[résolu] Connexion internet lente, PC ralenti et un programme "An

angelique · le 20 novembre 2008

bon , et lui tu l'as : c:\qoobox\quarantaine\[4]-Submit_Date_Time.zip ??? tu l'as uploadé ou je t'ai dis ?

stefanie77 · le 20 novembre 2008

Non je n'ai également pas de fichier zip dans c:\qoobox...

angelique · le 20 novembre 2008

regarde dans c:\qoobox\quarantine\ , tu dois avoir un fichier ressemblant à quarantine.txt, poste le contenu.

regarde aussi si tu as un fichier comme TDSSlxwp.dll.vir

stefanie77 · le 20 novembre 2008

non rien de tout ça. J'ai pleins d'autres fichiers dans le fichier quarantine, qui affole d'ailleurs mon antivirus, mais pas de ceux dont tu parles.

angelique · le 20 novembre 2008

pfffff!!

• desinstalle ComboFix en copiant_collant la ligne ci dessous dans executer et valide la:

ComboFix /u

• supprime c:\combofix

• fait le scan MBAM comme dit au dessus, poste le rapport avec un nouveau rapport RSIT

stefanie77 · le 20 novembre 2008

Ok. J'ai effectué le scan et la suppression avec scan MBAM, puis généré le rapport ci dessous avec RSIT.

Logfile of random's system information tool 1.04 (written by random/random)

Run by stephanie at 2008-11-20 14:40:53

Microsoft Windows XP Professionnel Service Pack 2

System drive C: has 8 GB (21%) free of 37 GB

Total RAM: 639 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:41, on 2008-11-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

C:\Program Files\Ashampoo FireWall\FireWall.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\devldr32.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\tcpsvcs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\stephanie.STEPG\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\stephanie.STEPG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\Program Files\Google\Google Talk\googletalk.exe

C:\Documents and Settings\stephanie.STEPG\Bureau\RSIT.exe

C:\Program Files\Trend Micro\HijackThis\stephanie.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo FireWall\FireWall.exe" -TRAY

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: RaConfig2500.lnk = C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.canal-plus.com (HKLM)

O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://astre.adp.fr/vdesk/terminal/InstallerControl.cab

O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab

O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://astre.adp.fr/vdesk/terminal/f5Inspe...,2007,0223,0317

O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://astre.adp.fr/vdesk/terminal/urTermP...,2007,0530,2303

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {7E73BE8F-FD87-44EC-8E22-023D5FF960FF} (F5 Virtual Sandbox Class) - https://astre.adp.fr/vdesk/terminal/vdeskct...,2007,0530,2232

O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://astre.adp.fr/vdesk/terminal/urxshos...,2007,0223,0320

O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://astre.adp.fr/vdesk/terminal/urxhost...,2007,0524,2120

O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: kqicef.dll

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

--

End of file - 7506 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUser.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}]

C:\Program Files\Microsoft Money\System\mnyviewer.dll [2001-07-25 143420]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"=C:\WINDOWS\System32\NvCpl.dll [2005-11-11 7311360]

"nwiz"=nwiz.exe /install []

"NvMediaCenter"=C:\WINDOWS\System32\NvMcTray.dll [2005-11-11 86016]

"EPSON Stylus Photo R300 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE [2003-09-11 99840]

"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2008-03-22 155648]

"snp2std"=C:\WINDOWS\vsnp2std.exe [2006-09-15 675840]

"QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe [2008-09-06 413696]

"Ashampoo FireWall"=C:\Program Files\Ashampoo FireWall\FireWall.exe [2007-04-05 3251800]

"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2008-10-22 399504]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-20 15360]

"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-20 1667584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-10-01 111936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget]

C:\Program Files\Canal\Canal Widget\Launcher.exe [2008-11-12 103992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

C:\Program Files\DAEMON Tools Lite2\daemon.exe [2008-04-01 486856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]

C:\Program Files\Telephone\X-Lite\x-lite.exe [2008-04-22 22237184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

C:\Documents and Settings\stephanie.STEPG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]

C:\Program Files\Microsoft Money\System\Activation.exe [2001-07-25 245810]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^stephanie.STEPG^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]

C:\PROGRA~1\FICHIE~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^stephanie.STEPG^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]

C:\PROGRA~1\TRIBAL~1.NET\tribalweb.exe -system:startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"KPF4"=2

"CanalPlus.VOD"=2

"Apple Mobile Device"=2

C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage

RaConfig2500.lnk - C:\Program Files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLS"="kqicef.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2004-08-20 240128]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{70E5C213-45BC-4494-BA22-025EE7A38A42}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]

"authentication packages"=msv1_0

C:\WINDOWS\system32\khfCrOhf

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=

"NoDrives"=

"NoDriveAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Documents and Settings\stephanie.STEPG\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll"="C:\Documents and Settings\stephanie.STEPG\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin"

"C:\Documents and Settings\stephanie.STEPG\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\stephanie.STEPG\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2008-11-20 11:48:05 ----D---- C:\Documents and Settings\stephanie.STEPG\Application Data\Malwarebytes

2008-11-20 11:47:27 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-11-20 11:47:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2008-11-20 10:25:36 ----A---- C:\WINDOWS\system32\CF2895.exe

2008-11-19 20:12:35 ----D---- C:\rsit

2008-11-19 18:52:40 ----A---- C:\WINDOWS\system32\mucltui.dll.mui

2008-11-19 18:52:40 ----A---- C:\WINDOWS\system32\mucltui.dll

2008-11-19 18:43:44 ----D---- C:\WINDOWS\temp

2008-11-19 16:13:07 ----D---- C:\WINDOWS\ERDNT

2008-11-19 16:12:41 ----A---- C:\WINDOWS\system32\CF18052.exe

2008-11-19 13:41:28 ----A---- C:\WINDOWS\system32\gnc.exe

2008-11-19 13:34:47 ----A---- C:\WINDOWS\system32\Process.exe

2008-11-19 13:34:47 ----A---- C:\cleannavi.txt

2008-11-19 13:34:00 ----A---- C:\fixnavi1.txt

2008-11-19 12:55:23 ----A---- C:\fixnavi.txt

2008-11-19 12:51:07 ----D---- C:\Program Files\Navilog1

2008-11-18 18:26:05 ----D---- C:\Program Files\ma-config.com

2008-11-18 18:26:04 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com

2008-11-18 16:14:19 ----D---- C:\Program Files\Trend Micro

2008-11-18 14:55:08 ----A---- C:\WINDOWS\msnfix.txt

2008-11-18 01:06:33 ----D---- C:\Program Files\Avira

2008-11-18 01:06:33 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

2008-11-18 00:43:33 ----D---- C:\Program Files\SpywareBlaster

2008-11-17 23:53:47 ----D---- C:\SmitfraudFix

2008-11-17 23:41:06 ----A---- C:\WINDOWS\ntbtlog.txt

2008-11-17 23:39:03 ----A---- C:\SmitfraudFix(2).exe

2008-11-17 23:28:42 ----A---- C:\rapport1.txt

2008-11-17 23:19:24 ----A---- C:\rapport.txt

2008-11-17 23:16:52 ----A---- C:\WINDOWS\system32\WS2Fix.exe

2008-11-17 23:16:52 ----A---- C:\WINDOWS\system32\VCCLSID.exe

2008-11-17 23:16:52 ----A---- C:\WINDOWS\system32\VACFix.exe

2008-11-17 23:16:52 ----A---- C:\WINDOWS\system32\SrchSTS.exe

2008-11-17 23:16:52 ----A---- C:\WINDOWS\system32\o4Patch.exe

2008-11-17 23:16:52 ----A---- C:\WINDOWS\system32\IEDFix.exe

2008-11-17 23:16:52 ----A---- C:\WINDOWS\system32\IEDFix.C.exe

2008-11-17 23:16:52 ----A---- C:\WINDOWS\system32\dumphive.exe

2008-11-17 23:16:52 ----A---- C:\WINDOWS\system32\404Fix.exe

2008-11-17 18:28:56 ----A---- C:\WINDOWS\system32\b3ce59fa-.txt

2008-11-16 20:58:03 ----D---- C:\Program Files\Agent

2008-11-15 16:43:24 ----D---- C:\Program Files\QuickPar

2008-11-13 12:58:37 ----D---- C:\Program Files\directx

2008-11-13 12:10:43 ----D---- C:\WINDOWS\pss

2008-11-12 19:02:38 ----D---- C:\Program Files\Ashampoo FireWall

2008-11-12 18:58:21 ----D---- C:\WINDOWS\system32\vso_loc

2008-11-12 18:58:21 ----D---- C:\WINDOWS\system32\iosubsys

2008-11-12 18:58:02 ----D---- C:\Program Files\vso

2008-11-12 18:08:28 ----A---- C:\Documents and Settings\stephanie.STEPG\Application Data\ezplay.ini

2008-11-12 18:07:58 ----D---- C:\Documents and Settings\stephanie.STEPG\Application Data\Vso

2008-11-09 17:47:25 ----D---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TERMINAL Studio

2008-11-09 17:47:10 ----AD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP

2008-11-09 17:45:05 ----D---- C:\Program Files\Fichiers communs\Oberon Media

2008-11-01 13:02:33 ----D---- C:\Documents and Settings\stephanie.STEPG\Application Data\GrabIt

2008-11-01 13:01:31 ----D---- C:\Program Files\GrabIt

2008-11-01 13:00:43 ----D---- C:\Program Files\genealogie

======List of files/folders modified in the last 1 months======

2008-11-20 14:38:44 ----D---- C:\WINDOWS\system32

2008-11-20 14:33:26 ----D---- C:\WINDOWS\Prefetch

2008-11-20 11:47:39 ----D---- C:\WINDOWS\system32\drivers

2008-11-20 11:47:26 ----RD---- C:\Program Files

2008-11-20 11:46:35 ----D---- C:\WINDOWS

2008-11-20 11:46:31 ----A---- C:\trace.txt

2008-11-20 11:44:56 ----SHD---- C:\System Volume Information

2008-11-20 11:44:56 ----D---- C:\WINDOWS\system32\Restore

2008-11-20 11:10:37 ----D---- C:\Program Files\Mozilla Firefox

2008-11-20 10:55:58 ----A---- C:\WINDOWS\SchedLgU.Txt

2008-11-20 10:17:28 ----D---- C:\Documents and Settings

2008-11-19 18:52:41 ----D---- C:\WINDOWS\SoftwareDistribution

2008-11-19 18:52:39 ----HD---- C:\WINDOWS\inf

2008-11-19 18:52:38 ----D---- C:\WINDOWS\system32\CatRoot2

2008-11-19 17:03:54 ----D---- C:\WINDOWS\AppPatch

2008-11-19 17:03:54 ----D---- C:\Program Files\Fichiers communs

2008-11-18 18:26:18 ----SHD---- C:\WINDOWS\Installer

2008-11-17 23:57:48 ----D---- C:\Program Files\Google

2008-11-17 15:50:53 ----D---- C:\Program Files\Jeux

2008-11-17 10:25:44 ----D---- C:\Documents and Settings\stephanie.STEPG\Application Data\FileZilla

2008-11-16 20:58:19 ----A---- C:\WINDOWS\win.ini

2008-11-15 17:34:25 ----D---- C:\WINDOWS\Registration

2008-11-15 15:31:22 ----RASH---- C:\boot.ini

2008-11-15 15:31:22 ----A---- C:\WINDOWS\system.ini

2008-11-13 20:25:25 ----D---- C:\Program Files\Outils

2008-11-13 20:24:40 ----D---- C:\Program Files\Nikon

2008-11-13 20:22:52 ----D---- C:\Program Files\Free Audio Pack

2008-11-13 20:21:26 ----D---- C:\Program Files\Bonjour

2008-11-13 19:29:24 ----D---- C:\TEMP

2008-11-13 19:03:20 ----D---- C:\extract

2008-11-13 18:24:41 ----D---- C:\My Games

2008-11-13 13:11:07 ----D---- C:\Program Files\DScaler5

2008-11-13 12:07:34 ----HD---- C:\Program Files\InstallShield Installation Information

2008-11-12 21:44:42 ----D---- C:\Documents and Settings\stephanie.STEPG\Application Data\Mozilla

2008-11-12 21:44:20 ----SD---- C:\WINDOWS\Tasks

2008-11-11 17:34:33 ----D---- C:\video

2008-11-11 16:56:07 ----D---- C:\Documents and Settings\stephanie.STEPG\Application Data\LimeWire

2008-11-09 17:45:46 ----SD---- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft

2008-11-07 10:49:28 ----D---- C:\WINDOWS\repair

2008-11-05 10:48:49 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2008-10-22 17:52:34 ----D---- C:\Program Files\FreeGo

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-19 75072]

R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-11-25 54368]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-09-28 12032]

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.0.0.5; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-02-01 15939]

R2 ASPI32;ASPI32; C:\WINDOWS\system32\drivers\ASPI32.sys [1999-09-10 25244]

R3 ASFWHide;ASFWHide; \??\C:\DOCUME~1\STEPHA~1.STE\LOCALS~1\Temp\ASFWHide []

R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []

R3 ctljystk;Creative SBLive! Port de jeux; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]

R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]

R3 emu10k1;Pilote du Gestionnaire d'interface Creative (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]

R3 fbxusb;Carte réseau virtuelle FreeBox USB; C:\WINDOWS\System32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]

R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\System32\DRIVERS\HCF_MSFT.sys [2001-08-23 908000]

R3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder/Decoder); C:\WINDOWS\System32\DRIVERS\hcwPVRP2.sys [2004-01-29 796064]

R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []

R3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2005-11-11 3532928]

R3 RT2500;CNet Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT2500.sys [2004-06-10 191360]

R3 sfman;Pilote du Gestionnaire SoundFont Creative (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-04 31616]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2004-08-04 57600]

R3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2004-08-04 25856]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2004-08-04 20480]

S1 AmdK7;Pilote de processeur AMD K7; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-19 41600]

S1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys []

S1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys []

S2 Nsynas32;Nsynas32; C:\WINDOWS\system32\drivers\Nsynas32.sys []

S3 arjg96tk;arjg96tk; C:\WINDOWS\system32\drivers\arjg96tk.sys []

S3 Arp1394;Protocole client ARP 1394; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-04 60800]

S3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2004-08-19 701440]

S3 catchme;catchme; \??\C:\Combo-Fix\catchme.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2004-08-04 17024]

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 ezplay;VSO Software ezplay; C:\WINDOWS\System32\Drivers\ezplay.sys [2008-11-12 94208]

S3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-08-17 9600]

S3 mouhid;Pilote HID de souris; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-23 12288]

S3 ms_mpu401;Pilote UART MIDI MPU-401 Microsoft; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2004-08-04 10880]

S3 NIC1394;Pilote réseau 1394; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-04 61824]

S3 nv4;nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [2001-08-17 731648]

S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-11-12 47360]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2004-08-04 11136]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD); C:\WINDOWS\System32\DRIVERS\snp2sxp.sys [2007-04-09 12039552]

S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2004-08-04 15360]

S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]

S3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]

S3 usbohci;Pilote miniport de contrôleur hôte ouvert USB Microsoft; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2004-08-04 17024]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2004-08-04 15104]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]

R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]

R2 Bonjour Service;Service Bonjour; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]

R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\System32\nvsvc32.exe [2005-11-11 131139]

R2 SimpTcp;Services TCP/IP simplifiés; C:\WINDOWS\System32\tcpsvcs.exe [2001-09-28 19456]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]

S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-25 138168]

S3 iPod Service;Service de l’iPod; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2008-10-28 195752]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 SPTISRV;Sony SPTI Service; C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe [2002-03-13 65536]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-20 14336]

S4 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]

S4 CanalPlus.VOD;CanalPlus.VOD; C:\Program Files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe [2008-06-11 61440]

S4 KPF4;Sunbelt Kerio Personal Firewall 4; C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe []

-----------------EOF-----------------

angelique · le 20 novembre 2008

et le rapport Malware Bytes ??? poste le moi!

• telecharge sur ton bureau plop.reg , double clic dessus , accepte de fusionner, ou clic droit \ fusionner

Download Link---> http://www.sendspace.com/file/hhnrrc

• Télécharge OTMoveIt3 de OldTimer

http://oldtimer.geekstogo.com/OTMoveIt3.exe

* Enregistre-le sur ton bureau

* Double-clique sur OTMoveIt3.exe pour le lancer (l'extension peut ne pas apparaître)

* Copie-colle l'entièreté de ceci dans la partie "Paste Instructions for Items to be Moved" comme indiqué sur la capture (en-dessous de la barre jaune) :

:processes
explorer.exe

:files
C:\WINDOWS\system32\CF2895.exe
C:\WINDOWS\system32\CF18052.exe
C:\WINDOWS\system32\gnc.exe
C:\WINDOWS\system32\Process.exe
C:\cleannavi.txt
C:\fixnavi1.txt
C:\fixnavi.txt
C:\Program Files\Navilog1
C:\WINDOWS\msnfix.txt
C:\SmitfraudFix
C:\SmitfraudFix(2).exe
C:\rapport1.txt
C:\rapport.txt
C:\WINDOWS\system32\WS2Fix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\o4Patch.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\IEDFix.C.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\b3ce59fa-.txt

:commands
[start explorer]
[emptytemp]
[Reboot]

* Clique sur le bouton rouge Moveit! pour lancer le nettoyage

* Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results (en vert à droite)

--> Un rapport sera généré dans le dossier C:\ _OTMoveIt\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)

* Ferme OTMoveIt3 (en cliquant sur Exit)

Note : Si un fichier ou un dossier ne sait être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter...

• retelecharge ComboFix , lance le et poste le rapport.en esperant que ça fonctionne cette fois!!!

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

http://www.forospyware.com/sUBs/ComboFix.exe

http://subs.geekstogo.com/ComboFix.exe

* Double-clique combofix.exe, accepte le CluF qui s'affiche, afin de l'exécuter et suis les instructions.

* Lorsque l'analyse sera complétée, un rapport apparaîtra que tu me posteras.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

stefanie77 · le 20 novembre 2008

Ci dessous le rapport MBAM.

Je m' occupe de tes indications. Merci

Malwarebytes' Anti-Malware 1.30

Version de la base de données: 1412

Windows 5.1.2600 Service Pack 2

2008-11-20 14:38:45

mbam-log-2008-11-20 (14-38-45).txt

Type de recherche: Examen rapide

Eléments examinés: 66503

Temps écoulé: 51 minute(s), 0 second(s)

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 4

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 3

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\Interface\{18e4cdd5-23e9-3c2b-9ea7-7a5d489f4356} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{61181f3a-b7b4-3f2d-bc24-5dc5deab99c0} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78f8464d-a6f2-3f0d-a87f-a53a5f10d092} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

Dossier(s) infecté(s):

(Aucun élément nuisible détecté)

Fichier(s) infecté(s):

C:\WINDOWS\system32\ws59179.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Documents and Settings\stephanie.STEPG\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

angelique · le 20 novembre 2008

ok , vide la quarantaine d'MBAM

Au fait , tu as antivir et ashampoo , si un des 2 couine sur le fichier commençant par nircmd.... tu ne le refuses pas , tu acceptes c'est un fichier de ComboFix d'ou le peut etre pourquoi ComboFix n'avait pas terminé sa routine.

stefanie77 · le 20 novembre 2008

C'est bon !! Le rapport ComboFix a été généré. Le voici :

J'ai également vidé la quarantaine de MBAM.

Merci

ComboFix 08-11-19.08 - stephanie 2008-11-20 15:42:00.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.304 [GMT 1:00]

Lancé depuis: c:\documents and settings\stephanie.STEPG\Bureau\ComboFix.exe

* Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_IPRIP

((((((((((((((((((((((((((((( Fichiers créés du 2008-10-20 au 2008-11-20 ))))))))))))))))))))))))))))))))))))

.

2008-11-20 15:28 . 2008-11-20 15:28 <REP> d-------- C:\_OTMoveIt

2008-11-20 11:48 . 2008-11-20 11:48 <REP> d-------- c:\documents and settings\stephanie.STEPG\Application Data\Malwarebytes

2008-11-20 11:47 . 2008-11-20 14:32 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware

2008-11-20 11:47 . 2008-11-20 11:47 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2008-11-20 11:47 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

2008-11-20 11:47 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys

2008-11-19 20:12 . 2008-11-20 14:49 <REP> d-------- C:\rsit

2008-11-19 18:52 . 2007-07-30 19:19 271,224 --a------ c:\windows\system32\mucltui.dll

2008-11-19 18:52 . 2007-07-30 19:18 30,072 --a------ c:\windows\system32\mucltui.dll.mui

2008-11-18 18:26 . 2008-11-18 18:26 <REP> d-------- c:\program files\ma-config.com

2008-11-18 18:26 . 2008-11-18 18:26 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\ma-config.com

2008-11-18 16:14 . 2008-11-18 16:14 <REP> d-------- c:\program files\Trend Micro

2008-11-18 01:06 . 2008-11-18 01:06 <REP> d-------- c:\program files\Avira

2008-11-18 01:06 . 2008-11-18 01:06 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\Avira

2008-11-18 00:43 . 2008-11-18 00:43 <REP> d-------- c:\program files\SpywareBlaster

2008-11-17 23:35 . 2008-11-17 23:35 90,112 --a------ C:\SmitFraudFix v2.doc

2008-11-17 23:31 . 2008-11-20 10:21 82,432 --a------ C:\Nouveau Document Microsoft Word.doc

2008-11-17 23:20 . 2008-11-17 23:57 3,166 --a------ c:\windows\system32\tmp.reg

2008-11-17 23:20 . 2008-11-17 23:57 0 --a------ c:\windows\system32\tmp.MSNFix

2008-11-17 18:19 . 2007-02-01 22:34 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau

2008-11-17 18:19 . 2007-02-01 22:34 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression

2008-11-17 18:19 . 2002-01-01 03:55 <REP> d--h----- c:\documents and settings\Administrateur\Modèles

2008-11-17 18:19 . 2007-02-01 22:34 <REP> d-------- c:\documents and settings\Administrateur\Mes documents

2008-11-17 18:19 . 2007-02-01 22:34 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer

2008-11-17 18:19 . 2007-02-01 22:34 <REP> d-------- c:\documents and settings\Administrateur\Favoris

2008-11-17 18:19 . 2007-02-01 22:34 <REP> d-------- c:\documents and settings\Administrateur\Bureau

2008-11-17 18:19 . 2002-01-01 04:09 <REP> d-------- c:\documents and settings\Administrateur\Application Data\DivX

2008-11-17 18:19 . 2008-11-17 18:19 <REP> d-------- c:\documents and settings\Administrateur

2008-11-16 20:58 . 2008-11-16 20:58 <REP> d-------- c:\program files\Agent

2008-11-15 16:43 . 2008-11-15 16:43 <REP> d-------- c:\program files\QuickPar

2008-11-13 13:11 . 2007-12-15 16:11 6,144 --a------ c:\windows\system32\ff_acm.acm

2008-11-13 12:58 . 2008-11-13 12:58 <REP> d-------- c:\program files\directx

2008-11-12 19:02 . 2008-11-12 19:02 <REP> d-------- c:\program files\Ashampoo FireWall

2008-11-12 18:58 . 2008-11-12 18:58 <REP> d-------- c:\windows\system32\vso_loc

2008-11-12 18:58 . 2008-11-12 18:58 <REP> d-------- c:\windows\system32\iosubsys

2008-11-12 18:58 . 2008-11-12 18:58 <REP> d-------- c:\program files\vso

2008-11-12 18:58 . 2003-07-23 00:41 64,000 --a------ c:\windows\system32\drivers\PcAtip.sys

2008-11-12 18:58 . 2008-11-12 18:07 47,360 --a------ c:\windows\system32\drivers\Pcouffin.sys

2008-11-12 18:08 . 2008-11-12 18:08 94,208 --a------ c:\windows\system32\drivers\ezplay.sys

2008-11-12 18:08 . 2008-11-12 18:29 94,208 --a------ c:\documents and settings\stephanie.STEPG\Application Data\ezplay.sys

2008-11-12 18:07 . 2008-11-12 18:29 <REP> d-------- c:\documents and settings\stephanie.STEPG\Application Data\Vso

2008-11-12 18:07 . 2008-11-12 18:29 47,360 --a------ c:\documents and settings\stephanie.STEPG\Application Data\pcouffin.sys

2008-11-09 17:47 . 2008-11-09 17:47 <REP> d-------- c:\documents and settings\All Users.WINDOWS\Application Data\TERMINAL Studio

2008-11-09 17:47 . 2008-11-18 16:29 <REP> d-a------ c:\documents and settings\All Users.WINDOWS\Application Data\TEMP

2008-11-09 17:45 . 2008-11-09 17:45 <REP> d-------- c:\program files\Fichiers communs\Oberon Media

2008-11-01 13:02 . 2008-11-17 15:27 <REP> d-------- c:\documents and settings\stephanie.STEPG\Application Data\GrabIt

2008-11-01 13:01 . 2008-11-01 13:49 <REP> d-------- c:\program files\GrabIt

2008-11-01 13:00 . 2008-11-01 13:00 <REP> d-------- c:\program files\genealogie

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-11-17 22:57 --------- d-----w c:\program files\Google

2008-11-17 14:50 --------- d-----w c:\program files\Jeux

2008-11-17 09:25 --------- d-----w c:\documents and settings\stephanie.STEPG\Application Data\FileZilla

2008-11-13 19:25 --------- d-----w c:\program files\Outils

2008-11-13 19:24 --------- d-----w c:\program files\Nikon

2008-11-13 19:22 --------- d-----w c:\program files\Free Audio Pack

2008-11-13 19:21 --------- d-----w c:\program files\Bonjour

2008-11-13 12:11 --------- d-----w c:\program files\DScaler5

2008-11-13 11:07 --------- d--h--w c:\program files\InstallShield Installation Information

2008-11-11 15:56 --------- d-----w c:\documents and settings\stephanie.STEPG\Application Data\LimeWire

2008-10-22 16:52 --------- d-----w c:\program files\FreeGo

2008-10-10 09:50 --------- d-----w c:\program files\Fichiers communs\Adobe

2008-10-10 08:33 --------- d-----w c:\documents and settings\stephanie.STEPG\Application Data\gtk-2.0

2008-10-07 07:45 --------- d-----w c:\program files\iTunes

2008-10-07 07:45 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

2008-10-07 07:44 --------- d-----w c:\program files\iPod

2008-10-07 07:40 --------- d-----w c:\program files\Fichiers communs\Apple

2008-10-01 11:01 32,000 ----a-w c:\windows\system32\drivers\usbaapl.sys

2008-09-26 18:26 --------- d-----w c:\program files\dvd to divx

2008-09-25 10:16 74,528 ------w c:\windows\system32\drivers\imagedrv.sys

2008-09-25 10:16 708,608 ------w c:\windows\UNIDRV.exe

2008-09-25 10:16 --------- d-----w c:\program files\Ahead

2008-09-21 15:35 --------- d-----w c:\documents and settings\stephanie.STEPG\Application Data\NeoDivX2008

2008-09-21 15:29 --------- d-----w c:\program files\WinASPI

2008-09-21 15:27 370,176 ----a-w c:\windows\system32\x264vfw.dll

2008-09-21 15:09 --------- d-----w c:\program files\AviSynth 2.5

2008-08-29 08:18 87,336 ----a-w c:\windows\system32\dns-sd.exe

2008-08-29 07:53 61,440 ----a-w c:\windows\system32\dnssd.dll

2008-01-21 10:03 32 ----a-w c:\documents and settings\All Users.WINDOWS\Application Data\ezsid.dat

2006-02-10 11:16 284 ----a-w c:\documents and settings\stephanie\Application Data\ViewerApp.dat

2005-06-20 06:51 774,144 ----a-w c:\program files\RngInterstitial.dll

1995-09-20 15:16 456,976 ----a-w c:\program files\Fichiers communs\dao3032.dll

2006-05-29 14:40 7,296,000 ----a-w c:\program files\mozilla firefox\plugins\libvlc.dll

2008-04-25 12:32 5,817,064 ----a-w c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll

2008-03-04 11:25 8,192 --sha-w c:\windows\o2cLicStore.bin

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-20 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2005-11-11 7311360]

"NvMediaCenter"="c:\windows\System32\NvMcTray.dll" [2005-11-11 86016]

"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0F2.EXE" [2003-09-11 99840]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2008-03-22 155648]

"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]

"QuickTime Task"="c:\program files\K-Lite Codec Pack\QuickTime\qttask.exe" [2008-09-06 413696]

"Ashampoo FireWall"="c:\program files\Ashampoo FireWall\FireWall.exe" [2007-04-05 3251800]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"nwiz"="nwiz.exe" [2005-11-11 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-20 15360]

c:\documents and settings\stephanie\Menu D‚marrer\Programmes\D‚marrage\

Magnifier.lnk - c:\windows\system32\magnify.exe [2001-09-28 73216]

c:\documents and settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\

RaConfig2500.lnk - c:\program files\RALINK\RT2500 Wireless LAN Card\Installer\WINXP\RaConfig2500.exe [2008-01-25 507904]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"= ctwdm32.dll

