,529,088 --a------ C:\WINDOWS\system32\nvcpl.dll

2008-05-14 21:12 . 2008-05-14 21:12 <REP> d-------- C:\Program Files\DVD Shrink

2008-05-14 18:33 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll

2008-05-14 18:33 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll

2008-05-14 18:33 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll

2008-05-14 18:33 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll

2008-05-14 16:30 . 2008-05-14 16:30 <REP> d-------- C:\Program Files\TomTom DesktopSuite

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-10 13:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP

2008-06-10 11:57 --------- d-----w C:\Documents and Settings\HELLO\Application Data\uTorrent

2008-06-05 16:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis

2008-06-04 20:03 --------- d-----w C:\Documents and Settings\HELLO\Application Data\foobar2000

2008-06-04 16:00 --------- d--h--w C:\Program Files\InstallShield Installation Information

2008-05-28 17:09 --------- d-----w C:\Program Files\TuneUp Utilities 2008

2008-05-21 22:23 --------- d-----w C:\Program Files\Intel

2008-05-19 16:19 --------- d-----w C:\Program Files\AusLogics Disk Defrag

2008-05-18 11:23 --------- d-----w C:\Documents and Settings\HELLO\Application Data\dvdcss

2008-05-11 16:40 --------- d-----w C:\Documents and Settings\HELLO\Application Data\XnView

2008-05-11 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink

2008-05-05 18:50 22,528 ----a-w C:\WINDOWS\system32\drivers\nhcDriver.sys

2008-05-02 17:24 --------- d-----w C:\Program Files\Notebook Hardware Control

2008-05-02 10:46 6,554,496 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2008-04-27 13:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft

2008-04-27 13:38 22,328 ----a-w C:\Documents and Settings\HELLO\Application Data\PnkBstrK.sys

2008-04-27 12:40 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Acronis

2008-04-27 12:03 --------- d-----w C:\Documents and Settings\HELLO\Application Data\Media Player Classic

2008-04-27 11:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\TomTom

2008-04-26 16:46 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys

2008-04-26 16:46 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys

2008-04-26 16:46 368,736 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys

2008-04-26 16:46 129,248 ----a-w C:\WINDOWS\system32\drivers\snapman.sys

2008-04-26 16:46 --------- d-----w C:\Program Files\Fichiers communs\Acronis

2008-04-26 16:46 --------- d-----w C:\Program Files\Acronis

2008-04-26 16:41 65,112 ----a-w C:\WINDOWS\BricoPackUninst.cmd

2008-04-26 16:41 6,114 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd

2008-04-26 16:28 --------- d-----w C:\Program Files\Zeb-Utility

2008-04-26 15:07 --------- d-----w C:\Documents and Settings\HELLO\Application Data\TomTom

2008-04-26 15:06 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Acronis

2008-04-26 14:20 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1

2008-04-26 14:01 --------- d-----w C:\Program Files\uTorrent

2008-04-26 13:54 --------- d-----w C:\Program Files\Windows Live

2008-04-26 13:32 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller

2008-04-26 13:24 --------- d-----w C:\Program Files\TomTom HOME 2

2008-04-26 13:23 --------- d-----w C:\Program Files\XnView

2008-04-26 13:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller

2008-04-26 11:20 --------- d-----w C:\Documents and Settings\HELLO\Application Data\TuneUp Software

2008-04-26 11:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-04-26 11:19 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-04-26 11:16 --------- d-----w C:\Program Files\AbiSuite2

2008-04-26 11:15 --------- d-----w C:\Program Files\Torrent Harvester

2008-04-26 11:15 --------- d-----w C:\Program Files\Sleepy

2008-04-26 11:13 --------- d-----w C:\Documents and Settings\HELLO\Application Data\CyberLink

2008-04-26 11:12 --------- d-----w C:\Program Files\Serials 2000 7.1 Plus

2008-04-26 11:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink

2008-04-26 11:09 --------- d-----w C:\Program Files\Smart Projects

2008-04-26 11:08 --------- d-----w C:\Program Files\CyberLink

2008-04-26 11:05 --------- d-----w C:\Program Files\Real Alternative

2008-04-26 11:03 --------- d-----w C:\Program Files\QuickTime Alternative

2008-04-26 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer

2008-04-26 11:02 --------- d-----w C:\Program Files\FLVPlayer

2008-04-26 10:41 --------- d-----w C:\Program Files\DAEMON Tools Lite

2008-04-26 10:39 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-04-26 10:39 --------- d-----w C:\Documents and Settings\HELLO\Application Data\DAEMON Tools

2008-04-26 10:37 --------- d-----w C:\Documents and Settings\HELLO\Application Data\Ahead

