Votre question

Virus - Rapport HijackThis à analyser

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Décembre 2008 13:59:43

Bonjour,

Qqn peut il m'aider à analyser ce rapport svp?

J'ai la meme galère que les autres...
J'ai choppé comme un con ce virus sur msn et depuis, mon pc démarre TRES difficilement (genre je dois redemarrer systématiquement une ou deux fois), et ne s'arrete plus (je dois couper le courant).

J'ai des tonnes de pop up qui apparaissent a chq fois que je me connecte a internet

Cet ordi est equipé du logiciel Safe boot et c mon pc pro, je suis à l'étranger et je ne peux pas en avoir dautre avant un bon mois !

Mon antivirus symantech me detecte regulierement des worms et des trojan depuis mais ne regle pas le probleme.

Aidez moi, je vous en supplie...

Jai fait un scan sur hijeckthis, qui donne:



Logfile of HijackThis v1.99.1
Scan saved at 00:02:09, on 29/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Blackice\blackd.exe
C:\WINDOWS\system32\Crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Blackice\RapApp.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SafeBoot\SBMGRNT.EXE
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Blackice\vpatch.exe
C:\WINDOWS\system32\CIMWebViewService.exe
C:\CIMPLICITY\HMI\exe\CIMWebServer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\CYBERL~1\PowerDVD\DVDLAU~1.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\CacereGr\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
O3 - Toolbar: SupportCentral - {E5CA3FCB-32F0-4602-A3FD-0785E3F0F5BF} - C:\WINDOWS\system32\SCTOOL~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AuditMode] C:\sysprep\factory.exe -logon
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\PROGRA~1\CYBERL~1\PowerDVD\DVDLAU~1.EXE"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SBMGRNT.EXE] C:\PROGRA~1\SafeBoot\SBMGRNT.EXE -WinLogon
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CheckIt] C:\WINDOWS/SYSTEM32/GE/Scripts/Checkit.vbs
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\Proxy.exe
O9 - Extra 'Tools' menuitem: Change Proxy - {7107766B-746A-4B6F-8356-8CF9EA743708} - C:\Program Files\TSG Proxy\Proxy.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O17 - HKLM\Software\..\Telephony: DomainName = fr-epe.geps.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F6F3F6A-DC06-4CB0-8551-C1265509D0D7}: Domain = fr-epe.geps.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{87A1AB32-72A1-441B-9A02-DEC07FB39903}: Domain = fr-epe.geps.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F6F3F6A-DC06-4CB0-8551-C1265509D0D7}: Domain = fr-epe.geps.ge.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = geips-euro.ps.ge.com
O17 - HKLM\System\CS3\Services\Tcpip\..\{0F6F3F6A-DC06-4CB0-8551-C1265509D0D7}: Domain = fr-epe.geps.ge.com
O20 - AppInit_DLLs: gtjiui.dll
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Blackice\blackd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CIMPLICITY HMI Service (CIMPLICITY) - Unknown owner - C:\WINDOWS\system32\cimplicity.exe
O23 - Service: CimplicityViewConnectionService - Total Control Products (Canada) Inc. - C:\CIMPLICITY\HMI\exe\CimplicityViewConnectionService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\system32\Crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Fiberlink Monitor Service (FiberlinkMonitor) - Boingo Wireless, Inc. - C:\Program Files\Fiberlink\Extend360\WENGINE\wmonitor.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Blackice\RapApp.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeBoot Configuration Manager (SafeBootConfigurationManager) - Control Break International - C:\Program Files\SafeBoot\SBMGRNT.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Extend360 Agent (ServiceMgr) - Fiberlink Communications Corp. - C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ISS Buffer Overflow Exploit Prevention (VPatch) - Internet Security Systems, Inc. - C:\Program Files\Blackice\vpatch.exe
O23 - Service: CIMPLICITY WebView/ThinView Service (WEBVIEW) - GE Fanuc Automation Americas, Inc - C:\WINDOWS\system32\CIMWebViewService.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Autres pages sur : virus rapport hijackthis analyser

a b 8 Sécurité
29 Décembre 2008 20:26:53

Bonjour,

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    AIDE : Tuto en images sur MBAM
    29 Décembre 2008 22:41:54

    Merci beaucoup !!!!

    Il a détecté 150 fichiers infectés... Il semble que le systeme est stable maintenant...
    Je ne suis plus assailli par 50 popup a chaque connection!