"aux"= ctwdm32.dll

"vidc.X264"= x264vfw.dll

"msacm.avis"= ff_acm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Gamma Loader.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.lnk

backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

path=c:\documents and settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk

backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^stephanie.STEPG^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]

path=c:\documents and settings\stephanie.STEPG\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk

backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^stephanie.STEPG^Menu Démarrer^Programmes^Démarrage^TribalWeb.net.lnk]

path=c:\documents and settings\stephanie.STEPG\Menu Démarrer\Programmes\Démarrage\TribalWeb.net.lnk

backup=c:\windows\pss\TribalWeb.net.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

--a------ 2008-10-01 11:57 111936 c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Canal Widget]

--a------ 2008-11-12 18:36 103992 c:\program files\Canal\Canal Widget\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

--a------ 2008-04-01 10:39 486856 c:\program files\DAEMON Tools Lite2\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]

--a------ 2008-04-22 11:20 22237184 c:\program files\Telephone\X-Lite\x-lite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

--a----t- 2008-11-12 21:44 133104 c:\documents and settings\stephanie.STEPG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]

--a------ 2001-07-25 09:00 245810 c:\program files\Microsoft Money\System\Activation.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"KPF4"=2 (0x2)

"CanalPlus.VOD"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Documents and Settings\\stephanie.STEPG\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=

"c:\\Documents and Settings\\stephanie.STEPG\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=

R3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]

R3 hcwPVRP2;Hauppauge WinTV PVR PCI II (Encoder/Decoder);c:\windows\system32\DRIVERS\hcwPVRP2.sys [2008-01-15 796064]

S1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys []

S1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys []

S3 maconfservice;Ma-Config Service;"c:\program files\ma-config.com\maconfservice.exe" [2008-10-28 195752]

S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2008-03-21 12039552]

S4 CanalPlus.VOD;CanalPlus.VOD;"c:\program files\Canal\Canal Widget\VOD\CanalPlus.VOD.exe" [2008-04-11 61440]

S4 hpt3xx;hpt3xx; []

.

Contenu du dossier 'Tâches planifiées'

2008-11-20 c:\windows\Tasks\GoogleUpdateTaskUser.job

- c:\documents and settings\stephanie.STEPG\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-12 21:44]

.

------- Examen supplémentaire -------

.

FireFox -: Profile - c:\documents and settings\stephanie.STEPG\Application Data\Mozilla\Firefox\Profiles\h8cqzep9.default\

FF -: plugin - c:\documents and settings\All Users.WINDOWS\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

FF -: plugin - c:\documents and settings\stephanie.STEPG\Application Data\Mozilla\Firefox\Profiles\h8cqzep9.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll

FF -: plugin - c:\documents and settings\stephanie.STEPG\Application Data\Mozilla\plugins\npgoogletalk.dll

FF -: plugin - c:\documents and settings\stephanie.STEPG\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll

FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll

FF -: plugin - c:\program files\Canal\Canal Widget\VOD\npCpVod.dll

FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll

FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll

FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll

FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll

FF -: plugin - c:\program files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll

FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF -: plugin - c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF -: plugin - c:\program files\ma-config.com\nphardwaredetection.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npracplug.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npvirtools.dll

FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-11-20 15:49:16

Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASFWHide]

"ImagePath"="\??\c:\docume~1\STEPHA~1.STE\LOCALS~1\Temp\ASFWHide"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

PROCESSUS: c:\windows\system32\lsass.exe

-> c:\program files\Ashampoo FireWall\spi.dll

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\devldr32.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\tcpsvcs.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Heure de fin: 2008-11-20 15:53:54 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-11-20 14:53:48

Avant-CF: 8,220,590,080 octets libres

Après-CF: 8,151,556,096 octets libres

245

Connexion

Pas encore inscrit ?

[résolu] Connexion internet lente, PC ralenti et un programme "An

Messages recommandés

angelique

stefanie77

angelique

stefanie77

angelique

stefanie77

angelique

stefanie77

angelique

stefanie77

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer