Se connecter / S'enregistrer
Votre question

Pubs Itempestive + pas acces ctrl alt suppr ....

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Juillet 2009 23:23:08

salut
Je suis sous Xp sp3 et j'ai les symptômes suivants :
- Pubs intempestives (sans naviguer) (ad-xtende)
- Pas d'accès a regedit (n'existe pas)
- Pas d'accès a Ctrl alt supr (même avec clik droit sur barre des taches)
- Pas d'accès au mode sans échec (hll manquant !)

Scan virus en ligne + avast effectué. Virus trouvés mais pas résolu...
Anti malware affectué (Hijack + malwarebytes's) avec plusieurs erreurs trouvées mais non résolu



voici le log Hijack :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:04:04, on 03/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
G:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Razer\Krait\razerhid.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\lspvt32.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
G:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Bill2's Process Manager\ProcessManager.exe
G:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Razer\Krait\razerofa.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/m/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PimpFish Toolbar Opcode Handler - {29C88E20-4234-41B9-A9DB-982958C95FB1} - C:\Program Files\PimpFish\PimpFish.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: FloatBar Class - {75B1A646-CDCE-4C06-B52F-84F4463B4FC8} - C:\Program Files\PimpFish\FloatBar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: PimpFish - {D593DE91-7B41-45C2-830E-E9A99AB142AA} - C:\Program Files\PimpFish\PimpFish.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Krait] C:\Program Files\Razer\Krait\razerhid.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft ALU manager] C:\WINDOWS\system32\lspvt32.exe
O4 - HKLM\..\Run: [avgnt] "G:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HitmanPro35] "C:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [RGSC] G:\Gta 4\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Propriétaire\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ProcessManager] C:\Program Files\Bill2's Process Manager\ProcessManager.exe -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - J:\Mp3 amv\AMVConverter\grab.html
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.13\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - J:\Mp3 amv\MediaManager\grab.html
O8 - Extra context menu item: PimpFish - Saisir cette image - C:\Program Files\PimpFish\GRABPIC.HTM
O8 - Extra context menu item: PimpFish - Saisir le fichier cible - C:\Program Files\PimpFish\GRABLINK.HTM
O8 - Extra context menu item: PimpFish - Saisir les images auxquelles cette page est reliée - C:\Program Files\PimpFish\GRABPAGELINKS.HTM
O8 - Extra context menu item: PimpFish - Saisir les images sur cette page - C:\Program Files\PimpFish\GRABPAGEPICS.HTM
O8 - Extra context menu item: PimpFish - Saisir les vidéos sur cette page - C:\Program Files\PimpFish\GRABPAGEMOVIES.HTM
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - G:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - G:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8685 bytes


Log de Malwarebytes posté dans quelque instants ...
merci d'avance

Autres pages sur : pubs itempestive acces ctrl alt suppr

3 Juillet 2009 23:49:13

voici mon log malwarebytes :

Malwarebytes' Anti-Malware 1.38
Version de la base de données: 2369
Windows 5.1.2600 Service Pack 3

03/07/2009 23:47:19
mbam-log-2009-07-03 (23-47-19).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|)
Eléments examinés: 196559
Temps écoulé: 39 minute(s), 18 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
f:\system volume information\_restore{c05c538a-8e97-4515-ba33-b03d22330008}\rp270\A0075066.com (Spyware.OnlineGames) -> Quarantined and deleted successfully.
m
0
l
4 Juillet 2009 00:27:01

rapport combo fixe

ComboFix 09-07-03.03 - Propriétaire 04/07/2009 0:20.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.2046.1606 [GMT 2:00]
Lancé depuis: c:\documents and settings\Propriétaire\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-06-03 au 2009-07-03 ))))))))))))))))))))))))))))))))))))
.