    Malwarebytes' Anti-Malware 1.31
    Version de la base de données: 1565
    Windows 5.1.2600 Service Pack 2

    29/12/2008 22:16:39
    mbam-log-2008-12-29 (22-16-39).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 129922
    Temps écoulé: 1 hour(s), 14 minute(s), 39 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 17
    Valeur(s) du Registre infectée(s): 2
    Elément(s) de données du Registre infecté(s): 3
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 125

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\opnLCULf.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\gtjiui.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\urqrrOec.dll (Trojan.Vundo) -> Delete on reboot.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\urqrroec (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e81a3a4-ab82-4a38-8787-976f8f94796d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{8e81a3a4-ab82-4a38-8787-976f8f94796d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ef1e9b46-e007-45db-a3a2-f44d0a4b104c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{ef1e9b46-e007-45db-a3a2-f44d0a4b104c} (Trojan.Vundo.H) -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8e81a3a4-ab82-4a38-8787-976f8f94796d} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ef1e9b46-e007-45db-a3a2-f44d0a4b104c} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\opnlculf -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnlculf -> Delete on reboot.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\urqrrOec.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\gtjiui.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\opnLCULf.dll (Trojan.Vundo.H) -> Delete on reboot.
    C:\WINDOWS\system32\fLUCLnpo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fLUCLnpo.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtqrQhG.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GhQrqtwa.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\GhQrqtwa.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkLFyxy.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yxyFLkkj.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yxyFLkkj.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\omkttnuk.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kunttkmo.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtrOeFY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtrsQGY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtttTmN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtutUmm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXNebBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXPHwXq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\byXRkjjh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXQklmJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXRHXRI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cbXRJCtR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\cvxkmc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcApnoM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcDssTK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcDwuTk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcASkhg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcBUMcY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcYRLfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\eipuxgst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fhsuie.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\geBrsPfg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGaaxyx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hgGvvsSL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iguijpgr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifddcdA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifdebxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifdeefd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\iifeeFVm.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkHXPIx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkIBrsS.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkKbXqR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jtzxgu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\kddrex.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfCsTKE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\khfDwvUl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\krzkgu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJCspnM.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJCuVMG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mjujlcxw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJAttRJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJBRHxv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnkHxww.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\odoycvnf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\olrynkln.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnkjKde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnLFYPH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnkjggG.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnljHax.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnmlkIb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnmnNGa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnnLDWP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMeBTKa.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\qoMggHbB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rokvuxst.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\rqRLccyA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqPjiIA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqpmKcA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvSkHWq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvUOFUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqRIcbb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqRiiJb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqRKEwu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUkjKAq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUlIcde.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUmNDTN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vtUolJaX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wjjijx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvULbCsR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUlkLfC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUMCSjI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUoMdBT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xhjqfqhr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyvsPij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyvwUoL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxywTMfc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxywWpnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yayvTNdA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yayvWOGv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\yaywXPIb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
    C:\win.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxywWqqp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqQjGVp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqQjGyw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvVOFYR.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tuvWnnLF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkheFXo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkHXrqP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkHYsSl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\jkkKawXN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnopmkk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\opnoppqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcDtQIX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ddcYrRIY.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nnnmjigE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnmkkJb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnmliiI.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnnmMFX.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnnoMeF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pmnoPhgE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqNGxUL.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqQklJA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcBurOi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcCtqpn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcCuTMc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\efcDWMeE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mlJDtssp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\xxyyaxXr.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssqNgETl.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ljJBqnNE.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUmljih.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wvUnMEwU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\fccdbYQH.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    Contenus similaires
    a b 8 Sécurité
    30 Décembre 2008 13:06:35

    Re,

    [#ff0000]! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    30 Décembre 2008 13:45:04

    Salut,

    Voici le rapport de combofix:

    ____________________________________________________________

    ComboFix 08-12-29.02 - CacereGr 2008-12-30 13:37:42.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1033.18.1015.439 [GMT 1:00]
    Lancé depuis: c:\documents and settings\CacereGr\Desktop\ComboFix.exe
    * Un nouveau point de restauration a été créé

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\system32\amhhdfpj.ini
    c:\windows\system32\bupuddcb.dll
    c:\windows\system32\dlyqvaxr.dll
    c:\windows\system32\fmmcttjk.dll
    c:\windows\system32\fwikgleg.dll
    c:\windows\system32\grouppolicy\machine\scripts\scripts.ini
    c:\windows\system32\head.exe
    c:\windows\system32\ipnrpsac.ini
    c:\windows\system32\kskwsxup.ini
    c:\windows\system32\mdm.exe
    c:\windows\system32\NewCoreload.exe
    c:\windows\system32\ps.exe
    c:\windows\system32\sqfdiims.ini
    c:\windows\system32\tar.exe
    c:\windows\system32\ttghkkgi.dll
    c:\windows\system32\vooxspdw.dll
    c:\windows\system32\wkuxlvqa.ini
    c:\windows\system32\ybtqkhvv.ini

    ----- BITS: Il y a peut-être des sites infectés -----

    hxxp://childhe.com
    hxxp://wsus.ad.ge.com
    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-11-28 au 2008-12-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-12-29 23:04 . 2008-12-29 23:04 <DIR> d-------- c:\program files\MSN Messenger
    2008-12-29 20:46 . 2008-12-29 20:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
    2008-12-29 20:46 . 2008-12-29 20:46 <DIR> d-------- c:\documents and settings\CacereGr\Application Data\Malwarebytes
    2008-12-29 20:46 . 2008-12-29 20:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2008-12-29 20:46 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2008-12-29 20:46 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2008-12-29 19:27 . 2008-12-29 19:27 <DIR> d-------- c:\program files\Common Files\Download Manager
    2008-12-29 15:56 . 2008-12-29 15:56 <DIR> d-------- c:\program files\Trend Micro
    2008-12-29 15:51 . 1999-01-20 05:01 210,032 --a------ c:\windows\system32\DBCLIENT.DLL
    2008-12-27 18:18 . 2008-12-27 18:18 <DIR> d-------- c:\windows\Sun
    2008-12-27 13:14 . 2008-12-27 13:14 0 --a------ c:\windows\nsreg.dat
    2008-12-23 17:27 . 2008-12-23 17:27 <DIR> d-------- c:\program files\CCleaner
    2008-12-07 23:41 . 2008-12-07 23:41 6,656 --ahs---- c:\windows\system32\Thumbs.db
    2008-12-07 23:06 . 2008-12-07 23:28 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
    2008-12-07 23:05 . 2008-12-07 23:05 <DIR> d-------- c:\program files\Windows Live
    2008-12-07 23:05 . 2008-12-07 23:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
    2008-12-02 19:28 . 2008-12-02 19:28 <DIR> d-------- c:\program files\Logitech
    2008-12-02 18:10 . 2004-08-04 00:56 90,624 --a------ c:\windows\system32\kswdmcap.ax
    2008-12-02 18:10 . 2004-08-04 00:56 90,624 --a--c--- c:\windows\system32\dllcache\kswdmcap.ax
    2008-12-02 18:10 . 2004-08-04 00:56 61,952 --a------ c:\windows\system32\kstvtune.ax
    2008-12-02 18:10 . 2004-08-04 00:56 61,952 --a--c--- c:\windows\system32\dllcache\kstvtune.ax
    2008-12-02 18:10 . 2004-08-04 00:56 53,760 --a------ c:\windows\system32\vfwwdm32.dll
    2008-12-02 18:10 . 2004-08-04 00:56 53,760 --a--c--- c:\windows\system32\dllcache\vfwwdm32.dll
    2008-12-02 18:10 . 2004-08-04 00:56 43,008 --a------ c:\windows\system32\ksxbar.ax
    2008-12-02 18:10 . 2004-08-04 00:56 43,008 --a--c--- c:\windows\system32\dllcache\ksxbar.ax
    2008-12-02 18:10 . 2004-08-04 00:56 28,672 --a------ c:\windows\system32\vidcap.ax
    2008-12-02 18:10 . 2004-08-04 00:56 28,672 --a--c--- c:\windows\system32\dllcache\vidcap.ax
    2008-12-02 18:09 . 2007-10-12 02:55 1,279,000 --a------ c:\windows\system32\drivers\LV302V32.SYS
    2008-12-02 18:09 . 2007-10-12 03:00 490,008 --a------ c:\windows\system32\LVUI2.dll
    2008-12-02 18:09 . 2007-10-12 03:00 465,432 --a------ c:\windows\system32\LVUI2RC.dll
    2008-12-02 18:09 . 2007-10-12 02:57 416,280 --a------ c:\windows\system32\lvcodec2.dll
    2008-12-02 18:09 . 2007-10-12 02:57 195,096 --a------ c:\windows\system32\lvci1150.dll
    2008-12-02 18:09 . 2007-10-12 02:11 59,500 --a------ c:\windows\system32\lvcoinst.ini
    2008-12-02 18:09 . 2007-10-12 03:00 41,752 --a------ c:\windows\system32\drivers\LVUSBSta.sys
    2008-12-02 18:09 . 2007-10-12 02:18 21,138 --a------ c:\windows\system32\Repository.reg
    2008-12-02 18:09 . 2007-10-12 02:55 13,848 --a------ c:\windows\system32\drivers\lv302af.sys
    2008-12-02 18:08 . 2008-12-02 19:28 <DIR> d-------- c:\program files\Common Files\LogiShrd
    2008-12-02 18:08 . 2008-12-02 18:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logitech
    2008-12-02 18:08 . 2008-12-02 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Logishrd
    2008-12-02 18:00 . 2004-08-03 23:07 59,264 --a------ c:\windows\system32\drivers\USBAUDIO.sys
    2008-12-02 18:00 . 2004-08-03 23:07 59,264 --a--c--- c:\windows\system32\dllcache\usbaudio.sys
    2008-12-01 23:45 . 2008-12-01 23:45 <DIR> d-------- c:\program files\Google
    2008-11-18 10:21 . 2008-11-18 10:21 0 --a------ c:\windows\vpc32.INI
    2008-11-14 08:13 . 2008-11-14 08:13 <DIR> d-------- c:\documents and settings\CacereGr\Application Data\Xerox

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-30 12:39 --------- d-----w c:\documents and settings\CacereGr\Application Data\Skype
    2008-12-30 12:37 --------- d-----w c:\program files\Symantec AntiVirus
    2008-12-30 12:34 --------- d-----w c:\program files\Blackice
    2008-12-28 06:57 --------- d---a-w c:\program files\Nortel Networks
    2008-12-27 17:12 --------- d-----w c:\program files\pdf995
    2008-11-25 12:41 --------- d-----w c:\program files\PDF Editeur 2
    2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
    2008-10-07 06:14 73,216 ----a-w c:\windows\cadkasdeinst01f.exe
    2008-10-07 05:46 176,128 ----a-w c:\windows\safeboot.scr
    2008-10-06 12:26 50,364 ----a-w c:\windows\system32\pdf995mon.dll
    2008-10-06 12:26 102,400 ----a-w c:\windows\system32\pdfmona.dll
    2008-10-06 11:37 57,344 ----a-w c:\windows\uneng.exe
    2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
    2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
    2008-09-23 16:46 245,408 ----a-w c:\windows\system32\unicows.dll
    2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
    2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CheckIt"="C:\WINDOWS/SYSTEM32/GE/Scripts/Checkit.vbs" [2008-02-25 741]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2006-08-14 20066856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-24 53408]
    "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-06-15 124656]
    "Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "DVDLauncher"="c:\progra~1\CYBERL~1\PowerDVD\DVDLAU~1.EXE" [2004-04-26 53248]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 819200]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 970752]
    "SBMGRNT.EXE"="c:\progra~1\SafeBoot\SBMGRNT.EXE" [2008-10-07 49212]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A81200000003}\IconAC76BA86.exe [2008-05-16 300032]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "disablecad"= 1 (0x1)
    "LogonType"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "DisablePersonalDirChange"= 1 (0x1)
    "ForceStartMenuLogOff"= 1 (0x1)
    "NoSimpleStartMenu"= 1 (0x1)
    "NoSMConfigurePrograms"= 1 (0x1)
    "ForceClassicControlPanel"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=gtjiui.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-8915387-251426123-247139262-76836\Scripts\Logon\0\0]
    "Script"=TSGEUS_PSNonEC.bat

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\System\\run32dll.exe"=
    "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "5556:TCP"= 5556:TCP:SafeBoot

    R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2008-10-07 30267]
    R0 SBAlg;SBAlg;c:\windows\system32\drivers\SBAlg.sys [2008-10-07 44848]
    R1 RsvLock;RsvLock;c:\windows\system32\drivers\RsvLock.sys [2008-10-07 4752]
    R1 SBFlop;SBFlop;c:\windows\system32\drivers\SBFlop.sys [2008-10-07 6096]
    R1 SbPrcCtl;SbPrcCtl;c:\windows\system32\drivers\SbPrcCtl.sys [2008-10-07 14864]
    R2 BlackICE;BlackICE;"c:\program files\Blackice\blackd.exe" [2008-10-06 2011473]
    R2 FiberlinkMonitor;Fiberlink Monitor Service;"c:\program files\Fiberlink\Extend360\WENGINE\wmonitor.exe" [2005-05-06 65604]
    R2 SafeBootConfigurationManager;SafeBoot Configuration Manager;c:\program files\SafeBoot\SBMGRNT.EXE [2008-10-07 49212]
    R2 VPatch;ISS Buffer Overflow Exploit Prevention;c:\program files\Blackice\vpatch.exe [2008-10-06 426333]
    R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [2004-11-01 17536]
    R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2008-10-06 9433]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-06 99376]
    R3 GTIPCI21;GTIPCI21;c:\windows\system32\DRIVERS\gtipci21.sys [2008-10-06 87936]
    R3 MakoNT;MakoNT;c:\windows\system32\drivers\MakoNT.sys [2008-10-06 76849]
    R3 rap;rap;c:\windows\system32\drivers\RapDrv.sys [2008-10-06 47788]
    R4 black;black;c:\windows\system32\drivers\BlackCat.sys [2008-10-06 197106]
    S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2008-10-06 115680]
    S2 WEBVIEW;CIMPLICITY WebView/ThinView Service;c:\windows\system32\CIMWebViewService.exe [2003-05-01 28758]
    S3 CIMPLICITY;CIMPLICITY HMI Service;c:\windows\system32\cimplicity.exe [2003-05-01 28751]
    S3 CimplicityViewConnectionService;CimplicityViewConnectionService;c:\cimplicity\HMI\exe\CimplicityViewConnectionService.exe [2004-10-07 139264]
    S3 ExtranetAccess;Contivity VPN Service;"c:\program files\Nortel Networks\Extranet_serv.exe" [2008-10-06 630784]
    S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2006-06-15 115952]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{48a75e06-b4af-11dd-ae05-444553544200}]
    \Shell\AutoRun\command - F:\u9dyi.exe
    \Shell\explore\Command - F:\u9dyi.exe
    \Shell\open\Command - F:\u9dyi.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56eb82c6-a060-11dd-ae02-00166f825da3}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2b6bfee-97da-11dd-adfa-444553544200}]
    \Shell\AutoRun\command - G:\

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1D2908F4-2CC5-4F72-BAFF-9026CF04C227}]
    %systemroot\system32\msiexec.exe /i %systemroot%\options\packages\coreapps\pcinfo\pcinfo.msi /qb!

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{257AC5ED-A013-4E10-B3C0-099F5E8D8FC2}]
    %Sytemroot%\system32\msiexec.exe /i %Systemroot%\options\pacakges\coreapps\TSG Proxy\TSG Proxy Button.msi /qn

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{27B3FC9C-0096-4590-85B5-FF334D432C8D}]
    c:\windows\system32\msiexec.exe /i c:\windows\options\packages\coreapps\MekkoGraphics3\MekkoGraphics3.msi Transforms="c:\windows\options\packages\coreapps\MekkoGraphics3\MekkoGraphics3.mst" /qn

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3248F0A8-6813-11D6-A77B-00B0D0150100}]
    c:\\Windows\\Options\\Packages\\CoreApps\\Java_1.5_Update_10\\Java1.5_Update10_UserUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5B4BD34A-EA56-448F-BDC0-F0B2DAB715E0}]
    c:\windows\system32\msiexec.exe /faum {5B4BD34A-EA56-448F-BDC0-F0B2DAB715E0} /qn

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{AC76BA86-7AD7-1033-7B44-A81200000003}]
    msiexec.exe /fu {AC76BA86-7AD7-1033-7B44-A81200000003} /qn

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E72B0C-1F6A-4C67-84D8-3F7743B87E37}]
    c:\windows\System32\msiexec.exe /i c:\windows\Options\Packages\CoreApps\GETemplates\GETemplatesGEE.msi /qb!
    .
    Contenu du dossier 'Tâches planifiées'

    2008-12-30 c:\windows\Tasks\ktcyfxgw.job
    - c:\windows\system32\rundll32.exe [2004-08-04 05:56]
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-AuditMode - c:\sysprep\factory.exe


    .
    ------- Examen supplémentaire -------
    .
    uStart Page = hxxp://www.yahoo.fr/
    uInternet Settings,ProxyOverride = <local>
    uInternet Settings,ProxyServer = ftp=http-proxy-frbel01.fr-epe.geps.ge.com:80;gopher=http-proxy-frbel01.fr-epe.geps.ge.com:80;http=http-proxy-frbel01.fr-epe.geps.ge.com:80;https=http-proxy-frbel01.fr-epe.geps.ge.com:80
    IE: {{7107766B-746A-4B6F-8356-8CF9EA743708} - c:\program files\TSG Proxy\Proxy.exe c:\program files\TSG Proxy\Proxy.exe

    O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-30 13:39:30
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(1656)
    c:\windows\system32\IWPDGINA.DLL
    c:\program files\Intel\Wireless\Bin\SsoGnFRA.dll
    .
    Heure de fin: 2008-12-30 13:40:20
    ComboFix-quarantined-files.txt 2008-12-30 12:40:05

    Avant-CF: 16 307 687 424 bytes free
    Après-CF: 16,289,931,264 octets libres

    233 --- E O F --- 2008-12-20 14:50:19
    a b 8 Sécurité
    31 Décembre 2008 16:17:29

    Reposte un rapport Hijackthis.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS