Votre question

Infection trojan et fenêtre internet à volonté

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
29 Mai 2008 20:26:00

Bonjour à tous,
Depuis une semaine je me bats avec des problèmes liés apparement à des virus de type trojan. Après avoir surfé dans ce forum, j'ai réussi à remettre à jour mes MAJ auto de Windows (lié à une erreur 1058).
Mais depuis j'ai des fenêtres internet qui s'ouvrent toutes seules (casino, site antivirus, ...) et le Pc rame lourdement.
J'ai suivi toute une manip que j'ai trouvé sur le site :
Hijackthis - ComboFix - Malwarebyte's et tout content je redémarre, je n'ai été tranquille qu'une heure, voilà que cela recommence.
Je poste donc ci-joint le rapport Hijackthis, celui de ComboFix et de Malwarebyte's.
Si quelqu'un peut me filer un coup de main, je le remercie d'avance.
J'avoue que je craque un peu, mes nerfs ne vont pas tarder à lacher.
D'autant plus que Norton est mis à jour quotidiennement, je ne comprend pas.
Merci.

Rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:31:55, on 29/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\SPAMfighter\sfus.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\apps\ABoard\ABoard.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\APPS\SMP\SmpSys.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {21bf1850-7d91-4a10-b372-44453e96739e} - (no file)
O2 - BHO: {acbd37cf-5684-9c8a-4994-6fa72bf8cef6} - {6fec8fb2-7af6-4994-a8c9-4865fc73dbca} - C:\WINDOWS\system32\dcctegus.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {21bf1850-7d91-4a10-b372-44453e96739e} - (no file)
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P41 "EPSON Stylus Photo RX520 Series (Copie 1)" /O6 "USB002" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - D:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall....
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.photoweb.fr/telechargement/telechargement-ph...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/fr/Prg/ESTPTe...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoreflex.com/tools/ImageUploader/ImageUpl...
O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFnacmusic/Fnacmu...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/5m/virtools.downloa...
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPAMfighter Update Service - SPAMfighter ApS - C:\Program Files\SPAMfighter\sfus.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11391 bytes

Rapport ComboFix :
ComboFix 08-05-26.2 - Olivier 2008-05-29 17:33:34.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.362 [GMT 2:00]
Endroit: D:\Documents and Settings\Olivier\Bureau\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))))))))
.

2008-05-29 09:51 . 2008-05-29 09:51 <REP> d-------- C:\Program Files\Trend Micro
2008-05-27 11:11 . 2008-05-27 11:11 134,144 --a------ C:\WINDOWS\system32\dcctegus.dll
2008-05-27 10:16 . 2008-05-27 10:16 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-05-27 10:11 . 2008-05-27 10:11 <REP> d-------- D:\Documents and Settings\Olivier\Application Data\Malwarebytes
2008-05-27 10:11 . 2008-05-27 10:11 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-26 21:41 . 2008-05-26 21:41 <REP> d-------- C:\Program Files\CCleaner
2008-05-26 21:24 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage réseau
2008-05-26 21:24 . 2004-08-16 19:55 <REP> d--h----- D:\Documents and Settings\Administrateur\Voisinage d'impression
2008-05-26 21:24 . 2006-02-18 02:31 <REP> d--h----- D:\Documents and Settings\Administrateur\Modèles
2008-05-26 21:24 . 2006-02-17 18:35 <REP> dr------- D:\Documents and Settings\Administrateur\Mes documents
2008-05-26 21:24 . 2006-02-18 02:31 <REP> dr------- D:\Documents and Settings\Administrateur\Menu Démarrer
2008-05-26 21:24 . 2006-02-17 18:35 <REP> dr------- D:\Documents and Settings\Administrateur\Favoris
2008-05-26 21:24 . 2008-05-29 16:31 <REP> dr------- D:\Documents and Settings\Administrateur\Bureau
2008-05-26 21:24 . 2006-02-18 02:31 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver
2008-05-26 21:24 . 2006-02-17 00:29 <REP> d-------- D:\Documents and Settings\Administrateur\Application Data\Symantec
2008-05-26 21:24 . 2008-05-26 21:24 <REP> d-------- D:\Documents and Settings\Administrateur
2008-05-26 17:39 . 2008-05-26 17:39 134,144 --a------ C:\WINDOWS\system32\aupuaiis.dll
2008-05-26 17:27 . 2008-05-26 17:27 134,144 --a------ C:\WINDOWS\system32\plmjknva.dll
2008-05-26 10:43 . 2008-05-26 10:43 134,144 --a------ C:\WINDOWS\system32\mlhdoylh.dll
2008-05-15 18:24 . 2008-05-15 18:24 <REP> d-------- D:\Documents and Settings\All Users\Application Data\ViaMichelin
2008-05-15 18:16 . 2008-05-15 18:16 <REP> d-------- C:\Program Files\ViaMichelin
2008-05-14 19:02 . 2008-05-14 19:02 <REP> d-------- D:\Documents and Settings\Azureus Downloads\Chris Brown
2008-05-12 16:26 . 2008-05-12 16:26 <REP> d-------- C:\Program Files\IKEA HomePlanner
2008-05-12 16:26 . 2008-05-12 16:26 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-05-11 12:35 . 2008-05-15 12:22 <REP> d-------- D:\Documents and Settings\Mes fichiers reçus\MAJ GPS
2008-05-10 15:52 . 2006-04-10 18:05 104,576 --a------ C:\WINDOWS\system32\drivers\wceusbsh.sys
2008-05-10 15:52 . 2006-04-10 18:05 104,576 --a------ C:\WINDOWS\system32\dllcache\wceusbsh.sys
2008-05-10 15:49 . 2008-05-26 20:21 <REP> d-------- C:\Program Files\Microsoft ActiveSync
2008-05-10 15:49 . 2005-10-21 03:47 30,592 --------- C:\WINDOWS\system32\drivers\rndismpx.sys
2008-05-10 15:49 . 2005-10-21 03:47 12,800 --------- C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-29 20:42 . 2008-05-29 09:26 <REP> d-------- C:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-29 15:03 --------- d-----w C:\Program Files\SPAMfighter
2008-05-29 15:02 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-29 08:21 --------- d-----w C:\Program Files\Trigrill
2008-05-29 08:20 --------- d-----w C:\Program Files\Panda Security
2008-05-26 18:24 --------- d-----w D:\Documents and Settings\Olivier\Application Data\Azureus
2008-05-24 20:43 --------- d-----w C:\Program Files\Newsbin Pro 4.32
2008-05-24 20:20 --------- d-----w C:\Program Files\Microsoft Money
2008-05-19 07:19 --------- d-----w C:\Program Files\boursepratic
2008-05-15 16:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 10:01 --------- d-----w C:\Program Files\Winamp
2008-04-28 18:12 --------- d-----w C:\Program Files\Azureus
2008-04-28 14:31 --------- d-----w D:\Documents and Settings\All Users\Application Data\Azureus
2008-04-15 12:53 --------- d-----w D:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-04-13 09:18 --------- d-----w C:\Program Files\SynthPronosPlusSha
2008-04-01 11:50 --------- d-----w C:\Program Files\Java
2008-03-30 16:47 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-03-30 16:45 --------- d-----w C:\Program Files\MSECACHE
2008-03-30 14:57 --------- d-----w D:\Documents and Settings\Olivier\Application Data\GrabIt
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 194,144 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:57 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-29 08:56 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-28 20:55 137,544 ----a-w D:\Documents and Settings\Olivier\Application Data\GDIPFONTCACHEV1.DAT
2007-05-25 13:22 3,300,289 ----a-w D:\Documents and Settings\Mes logiciels\AIDA_32_3.93_Personnal_Edition.exe
2007-05-25 13:20 13,786,390 ----a-w D:\Documents and Settings\Mes logiciels\sandra-1117b.exe
2006-12-23 15:20 9,292,275 ----a-w D:\Documents and Settings\Mes logiciels\Setup_FreeConverter.exe
2005-08-22 07:19 1,462,279 ----a-w D:\Documents and Settings\Mes logiciels\Radiesthésie logiciel 1-1.zip
2005-03-07 10:36 2,564,986 ----a-w D:\Documents and Settings\Mes logiciels\WinDriversBackup_1.09__last_freeware_version_.exe
2003-06-10 10:50 3,554,210 ----a-w D:\Documents and Settings\Mes logiciels\CDex150 fr.exe
.

((((((((((((((((((((((((((((( snapshot@2008-05-27_18.33.28.00 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-27 16:29:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-29 15:00:52 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-01-21 19:34:22 465,472 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll
+ 2008-04-29 06:49:06 456,768 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll
+ 2008-02-26 12:00:31 294,912 ------w C:\WINDOWS\system32\dllcache\msctf.dll
- 2004-08-05 13:00:00 294,400 ----a-w C:\WINDOWS\system32\MSCTF.dll
+ 2008-02-26 12:00:31 294,912 ----a-w C:\WINDOWS\system32\msctf.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6fec8fb2-7af6-4994-a8c9-4865fc73dbca}]
2008-05-27 11:11 134144 --a------ C:\WINDOWS\system32\dcctegus.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= "C:\Program Files\Winamp Toolbar\winamptb.dll" [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 22:06 1135968]

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-11-17 10:51 975360]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 19:23 102400]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-05 20:04 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 15:00 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 14:45 90112 C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 12:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 14:48 127118]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 15:00 208952]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31 24576]
"MoneyStartUp10.0"="C:\Program Files\Microsoft Money\System\Activation.exe" [2001-07-25 10:00 245810]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-02-17 07:32 180269]
"EPSON Stylus Photo RX520 Series (Copie 1)"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.exe" [2005-04-07 06:00 98304]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2006-07-19 20:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-11-14 16:51 125536]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 20:20 282624]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 20:49 36352]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2008-01-02 18:03 308880]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"RegistryMechanic"="" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm
"VIDC.DVSD"= miroDV2avi.DLL
"VIDC.PIM1"= pclepim1.dll
"VIDC.PIM2"= RALCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=

R1 LStone;Pinnacle Systems Studio AV/DV Overlay;C:\WINDOWS\system32\DRIVERS\lstone2k.sys [2002-01-09 11:34]
R1 MemAlloc;MemAlloc;C:\WINDOWS\system32\DRIVERS\memalloc.sys [2001-08-28 12:36]
R2 SPAMfighter Update Service;SPAMfighter Update Service;"C:\Program Files\SPAMfighter\sfus.exe" [2007-12-14 10:57]
S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30d57428-d7f2-11dc-bf2f-0013d3fb4831}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-29 15:30:00 C:\WINDOWS\Tasks\Configurer mon PC.job"
- C:\Apps\SMP\PCSETUP.EXE
"2006-05-26 12:31:46 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-05-29 15:35:11 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-29 17:35:02
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-05-29 17:35:53
ComboFix-quarantined-files.txt 2008-05-29 15:35:47
ComboFix2.txt 2008-05-29 08:16:10
ComboFix3.txt 2008-05-28 20:21:40
ComboFix4.txt 2008-05-28 12:08:13

Pre-Run: 14,157,852,672 octets libres
Post-Run: 14,144,819,200 octets libres

207 --- E O F --- 2008-05-28 11:53:55

Rapport Malwarebyte's :
Malwarebytes' Anti-Malware 1.12
Database version: 797

Scan type: Full Scan (C:\|)
Objects scanned: 105610
Time elapsed: 1 hour(s), 53 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP634\A0038161.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP634\A0038162.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP634\A0038163.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Autres pages sur : infection trojan fenetre internet volonte

30 Mai 2008 17:30:49

Up, pour ne pas être oublié :) 

J'ai interdit à mes enfants d'aller sur le PC, cela ouvre vraiment toutes sortes de fenêtres .....

Merci d'avance
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS