|
|
Auteur
|
Message
|
1
|
|
|
|
BOnjour a tous...
J'ai, depuis 3 jours maintenant, un drole de probleme. j'ai le sentiment que c'est un virus, car mes scans fait avec avast! et spybot S&D me détecte a chaque fois des virus (chaque jour)...
De plus, des pages internet explorer s'ouvrent avec des pubs...c'est vraiment énervant...
Mais le plus embetant reste que beaucoup de pages (notemment les sites forumactifs, ect...) ne s'ouvre plus... Les navigateurs cherchent la page mais pendant des heures!!! j'ai essayer sous IE et MF...
J'ai appelé un ami qui a exactement le meme problème 
Donc voila, si vous pouviez me conseiller ce serait tres gentil.
Merci a vous.
Stitry!
EDIT : Nouveau !! maintenant j'ai régulierement un message qui s'affiche et qui me dit que explorer.exe a planté. Et explorer se relance...c'est assez embetant pendant que je travaille sur mon pc... 
-->Message édité par stitry le 14/06/2008 19:44:54<--
|
|
|
|
|
Télécharge HijackThis v2.0.2
==>Lien et Tuto ici<==
# Suis les indications et poste le rapport obtenu dans ton prochain message.
|
|
|
|
|
merci de prendre mon probleme en considération !!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:20:02, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\QdrPack\QdrPack16.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\stitry\Bureau\téléchargements\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ogame.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [f4b6685c] rundll32.exe "C:\WINDOWS\system32\jblbfihv.dll",b
O4 - HKLM\..\Run: [BMf7855bc0] Rundll32.exe "C:\WINDOWS\system32\feeitcpv.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA699] command /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7314] cmd /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5556] command /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9393] cmd /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6811] command /c del "C:\WINDOWS\b156.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1430] cmd /c del "C:\WINDOWS\b156.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA382] command /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3664] cmd /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\stitry\Application Data\Microsoft\Windows\ajxba.exe
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [Ubmb] "C:\WINDOWS\system32\SMANTE~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Qgtus] "C:\Program Files\??crosoft.NET\n?pdb.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 11353 bytes
|
|
|
|
|
Affiche les Fichiers cachés de XP >>> Pour afficher les fichiers cachés de XP
Télécharge ComboFix de sUBs sur ton Bureau et pas ailleurs
# Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.
# Double clique sur Combofix.exe et suis les instructions.
/!\ Laisse le travailler et ne l'interromps surtout pas /!\
Quand il aura fini, il va généré un log. Poste le rapport dans ta prochaine réponse avec un nouveau log Hijackthis.
Note :
# Ne pas cliquer dans la fenêtre de combofix durant le passage de l'outils.
# Le rapport se trouve également ici : C:\Combofix.txt
# N'oublie pas de réactiver tes protections !!!
|
|
|
|
|
D'accord...
donc voici les deux rapports...
ComboFix 08-06-07.3 - stitry 2008-06-08 18:41:47.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.474 [GMT 2:00]
Endroit: C:\Documents and Settings\stitry\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\stitry\Application Data\SpeedRunner
C:\Documents and Settings\stitry\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\stitry\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\stitry\Menu Démarrer\Programmes\Internet Speed Monitor
C:\Documents and Settings\stitry\Menu Démarrer\Programmes\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\stitry\Menu Démarrer\Programmes\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\crosof~1.net
C:\Program Files\ISM
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\JavaCore
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dictys.gz
C:\Program Files\QdrPack\QdrPack16.exe
C:\Program Files\QdrPack\trgtys.gz
C:\Program Files\Spcron
C:\Program Files\Spcron\Spc.dll
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Program Files\Temporary\inPV.exe
C:\WINDOWS\BMf7855bc0.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ddnbktvx.dll
C:\WINDOWS\system32\hkQBcMoq.ini
C:\WINDOWS\system32\hkQBcMoq.ini2
C:\WINDOWS\system32\jblbfihv.dll
C:\WINDOWS\system32\jfabbqgy.dll
C:\WINDOWS\system32\jlufeucv.ini
C:\WINDOWS\system32\kmdieekv.ini
C:\WINDOWS\system32\ldyixjbw.dll
C:\WINDOWS\system32\ltandari.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\NmSDMUvw.ini
C:\WINDOWS\system32\NmSDMUvw.ini2
C:\WINDOWS\system32\nTCKkUvw.ini
C:\WINDOWS\system32\nTCKkUvw.ini2
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\smante~1\S?mantec\
C:\WINDOWS\system32\tuvVllmM.dll
C:\WINDOWS\system32\vhifblbj.ini
C:\WINDOWS\system32\vkeeidmk.dll
C:\WINDOWS\system32\xwEhPqss.ini
C:\WINDOWS\system32\xwEhPqss.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))))))))
.
2008-06-08 13:21 . 2008-06-08 13:21 96,256 --a------ C:\WINDOWS\system32\noccrkme.dll
2008-06-08 13:18 . 2008-06-08 13:18 281,088 --a------ C:\WINDOWS\system32\wvUkKCTn.dll
2008-06-08 13:18 . 2008-06-08 13:18 91,648 --a------ C:\WINDOWS\system32\feeitcpv.dll
2008-06-07 15:09 . 2008-06-07 15:09 82,944 --a------ C:\WINDOWS\system32\iradnatl.dll
2008-06-07 14:57 . 2008-06-07 14:57 91,136 --a------ C:\WINDOWS\system32\qebmvrny.dll
2008-06-07 14:00 . 2008-06-07 14:00 281,088 --------- C:\WINDOWS\system32\wvUMDSmN.dll_old
2008-06-07 00:06 . 2008-06-07 14:54 629 --a------ C:\WINDOWS\wininit.ini
2008-06-06 23:29 . 2008-06-06 23:29 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-06 23:29 . 2008-06-07 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 20:50 . 2008-06-06 20:50 <REP> d-------- C:\Program Files\Alwil Software
2008-06-06 19:25 . 2008-06-06 19:25 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-06-06 19:25 . 2008-06-06 19:25 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-06-05 21:13 . 2005-06-15 03:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-06-05 13:57 . 2008-06-06 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-05 13:05 . 2008-06-05 13:05 12,288 --a------ C:\vwhfxvxv.exe
2008-06-05 13:02 . 2008-06-05 13:02 12,800 --a------ C:\flciijjq.exe
2008-05-11 14:49 . 2008-05-11 14:52 <REP> d-------- C:\Program Files\Real Desktop
2008-05-09 02:37 . 2008-05-09 02:37 <REP> d-------- C:\Documents and Settings\stitry\Application Data\teamspeak2
2008-05-09 02:37 . 2008-05-09 02:37 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-05-09 02:36 . 2008-05-09 02:37 <REP> d-------- C:\Program Files\Teamspeak2_RC2
2008-05-08 23:36 . 2008-05-09 02:38 <REP> d-------- C:\Program Files\Fake Webcam
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-08 16:37 --------- d-----w C:\Documents and Settings\stitry\Application Data\DMCache
2008-06-08 12:00 --------- d-----w C:\Program Files\Steam
2008-06-07 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-05 12:42 --------- d-----w C:\Documents and Settings\stitry\Application Data\IDM
2008-05-29 21:23 --------- d-----w C:\Documents and Settings\stitry\Application Data\Azureus
2008-05-21 13:25 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-05-20 18:36 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-01 09:37 --------- d-----w C:\Program Files\Celtx
2008-04-23 22:24 --------- d-----w C:\Program Files\SpeedFan
2008-04-23 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 16:47 --------- d-----w C:\Program Files\DivX
2008-04-23 15:38 --------- d-----w C:\Documents and Settings\stitry\Application Data\Greyfirst
2008-04-23 11:29 --------- d-----w C:\Program Files\LucasArts
2008-04-23 08:00 --------- d-----w C:\Program Files\NFO viewer
2008-04-23 07:52 --------- d-----w C:\Program Files\Azureus
2008-04-22 12:36 --------- d-----w C:\Program Files\QuickTime
2008-04-22 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-22 12:32 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-22 12:22 --------- d-----w C:\Program Files\SuperCopier2
2008-04-22 11:57 --------- d-----w C:\Program Files\EPSON
2008-04-22 10:34 --------- d-----w C:\Program Files\Pure Networks
2008-04-22 10:34 --------- d-----w C:\Program Files\Fichiers communs\Pure Networks Shared
2008-04-22 10:34 --------- d-----w C:\Program Files\DIFX
2008-04-22 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-20 18:59 --------- d-----w C:\Program Files\FXhome VisionLab Studio
2008-04-20 18:38 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-04-20 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-20 18:37 --------- d-----w C:\Program Files\backburner 2
2008-04-20 18:27 --------- d-----w C:\Program Files\FXhome CompositeLab Pro
2008-04-20 12:42 --------- d-----w C:\Program Files\particleIllusion_3
2008-04-19 15:22 --------- d-----w C:\Program Files\turbo squid tentacles
2008-04-19 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-19 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-18 15:33 --------- d-----w C:\Program Files\7-Zip
2008-04-18 14:34 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-16 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-16 15:04 --------- d-----w C:\Program Files\Autodesk
2008-04-16 14:42 --------- d-----w C:\Documents and Settings\stitry\Application Data\Autodesk
2008-04-14 20:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-13 18:27 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-04-13 18:26 --------- d-----w C:\Program Files\Macromedia
2008-04-09 21:13 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-23 11:26 22,328 ----a-w C:\Documents and Settings\stitry\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CA15E7B-A63B-4952-8085-A1E6D90745C2}]
2008-06-08 13:18 281088 --a------ C:\WINDOWS\system32\wvUkKCTn.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5703AAFA-1C4E-42E9-8F03-9E15A1AF8011}]
C:\WINDOWS\system32\ssqPhEwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2C1C444-A9D8-42C6-A273-CA9ED3BE4436}]
C:\WINDOWS\system32\wvUMDSmN.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C83F6149-4782-4DAB-A478-96F195A376A2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E646F3EC-F5D6-466E-884D-2BFC7D89BE99}]
C:\WINDOWS\system32\qoMcBQkh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 18:03 1271032]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-12-21 15:22 2573744]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"QdrPack16"="C:\Program Files\QdrPack\QdrPack16.exe" [ ]
"Ubmb"="C:\WINDOWS\system32\SMANTE~1\javaw.exe" [ ]
"Qgtus"="C:\Program Files\??crosoft.NET\n?pdb.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2947"="command /c del C:\Program Files\Outerinfo\FF\install.rdf" [ ]
"SpybotDeletingD2555"="cmd /c del C:\Program Files\Outerinfo\FF\install.rdf" [ ]
"SpybotDeletingB648"="command /c del C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt" [ ]
"SpybotDeletingD3218"="cmd /c del C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt" [ ]
"SpybotDeletingB5033"="command /c del C:\WINDOWS\b156.exe_old" [ ]
"SpybotDeletingD1822"="cmd /c del C:\WINDOWS\b156.exe_old" [ ]
"SpybotDeletingB7421"="command /c del C:\WINDOWS\system32\ssqPhEwx.dll_old" [ ]
"SpybotDeletingD2539"="cmd /c del C:\WINDOWS\system32\ssqPhEwx.dll_old" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-10-09 09:36 8527872]
"nwiz"="nwiz.exe" [2007-10-09 09:36 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-10-09 09:36 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43 331776]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 02:26 406016]
"HyperappelPL2003"="C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe" [2002-07-08 12:06 114688]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-09-21 13:22 73728]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2005-06-13 03:30 192512]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 15:42 321088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"BMf7855bc0"="C:\WINDOWS\system32\feeitcpv.dll" [2008-06-08 13:18 91648]
"f4b6685c"="C:\WINDOWS\system32\vcuefulj.dll" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA6811"="command /c del C:\WINDOWS\b156.exe_old" [ ]
"SpybotDeletingC1430"="cmd /c del C:\WINDOWS\b156.exe_old" [ ]
"SpybotDeletingA382"="command /c del C:\WINDOWS\system32\ssqPhEwx.dll_old" [ ]
"SpybotDeletingC3664"="cmd /c del C:\WINDOWS\system32\ssqPhEwx.dll_old" [ ]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 14:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tuvVllmM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\PacSteamT\\SteamApps\\brandon_fucked\\condition zero\\hl.exe"=
"C:\\Valve\\Condition Zero\\CZero.exe"=
"C:\\Program Files\\Steam\\SteamApps\\lemaitredestenebr\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:Service de découverte DHCP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 22:04]
S3 ALSysIO;ALSysIO;C:\DOCUME~1\stitry\LOCALS~1\Temp\ALSysIO.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-25 23:22]
S3 gUSBSTOi;gUSBSTOi;C:\DOCUME~1\stitry\LOCALS~1\Temp\gUSBSTOi.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81859398-e324-11dc-aae0-b8ef9ca4ae4e}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-22 12:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 18:51:23
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\system32\PerfStringBackup.TMP 1231124 bytes
Scan termin‚ avec succŠs
Les fichiers cach‚s: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\stitry\LOCALS~1\Temp\mc211.tmp"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\feeitcpv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-08 19:00:18 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-08 17:00:08
Pre-Run: 40,555,864,064 octets libres
Post-Run: 42,768,293,888 octets libres
280 --- E O F --- 2008-05-28 20:16:18
--------
Autre rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:02:15, on 08/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\stitry\Bureau\téléchargements\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ogame.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BMf7855bc0] Rundll32.exe "C:\WINDOWS\system32\feeitcpv.dll",s
O4 - HKLM\..\Run: [f4b6685c] rundll32.exe "C:\WINDOWS\system32\vcuefulj.dll",b
O4 - HKLM\..\RunOnce: [SpybotDeletingA6811] command /c del "C:\WINDOWS\b156.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1430] cmd /c del "C:\WINDOWS\b156.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA382] command /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3664] cmd /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [Ubmb] "C:\WINDOWS\system32\SMANTE~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Qgtus] "C:\Program Files\??crosoft.NET\n?pdb.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2947] command /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2555] cmd /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB648] command /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3218] cmd /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5033] command /c del "C:\WINDOWS\b156.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1822] cmd /c del "C:\WINDOWS\b156.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7421] command /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2539] cmd /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 11301 bytes
|
|
|
|
|
Ya eu pas mal de ménage deja !!!
Execute alors un scan avec Malwarebyte's Anti-Malware (anti malware recommandé )
==>Lien et Tuto ici<==
# Suis les indications et poste le rapport obtenu d
|
|
|
|
|
Malwarebytes' Anti-Malware 1.15
Version de la base de données: 841
23:26:55 08/06/2008
mbam-log-6-8-2008 (23-26-55).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 197799
Temps écoulé: 1 hour(s), 4 minute(s), 55 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 12
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 31
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ogovmito.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\WINDOWS\system32\wvUkKCTn.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5862e0c5-9829-43a4-a080-089a502aaa8f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{5862e0c5-9829-43a4-a080-089a502aaa8f} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{f9fa603d-697c-4900-a950-e54f08324a24} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Spcron (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\nmwegbsf.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\f4b6685c (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMf7855bc0 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvukkctn -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\wvukkctn -> Delete on reboot.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\ogovmito.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\otimvogo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wvUkKCTn.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\nTCKkUvw.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nTCKkUvw.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\srff.dll (Adware.SurfAccuracy) -> Delete on reboot.
C:\QooBox\Quarantine\C\Documents and Settings\stitry\Application Data\SpeedRunner\SRUninstall.exe.vir (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\ISM\Uninstall.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\JavaCore\UnInstall.exe.vir (Adware.Insider) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\QdrPack\QdrPack16.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Spcron\Spc.dll.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Temporary\inPV.exe.vir (Trojan.BHO) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tuvVllmM.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vkeeidmk.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP154\A0068546.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP154\A0068564.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP154\A0068565.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP154\A0068566.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP155\A0068590.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP156\A0068800.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP156\A0068801.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP156\A0068802.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP156\A0068803.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP156\A0068804.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP156\A0068810.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP156\A0068811.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{51333EDE-7EA7-4B41-B697-02CA524F06C5}\RP156\A0068819.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\xtrveeri.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\flciijjq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iradnatl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
|
|
|
|
|
|
|
c'est fait, voici les rapport de combofix et hijackthis...
ComboFix 08-06-07.3 - stitry 2008-06-09 19:25:19.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.496 [GMT 2:00]
Endroit: C:\Documents and Settings\stitry\Bureau\ComboFix.exe
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\nTCKkUvw.ini
C:\WINDOWS\system32\nTCKkUvw.ini2
C:\WINDOWS\system32\ogovmito.dll
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-09 to 2008-06-09 ))))))))))))))))))))))))))))))))))))
.
2008-06-08 21:55 . 2008-06-08 21:55 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-08 21:55 . 2008-06-08 21:55 <REP> d-------- C:\Documents and Settings\stitry\Application Data\Malwarebytes
2008-06-08 21:55 . 2008-06-08 21:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-08 21:55 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-08 21:55 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-08 19:03 . 2008-06-08 19:03 96,256 --a------ C:\WINDOWS\system32\qqdctenr.dll
2008-06-08 18:52 . 2008-06-08 18:52 0 --a------ C:\WINDOWS\BMf7855bc0.xml
2008-06-08 13:21 . 2008-06-08 13:21 96,256 --a------ C:\WINDOWS\system32\noccrkme.dll
2008-06-08 13:18 . 2008-06-08 23:26 281,088 --------- C:\WINDOWS\system32\wvUkKCTn.dll
2008-06-08 13:18 . 2008-06-08 13:18 91,648 --a------ C:\WINDOWS\system32\feeitcpv.dll
2008-06-07 14:57 . 2008-06-07 14:57 91,136 --a------ C:\WINDOWS\system32\qebmvrny.dll
2008-06-07 14:00 . 2008-06-07 14:00 281,088 --------- C:\WINDOWS\system32\wvUMDSmN.dll_old
2008-06-07 00:06 . 2008-06-07 14:54 629 --a------ C:\WINDOWS\wininit.ini
2008-06-06 23:29 . 2008-06-06 23:29 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-06 23:29 . 2008-06-07 00:04 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-06 20:50 . 2008-06-06 20:50 <REP> d-------- C:\Program Files\Alwil Software
2008-06-06 19:25 . 2008-06-06 19:25 13,502 --a------ C:\WINDOWS\system32\JambaIconFR.ico
2008-06-06 19:25 . 2008-06-06 19:25 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconFR.ico
2008-06-05 21:13 . 2005-06-15 03:00 102,400 --a------ C:\WINDOWS\system32\tsccvid.dll
2008-06-05 13:57 . 2008-06-06 18:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-06-05 13:05 . 2008-06-05 13:05 12,288 --a------ C:\vwhfxvxv.exe
2008-05-11 14:49 . 2008-05-11 14:52 <REP> d-------- C:\Program Files\Real Desktop
2008-05-09 02:37 . 2008-05-09 02:37 <REP> d-------- C:\Documents and Settings\stitry\Application Data\teamspeak2
2008-05-09 02:37 . 2008-05-09 02:37 34,064 --a------ C:\WINDOWS\system32\lhacm.acm
2008-05-09 02:36 . 2008-05-09 02:37 <REP> d-------- C:\Program Files\Teamspeak2_RC2
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 17:57 --------- d-----w C:\Program Files\Steam
2008-06-09 17:57 --------- d-----w C:\Documents and Settings\stitry\Application Data\DMCache
2008-06-07 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-05 12:42 --------- d-----w C:\Documents and Settings\stitry\Application Data\IDM
2008-05-29 21:23 --------- d-----w C:\Documents and Settings\stitry\Application Data\Azureus
2008-05-21 13:25 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-05-20 18:36 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-09 00:38 --------- d-----w C:\Program Files\Fake Webcam
2008-05-01 09:37 --------- d-----w C:\Program Files\Celtx
2008-04-23 22:24 --------- d-----w C:\Program Files\SpeedFan
2008-04-23 21:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-23 16:47 --------- d-----w C:\Program Files\DivX
2008-04-23 15:38 --------- d-----w C:\Documents and Settings\stitry\Application Data\Greyfirst
2008-04-23 11:29 --------- d-----w C:\Program Files\LucasArts
2008-04-23 08:00 --------- d-----w C:\Program Files\NFO viewer
2008-04-23 07:52 --------- d-----w C:\Program Files\Azureus
2008-04-22 12:36 --------- d-----w C:\Program Files\QuickTime
2008-04-22 12:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-22 12:32 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 12:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-22 12:22 --------- d-----w C:\Program Files\SuperCopier2
2008-04-22 11:57 --------- d-----w C:\Program Files\EPSON
2008-04-22 10:34 --------- d-----w C:\Program Files\Pure Networks
2008-04-22 10:34 --------- d-----w C:\Program Files\Fichiers communs\Pure Networks Shared
2008-04-22 10:34 --------- d-----w C:\Program Files\DIFX
2008-04-22 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pure Networks
2008-04-20 18:59 --------- d-----w C:\Program Files\FXhome VisionLab Studio
2008-04-20 18:38 --------- d-----w C:\Program Files\Fichiers communs\Autodesk Shared
2008-04-20 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-04-20 18:37 --------- d-----w C:\Program Files\backburner 2
2008-04-20 18:27 --------- d-----w C:\Program Files\FXhome CompositeLab Pro
2008-04-20 12:42 --------- d-----w C:\Program Files\particleIllusion_3
2008-04-19 15:22 --------- d-----w C:\Program Files\turbo squid tentacles
2008-04-19 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-19 11:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-18 15:33 --------- d-----w C:\Program Files\7-Zip
2008-04-18 14:34 --------- d-----w C:\Program Files\MSXML 6.0
2008-04-16 15:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-16 15:04 --------- d-----w C:\Program Files\Autodesk
2008-04-16 14:42 --------- d-----w C:\Documents and Settings\stitry\Application Data\Autodesk
2008-04-14 20:15 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-13 18:27 --------- d-----w C:\Program Files\Fichiers communs\Macromedia
2008-04-13 18:26 --------- d-----w C:\Program Files\Macromedia
2008-04-09 21:13 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-23 11:26 22,328 ----a-w C:\Documents and Settings\stitry\Application Data\PnkBstrK.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-08_18.59.52.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-08 16:50:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-09 17:31:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-08 11:17:33 88,786 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-09 17:35:24 88,786 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-08 11:17:34 107,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-06-09 17:35:24 107,616 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-06-08 11:17:34 470,866 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-09 17:35:24 470,866 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-08 11:17:34 546,632 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-09 17:35:24 546,632 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-06-09 17:31:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5c8.dat
+ 2008-06-09 17:31:21 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ec.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5703AAFA-1C4E-42E9-8F03-9E15A1AF8011}]
C:\WINDOWS\system32\ssqPhEwx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5862E0C5-9829-43A4-A080-089A502AAA8F}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2C1C444-A9D8-42C6-A273-CA9ED3BE4436}]
C:\WINDOWS\system32\wvUMDSmN.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da611fdf-a71c-4d83-aa1c-aaf6df75b011}]
2008-06-08 19:03 96256 --a------ C:\WINDOWS\system32\qqdctenr.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E646F3EC-F5D6-466E-884D-2BFC7D89BE99}]
C:\WINDOWS\system32\qoMcBQkh.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 18:03 1271032]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2007-12-21 15:22 2573744]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
"QdrPack16"="C:\Program Files\QdrPack\QdrPack16.exe" [ ]
"Ubmb"="C:\WINDOWS\system32\SMANTE~1\javaw.exe" [ ]
"Qgtus"="C:\Program Files\??crosoft.NET\n?pdb.exe" [ ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB2947"="command /c del C:\Program Files\Outerinfo\FF\install.rdf" [ ]
"SpybotDeletingD2555"="cmd /c del C:\Program Files\Outerinfo\FF\install.rdf" [ ]
"SpybotDeletingB648"="command /c del C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt" [ ]
"SpybotDeletingD3218"="cmd /c del C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt" [ ]
"SpybotDeletingB5033"="command /c del C:\WINDOWS\b156.exe_old" [ ]
"SpybotDeletingD1822"="cmd /c del C:\WINDOWS\b156.exe_old" [ ]
"SpybotDeletingB7421"="command /c del C:\WINDOWS\system32\ssqPhEwx.dll_old" [ ]
"SpybotDeletingD2539"="cmd /c del C:\WINDOWS\system32\ssqPhEwx.dll_old" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2007-10-09 09:36 8527872]
"nwiz"="nwiz.exe" [2007-10-09 09:36 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2007-10-09 09:36 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 21:43 331776]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2004-03-11 02:26 406016]
"HyperappelPL2003"="C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe" [2002-07-08 12:06 114688]
"USB2Check"="C:\WINDOWS\system32\PCLECoInst.dll" [2004-09-21 13:22 73728]
"USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2005-06-13 03:30 192512]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"nmapp"="C:\Program Files\Pure Networks\Network Magic\nmapp.exe" [2007-03-14 15:42 321088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"f4b6685c"="C:\WINDOWS\system32\vcuefulj.dll" [ ]
"BMf7855bc0"="C:\WINDOWS\system32\feeitcpv.dll" [2008-06-08 13:18 91648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingA6811"="command /c del C:\WINDOWS\b156.exe_old" [ ]
"SpybotDeletingC1430"="cmd /c del C:\WINDOWS\b156.exe_old" [ ]
"SpybotDeletingA382"="command /c del C:\WINDOWS\system32\ssqPhEwx.dll_old" [ ]
"SpybotDeletingC3664"="cmd /c del C:\WINDOWS\system32\ssqPhEwx.dll_old" [ ]
"SpybotSnD"="C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" [2008-01-28 11:43 5146448]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 17:09 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-03-13 14:11 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\graw.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"C:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\French\\setup.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\PacSteamT\\SteamApps\\brandon_fucked\\condition zero\\hl.exe"=
"C:\\Valve\\Condition Zero\\CZero.exe"=
"C:\\Program Files\\Steam\\SteamApps\\lemaitredestenebr\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2008\\3dsmax.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:Service de découverte DHCP
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 Camdrv30;Philips ToUcam XS;C:\WINDOWS\system32\Drivers\camdrv30.sys [2001-08-17 22:04]
S3 ALSysIO;ALSysIO;C:\DOCUME~1\stitry\LOCALS~1\Temp\ALSysIO.sys []
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-02-25 23:22]
S3 gUSBSTOi;gUSBSTOi;C:\DOCUME~1\stitry\LOCALS~1\Temp\gUSBSTOi.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81859398-e324-11dc-aae0-b8ef9ca4ae4e}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-22 12:33:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-09 19:56:37
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
C:\WINDOWS\pskt.ini 22 bytes
Scan termin‚ avec succŠs
Les fichiers cach‚s: 1
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\stitry\LOCALS~1\Temp\mc22B.tmp"
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\feeitcpv.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\MediaServer\PMSHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-06-09 20:03:54 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 18:03:44
ComboFix2.txt 2008-06-08 17:00:19
Pre-Run: 42,998,956,032 octets libres
Post-Run: 42,974,818,304 octets libres
261 --- E O F --- 2008-05-28 20:16:18
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:09, on 2008-06-09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\program files\steam\steam.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\stitry\Bureau\téléchargements\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ogame.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5703AAFA-1C4E-42E9-8F03-9E15A1AF8011} - C:\WINDOWS\system32\ssqPhEwx.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {B2C1C444-A9D8-42C6-A273-CA9ED3BE4436} - C:\WINDOWS\system32\wvUMDSmN.dll (file missing)
O2 - BHO: {110b57fd-6faa-c1aa-38d4-c17afdf116ad} - {da611fdf-a71c-4d83-aa1c-aaf6df75b011} - C:\WINDOWS\system32\qqdctenr.dll
O2 - BHO: (no name) - {E646F3EC-F5D6-466E-884D-2BFC7D89BE99} - C:\WINDOWS\system32\qoMcBQkh.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [HyperappelPL2003] C:\Program Files\Larousse\Petit Larousse 2003\bin\HiPL2002popup.exe
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [f4b6685c] rundll32.exe "C:\WINDOWS\system32\vcuefulj.dll",b
O4 - HKLM\..\Run: [BMf7855bc0] Rundll32.exe "C:\WINDOWS\system32\feeitcpv.dll",s
O4 - HKLM\..\RunOnce: [SpybotDeletingA6811] command /c del "C:\WINDOWS\b156.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1430] cmd /c del "C:\WINDOWS\b156.exe_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA382] command /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3664] cmd /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [QdrPack16] "C:\Program Files\QdrPack\QdrPack16.exe"
O4 - HKCU\..\Run: [Ubmb] "C:\WINDOWS\system32\SMANTE~1\javaw.exe" -vt yazb
O4 - HKCU\..\Run: [Qgtus] "C:\Program Files\??crosoft.NET\n?pdb.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2947] command /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2555] cmd /c del "C:\Program Files\Outerinfo\FF\install.rdf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB648] command /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3218] cmd /c del "C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5033] command /c del "C:\WINDOWS\b156.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1822] cmd /c del "C:\WINDOWS\b156.exe_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7421] command /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2539] cmd /c del "C:\WINDOWS\system32\ssqPhEwx.dll_old"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2008 32-bit 32-bit (mi-raysat_3dsMax2008_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2008\mentalray\satellite\raysat_3dsMax2008_32server.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
--
End of file - 12051 bytes
|
|
|
|
|
Sélectionne tout le texte dans le cadre ci-dessous et copie-colle le dans le bloc-notes:
File::
C:\WINDOWS\system32\qqdctenr.dll
C:\WINDOWS\BMf7855bc0.xml
C:\WINDOWS\system32\noccrkme.dll
C:\WINDOWS\system32\wvUkKCTn.dll
C:\WINDOWS\system32\feeitcpv.dll
C:\WINDOWS\system32\qebmvrny.dll
C:\WINDOWS\system32\wvUMDSmN.dll_old
C:\vwhfxvxv.exe
C:\WINDOWS\system32\vcuefulj.dll
Folder::
C:\Program Files\QdrPack\
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5703AAFA-1C4E-42E9-8F03-9E15A1AF8011}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5862E0C5-9829-43A4-A080-089A502AAA8F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B2C1C444-A9D8-42C6-A273-CA9ED3BE4436}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{da611fdf-a71c-4d83-aa1c-aaf6df75b011}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E646F3EC-F5D6-466E-884D-2BFC7D89BE99}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f4b6685c"=-
"BMf7855bc0"=-
# Sauvegarde ce fichier sous le nom de CFScript.txt sur ton bureau.
# Fais un glisser/déposer de l'icone de ce fichier CFScript sur l'icone de ComboFix comme sur la capture:
# Ne fenêtre bleue va apparaître
# Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
# Une fois le scan achevé, un rapport va s'afficher: Poste son contenu dans ta prochaine réponse.
# Si le fichier ne s'ouvre pas, il se trouve ici >>> C:\ComboFix.txt
|
|
|
| |