2009-07-03 19:40 . 2009-07-03 19:40 12800 ----a-w- c:\windows\system32\bootdelete.exe
2009-07-03 19:36 . 2009-07-03 19:42 11904 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-07-03 19:36 . 2009-07-03 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2009-07-03 19:36 . 2009-07-03 19:36 -------- d-----w- c:\program files\Hitman Pro 3.5
2009-07-03 19:27 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 19:27 . 2009-07-03 19:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-03 19:27 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 19:27 . 2009-07-03 19:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 18:49 . 2009-07-03 18:49 -------- dc----w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-07-03 18:49 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-07-03 18:49 . 2009-03-24 14:07 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-03 18:49 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-07-03 18:49 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-07-03 18:49 . 2009-07-03 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-07-03 18:07 . 2009-07-03 18:07 -------- d-----w- c:\program files\RegEditX
2009-07-03 17:59 . 2009-07-03 18:03 -------- d-----w- c:\program files\Registry Easy
2009-07-03 17:48 . 2009-07-03 17:48 -------- d-----w- c:\program files\Bill2's Process Manager
2009-07-03 17:09 . 2001-08-17 19:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2009-07-03 17:09 . 2008-04-13 09:40 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2009-07-03 17:07 . 2001-08-17 18:50 75392 -c--a-w- c:\windows\system32\dllcache\s3savmxm.sys
2009-07-03 17:06 . 2001-08-17 19:52 49024 -c--a-w- c:\windows\system32\dllcache\ql1280.sys
2009-07-03 17:05 . 2001-08-23 15:47 42496 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-07-03 17:04 . 2001-08-17 18:50 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2009-07-03 17:03 . 2001-08-23 15:03 320384 -c--a-w- c:\windows\system32\dllcache\mgaum.sys
2009-07-03 17:02 . 2008-04-13 17:31 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2009-07-03 17:01 . 2001-08-17 19:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-07-03 17:00 . 2001-08-23 15:46 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2009-07-03 16:59 . 2001-08-17 18:19 40704 -c--a-w- c:\windows\system32\dllcache\es1371mp.sys
2009-07-03 16:58 . 2001-08-17 18:11 20928 -c--a-w- c:\windows\system32\dllcache\defpa.sys
2009-07-03 16:57 . 2001-08-17 19:12 10368 -c--a-w- c:\windows\system32\dllcache\brusbscn.sys
2009-07-03 16:56 . 2001-08-17 19:47 6272 -c--a-w- c:\windows\system32\dllcache\apmbatt.sys
2009-07-03 16:56 . 2008-04-13 07:35 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2009-07-03 16:56 . 2001-08-17 19:52 12032 -c--a-w- c:\windows\system32\dllcache\amsint.sys
2009-07-03 16:56 . 2001-08-17 18:11 16969 -c--a-w- c:\windows\system32\dllcache\amb8002.sys
2009-07-03 16:56 . 2001-08-17 20:07 56960 -c--a-w- c:\windows\system32\dllcache\aic78xx.sys
2009-07-03 16:56 . 2001-08-17 19:51 5248 -c--a-w- c:\windows\system32\dllcache\aliide.sys
2009-07-03 16:56 . 2001-08-17 19:49 26624 -c--a-w- c:\windows\system32\dllcache\alifir.sys
2009-07-03 16:56 . 2001-08-17 18:11 27678 -c--a-w- c:\windows\system32\dllcache\ali5261.sys
2009-07-03 16:56 . 2001-08-17 20:07 55168 -c--a-w- c:\windows\system32\dllcache\aic78u2.sys
2009-07-03 16:56 . 2001-08-17 19:52 12800 -c--a-w- c:\windows\system32\dllcache\aha154x.sys
2009-07-03 14:42 . 2009-07-03 14:42 -------- d-----w- c:\documents and settings\LocalService\Bureau
2009-07-03 14:37 . 2009-07-03 16:31 -------- d-----w- c:\program files\Lavasoft
2009-07-03 14:37 . 2009-07-03 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-03 13:29 . 2006-09-21 13:55 45056 ----a-w- c:\windows\system32\OgcDrvSuu.dll
2009-07-03 13:29 . 2006-09-21 13:51 49152 ----a-w- c:\windows\system32\OgcDrvSilva.dll
2009-07-03 13:29 . 2006-09-21 13:51 61440 ----a-w- c:\windows\system32\OgcDrvSena.dll
2009-07-03 13:29 . 2006-09-21 13:51 49152 ----a-w- c:\windows\system32\OgcDrvPyx.dll
2009-07-03 13:29 . 2006-09-21 13:51 61440 ----a-w- c:\windows\system32\OgcDrvMlr.dll
2009-07-03 13:29 . 2006-09-21 13:50 73728 ----a-w- c:\windows\system32\OgcDrvMagellan.dll
2009-07-03 13:29 . 2006-09-21 13:50 61440 ----a-w- c:\windows\system32\OgcDrvLowrance.dll
2009-07-03 13:29 . 2006-09-21 13:50 98304 ----a-w- c:\windows\system32\OgcDrvGarmin.dll
2009-07-03 13:29 . 2006-09-21 13:48 49152 ----a-w- c:\windows\system32\OgcDrvAvmap.dll
2009-07-03 13:29 . 2005-10-10 09:51 909312 ----a-w- c:\windows\system32\x9.dll
2009-07-03 12:07 . 2009-07-03 12:34 -------- d-----w- c:\windows\BDOSCAN8
2009-07-03 01:19 . 2009-03-13 10:17 323847872 ----a-w- c:\windows\system32\lspvt32.exe
2009-07-01 17:23 . 2009-07-01 17:23 -------- d-----w- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP
2009-06-26 10:39 . 2001-08-23 15:19 908000 -c--a-w- c:\windows\system32\dllcache\hcf_msft.sys
2009-06-26 10:39 . 2001-08-23 15:19 908000 ----a-w- c:\windows\system32\drivers\HCF_MSFT.sys
2009-06-25 12:58 . 2009-06-25 12:58 -------- d-----w- c:\program files\Cyanide
2009-06-12 00:22 . 2009-06-12 00:22 -------- d-----w- c:\program files\KillingFloor
2009-06-11 19:19 . 2009-03-09 13:27 453456 ----a-w- c:\windows\system32\d3dx10_41.dll
2009-06-11 19:19 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\system32\D3DX9_41.dll
2009-06-11 19:19 . 2009-03-09 13:27 1846632 ----a-w- c:\windows\system32\D3DCompiler_41.dll
2009-06-11 19:19 . 2009-03-16 12:18 69448 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-06-11 19:19 . 2009-03-16 12:18 517448 ----a-w- c:\windows\system32\XAudio2_4.dll
2009-06-11 19:19 . 2009-03-16 12:18 235352 ----a-w- c:\windows\system32\xactengine3_4.dll
2009-06-11 19:19 . 2009-03-16 12:18 22360 ----a-w- c:\windows\system32\X3DAudio1_6.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 20:18 . 2004-08-05 12:00 83046 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-03 20:18 . 2004-08-05 12:00 504492 ----a-w- c:\windows\system32\perfh00C.dat
2009-07-03 19:33 . 2009-07-03 19:33 2086 ----a-w- c:\program files\zlwugc.txt
2009-07-03 18:44 . 2009-02-04 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-03 17:19 . 2008-12-19 02:11 -------- d-----w- c:\program files\KraiSoft Games
2009-07-03 15:45 . 2008-10-31 00:48 -------- d-----w- c:\program files\MpcStar
2009-07-03 14:30 . 2008-09-16 20:20 -------- d-----w- c:\program files\Fichiers communs\Apple
2009-07-03 14:29 . 2009-01-31 14:19 -------- d-----w- c:\program files\Crayon Physics Deluxe
2009-07-03 14:26 . 2008-08-13 20:18 -------- d-----w- c:\program files\Restore
2009-07-03 14:25 . 2008-07-20 14:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-03 14:24 . 2009-01-25 01:30 -------- d-----w- c:\program files\ZNsoft Corporation
2009-07-03 13:28 . 2009-07-03 13:28 -------- d-----w- c:\program files\Bayo
2009-07-03 13:28 . 2009-07-03 13:28 -------- d-----w- c:\program files\Fichiers communs\Bayo
2009-07-03 12:20 . 2009-01-25 01:32 -------- d-----w- c:\program files\KeenfinderSrch
2009-07-02 13:45 . 2009-01-01 19:49 -------- d-----w- c:\program files\Hamachi
2009-07-01 17:30 . 2008-07-20 15:16 -------- d-----w- c:\program files\eMule
2009-07-01 17:23 . 2008-07-20 18:55 -------- d-----w- c:\program files\Fichiers communs\Wise Installation Wizard
2009-06-25 12:17 . 2009-02-04 02:50 -------- d-----w- c:\program files\Google
2009-06-02 13:00 . 2008-10-21 19:02 278984 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-06-02 13:00 . 2008-10-21 19:02 25416 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-05-08 14:44 . 2009-05-08 14:44 -------- d-----w- c:\program files\7-Zip
2009-04-21 13:16 . 2008-08-13 20:18 249856 ------w- c:\windows\Setup1.exe
2009-04-21 13:16 . 2008-08-13 20:18 73216 ----a-w- c:\windows\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\windows\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" [2006-05-14 344064]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"ProcessManager"="c:\program files\Bill2's Process Manager\ProcessManager.exe" [2009-05-30 1830912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Krait"="c:\program files\Razer\Krait\razerhid.exe" [2006-01-24 147456]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"Microsoft ALU manager"="c:\windows\system32\lspvt32.exe" [2009-03-13 323847872]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-13 172544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^hamachi.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\hamachi.lnk
backup=c:\windows\pss\hamachi.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Propriétaire^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
path=c:\documents and settings\Propriétaire\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"d"=2 (0x2)
"helpsvc"=2 (0x2)
"PnkBstrB"=2 (0x2)
"PnkBstrA"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"wuauserv"=2 (0x2)
"odserv"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c986736c1b1026"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"e:\\Program Files\\btm 2\\game.dat"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\AoE2 xp\\age2_x1\\AGE2_X1.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"e:\\Program Files\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Program Files\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Program Files\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\RayV\\RayV\\RayV.exe"=
"e:\\Program Files\\Vietcong\\vietcong_nocd1.6.exe"=
"c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"g:\\call of duty 4\\iw3mp.exe"=
"c:\\UT2004\\System\\UT2004.exe"=
"e:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"20429:TCP"= 20429:TCP:BitComet 20429 TCP
"20429:UDP"= 20429:UDP:BitComet 20429 UDP
"48800:TCP"= 48800:TCP:BitComet 48800 TCP
"48800:UDP"= 48800:UDP:BitComet 48800 UDP

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [22/01/2009 18:25 28544]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;g:\program files\Avira\AntiVir Desktop\sched.exe [03/07/2009 20:49 108289]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\BVF4D.tmp --> c:\docume~1\PROPRI~1\LOCALS~1\Temp\BVF4D.tmp [?]
S3 krait03;Razer krait USB Filter Driver;c:\windows\system32\drivers\krait.sys [08/01/2009 00:37 13324]
S3 mdxgthkn;mdxgthkn;\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\mdxgthkn.sys --> c:\docume~1\PROPRI~1\LOCALS~1\Temp\mdxgthkn.sys [?]
S4 gupdate1c986736c1b1026;Google Update Service (gupdate1c986736c1b1026);c:\program files\Google\Update\GoogleUpdate.exe [04/02/2009 04:51 133104]
.
Contenu du dossier 'Tâches planifiées'

2009-07-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 22:47]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 02:51]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-04 02:51]

2009-07-03 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-07-03 15:49]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.atcomet.com/m/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Add to AMV Convert Tool... - j:\mp3 amv\AMVConverter\grab.html
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.13\AMVConverter\grab.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - j:\mp3 amv\MediaManager\grab.html
IE: PimpFish - Saisir cette image - c:\program files\PimpFish\GRABPIC.HTM
IE: PimpFish - Saisir le fichier cible - c:\program files\PimpFish\GRABLINK.HTM
IE: PimpFish - Saisir les images auxquelles cette page est reliée - c:\program files\PimpFish\GRABPAGELINKS.HTM
IE: PimpFish - Saisir les images sur cette page - c:\program files\PimpFish\GRABPAGEPICS.HTM
IE: PimpFish - Saisir les vidéos sur cette page - c:\program files\PimpFish\GRABPAGEMOVIES.HTM
Trusted Zone: localhost
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Propriétaire\Application Data\Mozilla\Firefox\Profiles\sfnqjq43.default\
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\RayV\RayV\RayVExtension@RayV.com\plugins\nprayvplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-04 00:22
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\PROPRI~1\LOCALS~1\Temp\BVF4D.tmp"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-842925246-1788223648-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:6f,87,91,50,4b,99,87,92,db,10,74,42,6b,21,c1,a4,ed,76,5d,7f,3a,2f,84,
58,a1,d0,92,50,54,1c,00,41,08,17,9f,25,17,fd,de,9b,c7,79,23,a3,67,ee,df,5c,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22

[HKEY_USERS\S-1-5-21-842925246-1788223648-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:0c,d0,f7,c7,1d,6e,99,75,20,16,81,48,31,45,00,3b,e2,84,94,37,be,
65,c6,86,15,33,6e,b8,6e,74,7c,8f,3d,63,95,bb,94,3d,60,22,6c,8b,fb,49,e2,6a,\
"rkeysecu"=hex:62,20,b7,2f,fe,1a,9f,31,09,01,0a,ce,d7,f0,77,1c
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(3700)
c:\windows\system32\eappprxy.dll
c:\windows\BricoPacks\Crystal Clear\RocketDock\MouseHook2.dll
.
Heure de fin: 2009-07-03 0:23
ComboFix-quarantined-files.txt 2009-07-03 22:23
ComboFix2.txt 2009-07-03 22:08
ComboFix3.txt 2009-07-03 21:58

Avant-CF: 1 881 546 752 octets libres
Après-CF: 1 929 756 672 octets libres

271 --- E O F --- 2009-02-27 00:32


m
0
l
4 Juillet 2009 14:52:17

UP !
m
0
l
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS