Votre question

infection vundo?

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Mai 2008 14:52:04

impossible de me debarasser de cette salete de virus, dites moi la marche a suivre svp
merci d avance

Autres pages sur : infection vundo

27 Mai 2008 17:23:58

bonjou bien evidemment, mes nerfs m ont fait perdre mon sens de la politesse, je m en excuse...
voici le rapport hijack this que je poste via un autre ordi, car le mien est vraiment en rade

voici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:49, on 2008-05-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\V0220Mon.exe
C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Teleca Shared\CapabilityManager.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\V3CallCenter\V3faxecp.exe
C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B41CC7BD-5FA9-47AF-83EA-B076E833F47E} - C:\WINDOWS\system32\urqNEWOI.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKLM\..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe
O4 - HKLM\..\Run: [Creative Mouse Software] C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe
O4 - Startup: reminder-Enregistrement du produit ScanSoft.lnk = C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: CallCenter Printer Interface.lnk = C:\Program Files\V3CallCenter\V3faxecp.exe
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O10 - Unknown file in Winsock LSP: xfire_lsp_9028.dll
O14 - IERESET.INF: START_PAGE_URL=http://GLOBAL.ACER.COM/
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} -
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.ca...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.wistiti.fr/ImageUploader4.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.ca...
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--

Contenus similaires
a b 8 Sécurité
27 Mai 2008 18:04:43

Apparemment ok.

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) ![/#f]

  • Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.

    AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
    * le nom de la partition peut changer
    27 Mai 2008 19:42:34

    voici le rapport combofix


    ComboFix 08-05-26.2 - Rafael 2008-05-27 19:38:51.6 - FAT32x86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.580 [GMT 2:00]
    Endroit: C:\Documents and Settings\Rafael\Bureau\ComboFix.exe

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-04-27 to 2008-05-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-05-22 19:31 . 2008-05-22 19:31 <REP> d--hs---- C:\FOUND.005
    2008-05-22 14:25 . 2008-05-22 14:25 <REP> d--hs---- C:\FOUND.004
    2008-05-21 13:30 . 2008-05-21 13:30 <REP> d--hs---- C:\FOUND.003
    2008-05-21 13:07 . 2008-05-21 13:07 <REP> d-------- C:\Documents and Settings\Rafael\Application Data\libresystem
    2008-05-17 19:36 . 2008-05-17 19:36 <REP> d-------- C:\Documents and Settings\Francoise\Application Data\libresystem
    2008-05-17 17:38 . 2008-05-17 17:38 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\libresystem
    2008-05-17 17:33 . 2008-05-17 17:33 <REP> dr------- C:\Documents and Settings\All Users\Application Data\libresystem
    2008-05-17 17:30 . 2008-05-17 17:30 263,192 --a------ C:\Documents and Settings\Bernard\Application Data\setup_fr[1].exe
    2008-05-17 01:06 . 2008-05-17 01:06 <REP> d--hs---- C:\FOUND.002
    2008-05-16 14:45 . 2008-05-16 14:45 <REP> d-------- C:\Documents and Settings\Bernard\Application Data\Malwarebytes
    2008-05-15 18:21 . 2008-05-15 18:21 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2008-05-15 17:56 . 2008-05-15 17:56 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-05-15 17:56 . 2008-05-15 17:56 <REP> d-------- C:\Documents and Settings\Rafael\Application Data\Malwarebytes
    2008-05-15 17:56 . 2008-05-15 17:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-05-15 17:56 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-05-15 17:56 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-05-14 23:06 . 2008-05-14 23:06 <REP> d-------- C:\Program Files\Navilog1
    2008-05-14 09:24 . 2008-05-14 09:25 0 --a------ C:\WINDOWS\system32\0
    2008-05-14 01:20 . 2008-05-14 01:20 <REP> d-------- C:\Program Files\Trend Micro
    2008-04-29 19:23 . 2008-04-29 19:23 <REP> d-------- C:\Program Files\ubi.com
    2008-04-29 19:23 . 2008-04-29 19:23 <REP> d-------- C:\Program Files\Fichiers communs\PocketSoft
    2008-04-29 19:23 . 2001-07-30 18:03 185,344 --a------ C:\WINDOWS\patchw32.dll
    2008-04-29 19:19 . 2008-04-29 19:19 <REP> d-------- C:\Program Files\Destroyer Command
    2008-04-29 19:19 . 2008-04-29 19:23 971,211 --a------ C:\WINDOWS\DESCMDUninst.isu

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-05-26 12:22 66,436 ----a-w C:\Program Files\jboubarne2932337638.xml
    2008-05-26 11:38 404,442 ----a-w C:\Program Files\lindamoh3654875012.xml
    2008-05-22 16:28 47,543 ----a-w C:\Program Files\yoyoyo1975281850942823.xml
    2008-05-22 16:03 1,376,454 ----a-w C:\Program Files\beeboune95860580370.xml
    2008-05-21 11:14 52,532 ----a-w C:\Program Files\natino_romeo1040865329.xml
    2008-05-15 15:13 37,417 ----a-w C:\Program Files\patpongcrew2024556737.xml
    2008-05-10 11:31 11,326 ----a-w C:\Program Files\ptititoy1688887506.xml
    2008-05-09 17:42 37,631 ----a-w C:\Program Files\thansita_t125840022.xml
    2008-05-07 12:39 88,811 ----a-w C:\Program Files\divadestruction271957962256.xml
    2008-05-03 13:44 2,296 ----a-w C:\Program Files\rra_792791460023.xml
    2008-04-30 16:26 647 ----a-w C:\Program Files\homlee-hom4118736078.xml
    2008-04-29 15:43 24,411 ----a-w C:\Program Files\khondio1195525883.xml
    2008-04-23 17:23 11,988 ----a-w C:\Program Files\damien.lamiche1568580867.xml
    2008-04-22 15:27 28,032 ----a-w C:\Program Files\wolfgangbergmann12347937819.xml
    2008-04-22 00:23 1,254 ----a-w C:\Program Files\brandseller51279643830.xml
    2008-04-17 15:33 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2008-04-17 15:33 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
    2008-04-17 15:29 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
    2008-04-17 15:29 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
    2008-04-17 15:29 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
    2008-04-17 11:42 646 ----a-w C:\Program Files\katie_birch2596521732.xml
    2008-04-17 10:32 14,615 ----a-w C:\Program Files\florent.sanchez13968981501.xml
    2008-04-16 16:07 79,525 ----a-w C:\Program Files\qingyun1985093969166998.xml
    2008-04-16 12:17 232,366 ----a-w C:\Program Files\shoeslife1694361641.xml
    2008-04-13 21:54 53,934 ----a-w C:\Program Files\honike3046488981.xml
    2008-04-13 20:53 402 ----a-w C:\Program Files\janetanakit3357631153.xml
    2008-04-11 13:30 2,347 ----a-w C:\Program Files\linnz3062760955.xml
    2008-04-02 17:15 --------- d-----w C:\Program Files\GameSpy Arcade
    2008-03-28 11:29 --------- d-----w C:\Documents and Settings\Rafael\Application Data\gtk-2.0
    2008-03-28 11:25 --------- d-----w C:\Program Files\GIMP-2.0
    2008-03-27 19:05 --------- d-----w C:\Documents and Settings\Bernard\Application Data\DAEMON Tools
    2008-03-27 15:59 --------- d-----w C:\Program Files\Rowan Software
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
    2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll
    2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
    2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
    2008-03-13 15:31 12,160 ----a-w C:\Program Files\MessageLog.xsl
    2008-03-01 16:28 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-02-29 08:57 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-02-29 08:56 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-02-17 15:42 56 --sha-w C:\Documents and Settings\All Users\Application Data\dc64vg9.sys
    2008-02-16 16:41 667 ----a-w C:\Documents and Settings\Rafael\Application Data\waver_2.95.dat
    1995-09-20 13:16 456,976 ----a-w C:\Program Files\Fichiers communs\dao3032.dll
    2005-12-04 20:03 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B41CC7BD-5FA9-47AF-83EA-B076E833F47E}]
    C:\WINDOWS\system32\urqNEWOI.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360]
    "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-10-24 16:10 4662776]
    "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-04-26 11:53 160832]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Disk Monitor"="C:\Program Files\Generic\USB Card Reader Driver v1.9e3\Disk_Monitor.exe" [2003-06-18 11:57 466944]
    "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10 335872]
    "Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 10:48 57344]
    "SoundMan"="SOUNDMAN.EXE" [2005-11-11 14:07 90112 C:\WINDOWS\soundman.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-01-04 00:51 155648]
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:32 208952]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 21:39 59392]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2002-08-28 21:39 455168]
    "InstantAccess"="C:\Program Files\ScannerU\TBRIDGE\BIN\InstantAccess.exe" [1998-07-07 16:04 37376]
    "RegisterDropHandler"="C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [1998-07-07 16:20 22528]
    "V0220Mon.exe"="C:\WINDOWS\V0220Mon.exe" [2006-06-28 18:01 32768]
    "Creative Mouse Software"="C:\Program Files\Creative\Shared Files\CIDS\CTStray.exe" [2004-09-23 14:13 49152]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
    "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 12:41 196608]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-03-20 17:34 86960]
    "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 17:17 159744]
    "NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-08-02 15:30 3096576]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-20 00:10 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
    "RegisterDropHandler"="C:\Program Files\ScannerU\TBRIDGE\BIN\RegisterDropHandler.EXE" [1998-07-07 16:20 22528]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360]
    "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [ ]

