|
|
Auteur
|
Message
|
1
|
|
|
|
bonjour
mon poste est atteint par Trojan.vundo
windows xp sp2
merci de trouver une solution
|
|
|
|
|
bonjour,
Télécharge ComboFix (créé par sUBs) sur ton Bureau
Démarre en mode sans échec : http://forum.telecharger.01net.com/telecharger/virus_et_assimiles/failles_de_(...)
Double clique combofix.exe.
Tape sur la touche Y (Yes) pour démarrer le scan.
ComboFix redémarrera ton PC
Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse,et nouveau rapport hijackthis
NOTE : Le rapport se trouve également ici : C:\Combofix.txt
|
|
|
|
|
BONJOUR
VOICI LE RAPPORT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:19:44, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\XPFR\System32\smss.exe
C:\XPFR\system32\winlogon.exe
C:\XPFR\system32\services.exe
C:\XPFR\system32\lsass.exe
C:\XPFR\system32\svchost.exe
C:\XPFR\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\XPFR\system32\spoolsv.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\XPFR\system32\hkcmd.exe
C:\XPFR\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SPEC\CS-Time\csTime.exe
C:\XPFR\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\JScan\GestServ\GPExport.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\JScan\bin\servicio.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\SPEC\netTime\netTime.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\XPFR\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\XPFR\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\XPFR\explorer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\technicom1\Mes documents\HiJackThis.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\ClamWin\bin\OlAddin.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\XPFR\system32\calc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\JScan\gestserv\Exportador.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AbsoluteTransfer module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll
O2 - BHO: (no name) - {4F26BEDB-D89B-44A1-948B-5D523292DADF} - C:\XPFR\system32\ddcyxXPF.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O3 - Toolbar: atfxqogp - {0F4B2766-03E3-4ADD-B91D-77B06FC9B603} - C:\XPFR\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\XPFR\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\XPFR\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\XPFR\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [igfxtray] C:\XPFR\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\XPFR\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\XPFR\system32\igfxpers.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042508 serial=DR12CET-7480327-QHL lang=FR
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [Salestart] "C:\Program Files\Fichiers communs\WinAnonymous\stm.exe" dm=http://winanonymous.com ad=http://winanonymous.com sd=http://ilp.winanonymous.com
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\XPFR\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\XPFR\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\XPFR\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\XPFR\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\XPFR\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\XPFR\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\XPFR\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{144E6A19-D1FA-40A1-8CFB-22CC6CA173A0}: NameServer = 193.95.66.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E928E1-EA34-4A59-818C-9FFD616DE5B6}: NameServer = 193.95.93.77,193.95.66.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{144E6A19-D1FA-40A1-8CFB-22CC6CA173A0}: NameServer = 193.95.66.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{144E6A19-D1FA-40A1-8CFB-22CC6CA173A0}: NameServer = 193.95.66.10
O20 - Winlogon Notify: ddcyxXPF - C:\XPFR\SYSTEM32\ddcyxXPF.dll
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\XPFR\system32\rtmipr.dll (file missing)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CS-Time Server (csTime) - SPEC, S.A. - C:\Program Files\SPEC\CS-Time\csTime.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GPExport - Unknown owner - C:\JScan\GestServ\GPExport.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: JScan - Unknown owner - C:\JScan\bin\servicio.exe
O23 - Service: netTime Server (netTime) - SPEC, S.A. - C:\Program Files\SPEC\netTime\netTime.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SPECDriver - SPEC, S.A. - C:\SPEC\SPECDriver\Server.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
--
End of file - 12625 bytes
|
|
|
|
|
|
je t'ai demandé un rapport combofix, pas hijackthis, alors fais ce que je te demande stp
|
|
|
|
|
rapport hijackthis
ComboFix 08-06-01.6 - technicom1 2008-06-03 14:45:24.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.550 [GMT 2:00]
Endroit: C:\Documents and Settings\technicom1\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080602164104500.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080602171230109.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080602173359906.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080602173939843.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080602174454859.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080602174802031.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080602175029031.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080603080049312.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080603081719671.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080603083854250.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\LOG\20080603144206046.log
C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe
C:\Program Files\AntiSpywareShield
C:\Program Files\AntiSpywareShield\AntiSpywareShield1.ad
C:\Program Files\AntiSpywareShield\Uninstall.exe
C:\XPFR\SW_Win2000X9.DLL
C:\XPFR\SW_Win2146X32.DLL
C:\XPFR\system32\ddcyxXPF.dll
.
---- Previous Run -------
.
C:\x.txt
C:\XPFR\xmpstean.exe
D:\Autorun.inf
E:\Autorun.inf
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-03 to 2008-06-03 ))))))))))))))))))))))))))))))))))))
.
2008-06-03 08:09 . 2008-06-03 08:16 <REP> d-------- C:\Program Files\Trojan Remover
2008-06-03 08:09 . 2008-06-03 08:09 <REP> d-------- C:\Documents and Settings\technicom1\Application Data\Simply Super Software
2008-06-03 08:09 . 2003-02-02 19:06 153,088 --a------ C:\XPFR\system32\UNRAR3.dll
2008-06-03 08:09 . 2002-03-06 00:00 75,264 --a------ C:\XPFR\system32\unacev2.dll
2008-06-03 08:00 . 2008-06-03 08:00 14,848 --a------ C:\XPFR\system32\WinCtrl32.dll.vir
2008-06-02 17:55 . 2008-06-02 17:55 <REP> d-------- C:\Documents and Settings\technicom1\Application Data\Systweak
2008-06-02 17:55 . 2008-06-02 17:55 <REP> d-------- C:\Documents and Settings\All Users.XPFR\Application Data\Systweak
2008-06-02 17:55 . 2008-04-02 19:38 99,568 --a------ C:\XPFR\system32\dummy.exe
2008-06-02 17:54 . 2008-06-02 17:55 <REP> d-------- C:\Program Files\Systweak AntiSpyware
2008-06-02 17:54 . 2008-05-12 15:56 11,264 --a------ C:\XPFR\system32\AntiSpyNative32.exe
2008-06-02 15:41 . 2008-06-02 15:11 188,416 --------- C:\XPFR\atfxqogp.dll_old
2008-06-02 15:41 . 2008-06-02 15:11 163,840 --a------ C:\XPFR\emwg.exe
2008-05-31 12:41 . 2008-05-31 12:41 <REP> d-------- C:\Program Files\Opera
2008-05-29 15:37 . 2008-06-03 08:38 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-29 15:37 . 2008-06-03 08:36 <REP> d-------- C:\Documents and Settings\All Users.XPFR\Application Data\Spybot - Search & Destroy
2008-05-23 07:58 . 2008-05-23 07:58 <REP> d-------- C:\Intercept-Briefcase
2008-05-23 07:57 . 2008-05-23 07:57 <REP> d-------- C:\Program Files\Sales Pilot Software
2008-05-23 07:57 . 2008-05-23 07:57 <REP> d-------- C:\Program Files\Fichiers communs\Borland Shared
2008-05-23 07:57 . 1999-01-20 05:01 210,032 --a------ C:\XPFR\system32\DBCLIENT.DLL
2008-05-23 07:57 . 1999-11-12 05:11 183,808 --a------ C:\XPFR\system32\BDEADMIN.CPL
2008-05-23 07:57 . 2008-05-30 17:50 13,030 --a------ C:\PDOXUSRS.NET
2008-05-21 17:36 . 2008-05-19 14:52 <REP> d-------- C:\Program Files\Musicmatch
2008-05-21 15:15 . 2008-05-21 15:15 <REP> d-------- C:\Program Files\Ashampoo
2008-05-21 10:14 . 2008-05-21 10:14 <REP> d--h----- C:\XPFR\msdownld.tmp
2008-05-21 10:11 . 2008-05-21 10:12 <REP> d-------- C:\XPFR\system32\fr-fr
2008-05-21 10:04 . 2008-03-01 14:58 6,066,176 -----c--- C:\XPFR\system32\dllcache\ieframe.dll
2008-05-21 10:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\XPFR\system32\dllcache\ieapfltr.dat
2008-05-21 10:04 . 2007-03-08 07:10 1,048,576 -----c--- C:\XPFR\system32\dllcache\ieframe.dll.mui
2008-05-21 10:04 . 2008-03-01 14:58 459,264 -----c--- C:\XPFR\system32\dllcache\msfeeds.dll
2008-05-21 10:04 . 2008-03-01 14:58 383,488 -----c--- C:\XPFR\system32\dllcache\ieapfltr.dll
2008-05-21 10:04 . 2008-03-01 14:58 267,776 -----c--- C:\XPFR\system32\dllcache\iertutil.dll
2008-05-21 10:04 . 2008-03-01 14:58 63,488 -----c--- C:\XPFR\system32\dllcache\icardie.dll
2008-05-21 10:04 . 2008-03-01 14:58 52,224 -----c--- C:\XPFR\system32\dllcache\msfeedsbs.dll
2008-05-21 10:04 . 2008-02-22 12:00 13,824 -----c--- C:\XPFR\system32\dllcache\ieudinit.exe
2008-05-21 09:24 . 2008-05-22 09:57 <REP> d-------- C:\Program Files\Hotspot_Shield
2008-05-21 09:24 . 2008-05-21 09:24 <REP> d-------- C:\Program Files\Hotspot Shield
2008-05-19 10:34 . 2008-05-19 10:34 <REP> d-------- C:\Program Files\a-squared Free
2008-05-19 09:40 . 2008-05-19 09:40 355 --a------ C:\XPFR\system32\MRT.INI
2008-05-19 09:12 . 2008-05-19 09:12 <REP> d-------- C:\Documents and Settings\technicom1\Application Data\.clamwin
2008-05-19 09:11 . 2008-05-19 09:11 <REP> d-------- C:\Program Files\ClamWin
2008-05-19 09:11 . 2008-05-19 09:11 <REP> d-------- C:\Documents and Settings\All Users.XPFR\.clamwin
2008-05-19 07:59 . 2008-05-19 07:59 <REP> d-------- C:\Program Files\Alwil Software
2008-05-17 12:15 . 2008-05-17 12:15 <REP> d-------- C:\Documents and Settings\technicom1\Application Data\WinAnonymous
2008-05-17 12:11 . 2008-05-17 12:12 <REP> d-------- C:\Program Files\eMule
2008-05-17 12:11 . 2008-05-17 12:11 <REP> d-------- C:\Documents and Settings\technicom1\Application Data\eMule
2008-05-17 11:47 . 2008-05-17 11:47 <REP> d-------- C:\Program Files\MSXML 4.0
2008-05-17 11:46 . 2008-05-28 17:58 1,374 --a------ C:\XPFR\imsins.BAK
2008-05-17 10:51 . 2008-05-17 12:24 <REP> d-------- C:\Program Files\WinAnonymous
2008-05-17 10:51 . 2008-05-29 15:38 <REP> d-------- C:\Program Files\Fichiers communs\WinAnonymous
2008-05-17 10:51 . 2008-05-17 10:51 <REP> d-------- C:\Documents and Settings\All Users.XPFR\Application Data\WinAnonymous
2008-05-17 10:51 . 2008-05-17 10:51 <REP> dr------- C:\Documents and Settings\All Users.XPFR\Application Data\SalesMon
2008-05-17 10:49 . 2008-05-17 10:49 719,128 --a------ C:\Documents and Settings\technicom1\Application Data\installer_en[1].exe
2008-05-17 10:24 . 2008-05-29 14:04 <REP> d-------- C:\Program Files\AbsoluteTransfer
2008-05-17 10:17 . 2008-05-29 16:03 <REP> d-------- C:\Program Files\VirusRanger
2008-05-16 17:59 . 2008-05-28 07:48 <REP> d--h----- C:\XPFR\$hf_mig$
2008-05-15 16:46 . 2008-05-22 14:33 <REP> d-------- C:\Program Files\VisualRoute 2008
2008-05-15 16:46 . 2008-05-22 14:33 <REP> d-------- C:\Documents and Settings\technicom1\vw
2008-05-14 16:07 . 2008-05-14 16:07 <REP> d-------- C:\Program Files\Real Alternative
2008-05-14 15:57 . 2008-05-14 16:04 <REP> d-------- C:\Program Files\RM to MP3 Converter
2008-05-14 15:42 . 2005-02-27 21:48 356,352 --a------ C:\XPFR\system32\RealMediaSplitter.ax
2008-05-12 17:12 . 2008-05-12 17:12 <REP> d-------- C:\Documents and Settings\technicom1\Application Data\vlc
2008-05-12 17:11 . 2008-05-12 17:11 <REP> d-------- C:\Program Files\VideoLAN
2008-05-12 16:39 . 2008-05-17 08:19 <REP> d-------- C:\Documents and Settings\technicom1\Application Data\UseNeXT
2008-05-09 09:13 . 2008-05-09 09:13 36,928 --a------ C:\XPFR\system32\drivers\pssdk41.sys
2008-05-05 16:27 . 2008-05-05 16:27 <REP> d-------- C:\Program Files\QuickTime
2008-05-05 08:07 . 2008-02-22 02:33 69,632 --a------ C:\XPFR\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-03 08:04 --------- d---a-w C:\Documents and Settings\All Users.XPFR\Application Data\TEMP
2008-05-22 07:57 --------- d-----w C:\Program Files\Conduit
2008-05-22 07:57 --------- d-----w C:\Program Files\classical_music
2008-05-19 06:01 --------- d-----w C:\Documents and Settings\All Users.XPFR\Application Data\McAfee.com
2008-05-15 13:50 --------- d-----w C:\Program Files\Nmap
2008-05-12 14:39 --------- d-----w C:\Program Files\BitTorrent
2008-05-12 07:23 --------- d-----w C:\Documents and Settings\technicom1\Application Data\AdobeUM
2008-05-09 06:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 06:53 --------- d-----w C:\Program Files\Tenable
2008-05-06 12:27 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-05-05 06:07 --------- d-----w C:\Program Files\Java
2008-05-02 12:04 --------- d-----w C:\Documents and Settings\technicom1\Application Data\gtk-2.0
2008-05-02 09:00 --------- d-----w C:\Program Files\NetworkView36
2008-04-29 12:36 --------- d-----w C:\Program Files\WinPcap
2008-04-26 07:19 --------- d-----w C:\Program Files\Softinterface, Inc
2008-04-26 06:56 --------- d-----w C:\Documents and Settings\All Users.XPFR\Application Data\PC SOFT
2008-04-24 13:23 --------- d-----w C:\Program Files\Safari
2008-04-24 13:23 --------- d-----w C:\Documents and Settings\technicom1\Application Data\Apple Computer
2008-04-24 13:22 --------- d-----w C:\Program Files\Bonjour
2008-04-24 13:22 --------- d-----w C:\Program Files\Apple Software Update
2008-04-24 13:22 --------- d-----w C:\Documents and Settings\All Users.XPFR\Application Data\Apple
2008-04-24 12:02 --------- d-----w C:\Program Files\SPEC
2008-04-24 07:22 --------- d-----w C:\Documents and Settings\technicom1\Application Data\BitTorrent
2008-04-21 14:25 --------- d-----w C:\Program Files\PDFCreator
2008-04-19 06:57 --------- d-----w C:\Program Files\SAGEM
2008-04-19 06:57 --------- d-----w C:\Documents and Settings\technicom1\Application Data\InstallShield
2008-04-17 14:24 --------- d-----w C:\Documents and Settings\All Users.XPFR\Application Data\Yahoo! Companion
2008-04-17 14:22 --------- d-----w C:\Program Files\Yahoo!
2008-04-10 15:47 --------- d-----w C:\Documents and Settings\All Users.XPFR\Application Data\Babylon
2008-04-10 15:32 --------- d-----w C:\Documents and Settings\technicom1\Application Data\Microsoft Web Folders
2008-04-10 13:39 --------- d-----w C:\Documents and Settings\technicom1\Application Data\Corel
2008-04-10 13:36 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-04-08 14:56 --------- d-----w C:\Documents and Settings\technicom1\Application Data\U3
2008-04-07 09:41 --------- d-----w C:\Program Files\Google
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18CB1A7B-94CD-4582-8022-ADA16851E44B}]
2008-03-27 15:00 247296 --a------ C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0F4B2766-03E3-4ADD-B91D-77B06FC9B603}"= "C:\XPFR\atfxqogp.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{0f4b2766-03e3-4add-b91d-77b06fc9b603}]
[HKEY_CLASSES_ROOT\atfxqogp.1]
[HKEY_CLASSES_ROOT\TypeLib\{C591E3E4-56BC-48BC-8F6C-94A6DB621F36}]
[HKEY_CLASSES_ROOT\atfxqogp]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\XPFR\system32\ctfmon.exe" [2004-08-19 16:09 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 10:30 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"FrameWorkService"="" []
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [ ]
"WinSpywareProtect (ver. 5.1)"="C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\XPFR\IME\imjp8_1\IMJPMIG.exe" [2004-08-03 22:32 208952]
"PHIME2002ASync"="C:\XPFR\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PHIME2002A"="C:\XPFR\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-03 22:32 455168]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.exe" [2006-06-08 14:02 131072]
"igfxtray"="C:\XPFR\system32\igfxtray.exe" [2006-06-06 10:09 94208]
"igfxhkcmd"="C:\XPFR\system32\hkcmd.exe" [2006-06-06 10:06 77824]
"igfxpers"="C:\XPFR\system32\igfxpers.exe" [2006-06-06 10:10 118784]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2006-03-31 13:58 184320]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 18:04 802816]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 17:58 696320]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"FrameWorkService"="" []
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-05 16:27 413696]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-04-19 16:35 77824]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-06-03 08:10 877136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\XPFR\system32\CTFMON.EXE" [2004-08-19 16:09 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkstation"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= cmd.exe
"2"= mmc.exe
"3"= rstrui.exe
"4"= regedit.exe
"5"= regedt32.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ryG75.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\SPEC\\CS-Time\\csTime.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 aswSP;avast! Self Protection;C:\XPFR\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\XPFR\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 csTime;CS-Time Server;"C:\Program Files\SPEC\CS-Time\csTime.exe" [2007-11-12 11:35]
R2 GPExport;GPExport;C:\JScan\GestServ\GPExport.exe [2001-03-05 19:39]
R2 JScan;JScan;C:\JScan\bin\servicio.exe [2002-10-01 11:27]
R2 netTime;netTime Server;"C:\Program Files\SPEC\netTime\netTime.exe" [2007-11-12 11:35]
R2 ROCKEYNT;ROCKEYNT;C:\XPFR\system32\drivers\Rockeynt.sys [2008-01-22 17:36]
R2 Tenable Nessus;Tenable Nessus;"C:\Program Files\Tenable\Nessus\nessusd.exe" [2008-03-13 14:56]
R3 tapvpn;TAP VPN Adapter;C:\XPFR\system32\DRIVERS\tapvpn.sys [2008-01-23 23:25]
S3 IZZIX;Driver for IZZIX Device;C:\XPFR\system32\Drivers\IZZIX.sys [2004-04-26 16:16]
S3 NPF;WinPcap Packet Driver (NPF);C:\XPFR\system32\drivers\NPF.sys [2007-11-19 05:31]
S3 PsSdk41;PsSdk41;C:\XPFR\system32\Drivers\pssdk41.sys [2008-05-09 09:13]
S3 SASPROT;Systweak AntiSpyware 2008;C:\Program Files\Systweak AntiSpyware\sasprot.sys [2008-05-06 16:54]
S3 SPECDriver;SPECDriver;C:\SPEC\SPECDriver\Server.exe [2007-09-21 10:29]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\XPFR\system32\DRIVERS\teamviewervpn.sys [2008-01-25 11:12]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028fcf54-f496-11db-8731-0019d2628d8d}]
\Shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028fcf55-f496-11db-8731-0019d2628d8d}]
\Shell\AutoRun\command - C:\XPFR\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{33bebdd5-0588-11dd-8750-0019d2628d8d}]
\Shell\AutoRun\command - C:\XPFR\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7106f286-20a2-11dc-856d-0019d2628d8d}]
\Shell\AutoRun\command - C:\XPFR\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL antihost.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed1d6142-fd35-11db-8519-fdec08147a23}]
\Shell\AutoRun\command - EXPLORER.EXE
\Shell\explore\Command - EXPLORER.EXE
\Shell\open\Command - EXPLORER.EXE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-24 13:22:49 C:\XPFR\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-03 09:06:43 C:\XPFR\Tasks\Systweak AntiSpyware 2008 Update Checker.job"
- C:\Program Files\Systweak AntiSpyware\AntiSpyware.exe
"2008-06-02 15:55:09 C:\XPFR\Tasks\Systweak AntiSpyware 2008.job"
- C:\Program Files\Systweak AntiSpyware\AntiSpyware.ex
- C:\Program Files\Systweak AntiSpyware\
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-03 14:53:13
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASFWHide]
"ImagePath"="\??\C:\DOCUME~1\TECHNI~1\LOCALS~1\Temp\ASFWHide"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\XPFR\system32\wdfmgr.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\JScan\GestServ\Exportador.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-03 14:58:57 - machine was rebooted [technicom1]
ComboFix-quarantined-files.txt 2008-06-03 12:58:54
Pre-Run: 50,916,442,112 octets libres
Post-Run: 52,003,880,960 octets libres
275 --- E O F --- 2008-05-28 15:58:52
|
|
|
|
|
|
|
Passe un coup de MalwareBytes et nettoie tout ce qu'il trouve
Aide : http://www.site-naheulbeuk.com/malwarebytes.php
Post moi le rapport généré à la fin dans ta prochaine réponse 
|
|
|
|
|
Malwarebytes' Anti-Malware 1.14
Version de la base de données: 800
16:22:32 03/06/2008
mbam-log-6-3-2008 (16-22-31).txt
Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 154588
Temps écoulé: 47 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 15
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll (Trojan.BHO) -> No action taken.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18cb1a7b-94cd-4582-8022-ada16851e44b} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\absolutetransfer.absolutetransfer.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{8b8df25f-2c47-4473-8e1c-7f54ac7ef481} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7c4bcd17-bdba-4078-9d8c-8ca8b7eabe77} (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> No action taken.
HKEY_CLASSES_ROOT\atfxqogp.bsox (Trojan.FakeAlert) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} (Trojan.Zlob) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Program Files\VirusRanger (Rogue.Virus.Ranger) -> No action taken.
C:\Program Files\WinAnonymous (Rogue.WinAnonymous) -> No action taken.
C:\Program Files\Fichiers communs\WinAnonymous (Rogue.WinAnonymous) -> No action taken.
C:\Documents and Settings\All Users.XPFR\Application Data\WinAnonymous (Rogue.WinAnonymous) -> No action taken.
C:\Documents and Settings\technicom1\Application Data\WinAnonymous (Rogue.WinAnonymous) -> No action taken.
C:\Documents and Settings\technicom1\Application Data\WinAnonymous\Logs (Rogue.WinAnonymous) -> No action taken.
Fichier(s) infecté(s):
C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll (Trojan.BHO) -> No action taken.
C:\System Volume Information\_restore{7E6D0EE9-9025-4B39-A3F9-EC203FD1382C}\RP212\A0045311.dll (Rogue.VirusRanger) -> No action taken.
C:\System Volume Information\_restore{7E6D0EE9-9025-4B39-A3F9-EC203FD1382C}\RP212\A0045312.dll (Rogue.VirusRanger) -> No action taken.
C:\System Volume Information\_restore{7E6D0EE9-9025-4B39-A3F9-EC203FD1382C}\RP212\A0045319.exe (Rogue.VirusRanger) -> No action taken.
C:\System Volume Information\_restore{7E6D0EE9-9025-4B39-A3F9-EC203FD1382C}\RP213\A0046387.exe (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{7E6D0EE9-9025-4B39-A3F9-EC203FD1382C}\RP213\A0046809.dll (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{7E6D0EE9-9025-4B39-A3F9-EC203FD1382C}\RP213\A0046816.dll (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{7E6D0EE9-9025-4B39-A3F9-EC203FD1382C}\RP225\A0048585.exe (Rogue.Multiple) -> No action taken.
C:\System Volume Information\_restore{7E6D0EE9-9025-4B39-A3F9-EC203FD1382C}\RP225\A0048588.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{A7F34CE2-F250-4F07-B84E-57598B1E1E87}\RP14\A0003821.exe (Rogue.Installer) -> No action taken.
C:\Program Files\VirusRanger\result.lst (Rogue.Virus.Ranger) -> No action taken.
C:\Program Files\WinAnonymous\config.ini (Rogue.WinAnonymous) -> No action taken.
C:\Documents and Settings\All Users.XPFR\Application Data\WinAnonymous\Abbr (Rogue.WinAnonymous) -> No action taken.
C:\Documents and Settings\All Users.XPFR\Application Data\WinAnonymous\prod_code (Rogue.WinAnonymous) -> No action taken.