2008-04-26 10:35 --------- d-----w C:\Program Files\Ahead

2008-04-26 10:32 --------- d-----w C:\Program Files\Fichiers communs\Ahead

2008-04-26 09:57 737,280 ----a-w C:\WINDOWS\iun6002.exe

2008-04-26 09:57 --------- d-----w C:\Program Files\FireTune

2008-04-26 09:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations

2008-04-26 07:35 --------- d-----w C:\Program Files\Windows Media Connect 2

2008-04-25 22:58 --------- d-----w C:\Program Files\AGEIA Technologies

2008-04-25 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-04-25 22:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-04-25 22:51 --------- d-----w C:\Program Files\Fraps

2008-04-25 22:45 --------- d-----w C:\Program Files\Java

2008-04-25 22:44 --------- d-----w C:\Program Files\Gadwin Systems

2008-04-25 22:43 --------- d-----w C:\Program Files\Fichiers communs\Java

2008-04-25 22:37 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-04-25 22:37 --------- d-----w C:\Program Files\e-Carte Bleue Banque Populaire

2008-04-25 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET

2008-04-25 22:10 21,425 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys

2008-04-25 22:10 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Intel

2008-04-25 22:10 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel

2008-04-25 22:10 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel

2008-04-25 22:10 --------- d-----w C:\Documents and Settings\HELLO\Application Data\Intel

2008-04-25 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel

2008-04-25 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\XP32

2008-04-25 21:56 --------- d-----w C:\Program Files\EzButton

2008-04-25 21:55 --------- d-----w C:\Program Files\Fichiers communs\snp2uvc

2008-04-25 21:55 --------- d-----w C:\Documents and Settings\HELLO\Application Data\InstallShield

2008-04-25 21:54 --------- d-----w C:\Program Files\Elantech

2008-04-25 21:50 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-04-25 21:50 --------- d-----w C:\Program Files\WIDCOMM

2008-04-25 21:49 --------- d-----w C:\Program Files\Compal

2008-04-25 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vista64

2008-04-25 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vista32

2008-04-25 21:48 --------- d-----w C:\Program Files\Fichiers communs\InstallShield

2008-04-25 21:47 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-04-25 21:47 --------- d-----w C:\Program Files\Realtek

2008-04-25 20:49 --------- d-----w C:\Program Files\microsoft frontpage

2008-04-25 20:47 --------- d-----w C:\Program Files\Services en ligne

2008-04-13 17:34 979,968 ----a-w C:\WINDOWS\explorer.exe

2008-04-13 17:34 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys

2008-04-13 17:34 32,866 ------w C:\WINDOWS\slrundll.exe

2008-04-13 17:34 288,256 ----a-w C:\WINDOWS\winhlp32.exe

2008-04-13 17:34 230,912 ----a-w C:\WINDOWS\regedit.exe

2008-04-13 17:34 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys

2008-04-13 17:34 156,672 ----a-w C:\WINDOWS\notepad.exe

.

 

------- Sigcheck -------

 

2008-04-13 19:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\explorer.exe

2004-08-05 14:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

2008-04-13 19:34 979968 3efe912dd25d2586e6a0341db0a66f69 C:\WINDOWS\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((((((( snapshot@2008-06-10_19.53.22.03 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-10 17:52:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-10 18:19:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat

- 2008-06-10 17:30:06 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat

+ 2008-06-10 17:56:16 62,678 ----a-w C:\WINDOWS\system32\perfc009.dat

- 2008-06-10 17:30:06 75,704 ----a-w C:\WINDOWS\system32\perfc00C.dat

+ 2008-06-10 17:56:16 75,704 ----a-w C:\WINDOWS\system32\perfc00C.dat

- 2008-06-10 17:30:06 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat

+ 2008-06-10 17:56:16 401,398 ----a-w C:\WINDOWS\system32\perfh009.dat

- 2008-06-10 17:30:06 468,728 ----a-w C:\WINDOWS\system32\perfh00C.dat

+ 2008-06-10 17:56:16 468,728 ----a-w C:\WINDOWS\system32\perfh00C.dat

- 2008-05-25 14:48:30 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe

+ 2008-06-10 18:10:43 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NVHotkey"="nvHotkey.dll" [2008-02-22 09:46 86016 C:\WINDOWS\system32\nvhotkey.dll]

"Wow Video&Audio"="C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe" [2007-05-03 17:51 951856]

"KTPWare"="C:\Program Files\Elantech\ktp.exe" [2007-02-14 04:11 647168]

"CplBCL50"="C:\Program Files\EzButton\CplBCL50.EXE" [2004-06-15 14:11 401408]

"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 11:19 819200]

"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 11:17 970752]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 12:46 13529088]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-13 19:34 15360]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe"

"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

"RTHDCPL"=RTHDCPL.EXE

"Alcmtr"=ALCMTR.EXE

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

"Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"

"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

"AcronisTimounterMonitor"=C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe

"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

"NotebookHardwareControl"="C:\Program Files\Notebook Hardware Control\nhc.exe" -quiet

"nwiz"=nwiz.exe /install

"WLSS"=C:\Program Files\Compal\Wireless Select Switch\WLSS.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\uTorrent\\uTorrent.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"D:\\Program Files\\Mass Effect\\MassEffectLauncher.exe"=

"D:\\Program Files\\Mass Effect\\Binaries\\MassEffect.exe"=

 

R0 EMSC;COMPAL Embedded System Control;C:\WINDOWS\system32\DRIVERS\EMSC.SYS [2007-03-14 10:16]

R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-04-26 18:46]

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2007-09-19 21:37]

R3 Ktp;Elantech Touchpad;C:\WINDOWS\system32\DRIVERS\Ktp.sys [2006-11-18 09:55]

R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]

S3 TryAndDecideService;Acronis Try And Decide Service;"C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe" [2007-10-08 11:19]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-26 13:22]

S3 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:34]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-10 20:20:04

Windows 5.1.2600 Service Pack 3 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]

"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-10 20:21:08 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-10 18:21:05

ComboFix2.txt 2008-06-10 17:53:32

 

Pre-Run: 23,838,687,232 octets libres

Post-Run: 23,821,242,368 octets libres

 

267 --- E O F --- 2008-05-28 16:50:20

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• desinstalle ComboFix en copiant_collant dans excuter la ligne ci dessous et valide la:

 

ComboFix /u

 

supprimme si tjrs existant c:\bug , c:\qoobox c:\ combofix

 

• Pour L'AV , je dirais Antivir avec un nouveau rapport HJT stp! le soucis est quasi résolu !

angelique Devil Member !

angelique

Posté(e)
Posté(e)

j'ai édité le msg précedent » • Pour L'AV , je dirais Antivir avec un nouveau rapport HJT stp! le soucis est quasi résolu !

 

 

je vois que tu maitrise le sujet [avec un peu d'aide !] , c'est mieux Nop??

fire_man Power Member

fire_man

Posté(e)
  • Auteur
Posté(e)

bah en fait j'ai deja effectué cette manipulation auparavant; malheureusement.....

 

voila les 2 rapports:

 

Logfile of HijackThis v1.99.1

Scan saved at 21:37:56, on 10/06/2008

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16640)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe

C:\Program Files\Elantech\ktp.exe

C:\Program Files\EzButton\CplBCL50.EXE

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start

O4 - HKLM\..\Run: [Wow Video&Audio] C:\Program Files\Compal\Wow Video&Audio\WVAMain.exe

O4 - HKLM\..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe

O4 - HKLM\..\Run: [CplBCL50] C:\Program Files\EzButton\CplBCL50.EXE

O4 - HKLM\..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"

O4 - HKLM\..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Fichiers communs\Acronis\Fomatik\TrueImageTryStartService.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

 

ET

 

 

 

Avira AntiVir Personal

Report file date: mardi 10 juin 2008 21:03

 

Scanning for 1321794 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 3) [5.1.2600]

Boot mode: Normally booted

Username: HELLO

Computer name: GREG

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58

ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 18:46:30

ANTIVIR3.VDF : 7.0.4.172 260096 Bytes 10/06/2008 18:46:31

Engineversion : 8.1.0.55

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.40 266618 Bytes 10/06/2008 18:46:39

AESCN.DLL : 8.1.0.21 119156 Bytes 10/06/2008 18:46:39

AERDL.DLL : 8.1.0.20 418165 Bytes 10/06/2008 18:46:38

AEPACK.DLL : 8.1.1.5 364918 Bytes 10/06/2008 18:46:37

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 10/06/2008 18:46:36

AEHEUR.DLL : 8.1.0.30 1253750 Bytes 10/06/2008 18:46:36

AEHELP.DLL : 8.1.0.15 115063 Bytes 10/06/2008 18:46:34

AEGEN.DLL : 8.1.0.28 307572 Bytes 10/06/2008 18:46:34

AEEMU.DLL : 8.1.0.6 430451 Bytes 10/06/2008 18:46:33

AECORE.DLL : 8.1.0.31 168310 Bytes 10/06/2008 18:46:32

AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

 

Configuration settings for the scan:

Jobname..........................: Local Hard Disks

Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\alldiscs.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: on

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: mardi 10 juin 2008 21:03

 

Starting search for hidden objects.

'34161' objects were checked, '0' hidden objects were found.

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned

Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned

Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned

Scan process 'CplBCL50.EXE' - '1' Module(s) have been scanned

Scan process 'KTP.EXE' - '1' Module(s) have been scanned

Scan process 'WVAMain.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'btwdins.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

34 processes with 34 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '28' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <Documents>

 

 

End of the scan: mardi 10 juin 2008 21:16

Used time: 13:30 min

 

The scan has been done completely.

 

3694 Scanning directories

127890 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

127890 Files not concerned

735 Archives were scanned

2 Warnings

0 Notes

34161 Objects were scanned with rootkit scan

0 Hidden objects were found

 

It is good????

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• corrige cette ligne ci dessous avec HijackThis et supprime son dossier backups de sauvegarde là » C:\Hijackthis\backups

 

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

 

3694 Scanning directories

127890 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

 

 

Ouaip^^ c'est G00d apres 2 baffes à ton ami qui t'a passé ce logiciel :P

 

@+

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...