C:\Documents and Settings\technicom1\Application Data\WinAnonymous\Logs\update.log (Rogue.WinAnonymous) -> No action taken.
|
|
|
|
|
|
tu as bien tout nettoyé ? sinon fais-le, puis post moi un nouveau rapport hijackthis stp
|
|
|
|
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:47:58, on 03/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\XPFR\System32\smss.exe
C:\XPFR\system32\winlogon.exe
C:\XPFR\system32\services.exe
C:\XPFR\system32\lsass.exe
C:\XPFR\system32\svchost.exe
C:\XPFR\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\XPFR\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SPEC\CS-Time\csTime.exe
C:\JScan\GestServ\GPExport.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\XPFR\system32\hkcmd.exe
C:\XPFR\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\JScan\bin\servicio.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\XPFR\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\SPEC\netTime\netTime.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\XPFR\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\XPFR\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\XPFR\explorer.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\ClamWin\bin\OlAddin.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\XPFR\system32\calc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\technicom1\Mes documents\HiJackThis.exe
C:\JScan\gestserv\Exportador.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.01net.com/telecharger/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AbsoluteTransfer module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O3 - Toolbar: atfxqogp - {0F4B2766-03E3-4ADD-B91D-77B06FC9B603} - C:\XPFR\atfxqogp.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\XPFR\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\XPFR\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\XPFR\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [igfxtray] C:\XPFR\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\XPFR\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\XPFR\system32\igfxpers.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\FR\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=042508 serial=DR12CET-7480327-QHL lang=FR
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKCU\..\Run: [CTFMON.EXE] C:\XPFR\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\XPFR\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\XPFR\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\XPFR\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\XPFR\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute 2008\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\XPFR\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\XPFR\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{144E6A19-D1FA-40A1-8CFB-22CC6CA173A0}: NameServer = 193.95.66.10
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7E928E1-EA34-4A59-818C-9FFD616DE5B6}: NameServer = 193.95.93.77,193.95.66.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{144E6A19-D1FA-40A1-8CFB-22CC6CA173A0}: NameServer = 193.95.66.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{144E6A19-D1FA-40A1-8CFB-22CC6CA173A0}: NameServer = 193.95.66.10
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CS-Time Server (csTime) - SPEC, S.A. - C:\Program Files\SPEC\CS-Time\csTime.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GPExport - Unknown owner - C:\JScan\GestServ\GPExport.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: JScan - Unknown owner - C:\JScan\bin\servicio.exe
O23 - Service: netTime Server (netTime) - SPEC, S.A. - C:\Program Files\SPEC\netTime\netTime.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SPECDriver - SPEC, S.A. - C:\SPEC\SPECDriver\Server.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
--
End of file - 11949 bytes
|
|
|
|
|
re,
fais ceci dans l'ordre et en entier :
Note: Cette procédure a été créée spécifiquement pour cet utilisateur ! Si vous n'êtes pas cet utilisateur en question, ne suivez pas ces instructions au risque d'endommager votre PC !!!
1/ relance hijackthis et coche les cases devant ces lignes (si présentes) :
O2 - BHO: AbsoluteTransfer module - {18CB1A7B-94CD-4582-8022-ADA16851E44B} - C:\Program Files\AbsoluteTransfer\AbsoluteTransfer.dll
O3 - Toolbar: (no name) - {51D81DD5-55B7-497F-95DB-D356429BB54E} - (no file)
O3 - Toolbar: atfxqogp - {0F4B2766-03E3-4ADD-B91D-77B06FC9B603} - C:\XPFR\atfxqogp.dll (file missing)
O4 - HKCU\..\Run: [WinSpywareProtect (ver. 5.1)] "C:\Documents and Settings\All Users.XPFR\Application Data\Adsl Software Limited\WinSpywareProtect\WinSpywareProtect.exe" /autorun
Puis ferme toutes les autres fenêtres autres que hijackthis et clic sur "fix checked"
2/ ferme hijackthis
3/ Fais un scan BitDefender en ligne (avec Internet Explorer pas avec Firefox !)
(clique à gauche sur scan online).
et post moi le rapport de ce scan ici une fois terminé !
Guide d'utilisation de Bitdefender en ligne (merci Bruce Lee) : http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm
|
|
|
1
|
|
|
|
Ma machine tourne sous vista donc j'ai utilisé combo fix. Mais pour le reste je ne sais pas ce qu'il faut faire après 