    C:\Documents and Settings\Bernard\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]
    PowerReg Scheduler.exe [2008-02-14 19:53:54 256000]

    C:\Documents and Settings\Francoise\Menu D‚marrer\Programmes\D‚marrage\
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]

    C:\Documents and Settings\Rafael\Menu D‚marrer\Programmes\D‚marrage\
    Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2004-09-02 03:35:20 687616]
    reminder-Enregistrement du produit ScanSoft.lnk - C:\Program Files\ScannerU\TBridge\Ereg\REMIND32.EXE [2006-07-11 14:06:34 67584]
    OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 21:26:34 393216]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Action Manager 32.lnk - C:\Program Files\ScannerU\AM32.exe [2006-07-11 14:06:06 57344]
    CallCenter Printer Interface.lnk - C:\Program Files\V3CallCenter\V3faxecp.exe [2007-01-08 15:40:50 32768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.divxa32"= DivXa32.acm
    "msacm.l3acm"= L3codecp.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "C:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "C:\\WINDOWS\\System32\\LEXPPS.EXE"=
    "C:\\Program Files\\Alibaba\\TradeManager\\TradeManager.exe"=
    "C:\\Program Files\\Xfire\\ua_lsp_inst.exe"=
    "C:\\Program Files\\BitComet\\BitComet.exe"=
    "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Ratajik Software\\StationRipper\\StationRipperConsole.exe"=
    "C:\\Program Files\\A4Proxy\\A4Proxy.exe"=
    "C:\\Program Files\\EA GAMES\\MOHDA\\MOHAA.exe"=
    "C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=
    "C:\\WINDOWS\\System32\\dpvsetup.exe"=
    "C:\\Program Files\\Codemasters\\Heroes of the Pacific\\Heroes.exe"=
    "C:\\Program Files\\Fichiers communs\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "C:\\Program Files\\SightSpeed\\SightSpeed.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "11506:TCP"= 11506:TCP:BitComet 11506 TCP
    "11506:UDP"= 11506:UDP:BitComet 11506 UDP
    "12267:TCP"= 12267:TCP:BitComet 12267 TCP
    "12267:UDP"= 12267:UDP:BitComet 12267 UDP
    "21349:TCP"= 21349:TCP:BitComet 21349 TCP
    "21349:UDP"= 21349:UDP:BitComet 21349 UDP
    "15740:TCP"= 15740:TCP:BitComet 15740 TCP
    "15740:UDP"= 15740:UDP:BitComet 15740 UDP
    "21123:TCP"= 21123:TCP:BitComet 21123 TCP
    "21123:UDP"= 21123:UDP:BitComet 21123 UDP
    "8041:TCP"= 8041:TCP:BitComet 8041 TCP
    "8041:UDP"= 8041:UDP:BitComet 8041 UDP
    "14608:TCP"= 14608:TCP:BitComet 14608 TCP
    "14608:UDP"= 14608:UDP:BitComet 14608 UDP
    "13612:TCP"= 13612:TCP:BitComet 13612 TCP
    "13612:UDP"= 13612:UDP:BitComet 13612 UDP
    "13034:TCP"= 13034:TCP:BitComet 13034 TCP
    "13034:UDP"= 13034:UDP:BitComet 13034 UDP
    "7729:TCP"= 7729:TCP:BitComet 7729 TCP
    "7729:UDP"= 7729:UDP:BitComet 7729 UDP
    "12468:TCP"= 12468:TCP:BitComet 12468 TCP
    "12468:UDP"= 12468:UDP:BitComet 12468 UDP
    "11952:TCP"= 11952:TCP:BitComet 11952 TCP
    "11952:UDP"= 11952:UDP:BitComet 11952 UDP
    "15055:TCP"= 15055:TCP:BitComet 15055 TCP
    "15055:UDP"= 15055:UDP:BitComet 15055 UDP
    "10216:TCP"= 10216:TCP:BitComet 10216 TCP
    "10216:UDP"= 10216:UDP:BitComet 10216 UDP
    "12956:TCP"= 12956:TCP:BitComet 12956 TCP
    "12956:UDP"= 12956:UDP:BitComet 12956 UDP
    "25252:TCP"= 25252:TCP:BitComet 25252 TCP
    "25252:UDP"= 25252:UDP:BitComet 25252 UDP
    "11176:TCP"= 11176:TCP:BitComet 11176 TCP
    "11176:UDP"= 11176:UDP:BitComet 11176 UDP
    "13924:TCP"= 13924:TCP:BitComet 13924 TCP
    "13924:UDP"= 13924:UDP:BitComet 13924 UDP
    "10296:TCP"= 10296:TCP:BitComet 10296 TCP
    "10296:UDP"= 10296:UDP:BitComet 10296 UDP
    "12124:TCP"= 12124:TCP:BitComet 12124 TCP
    "12124:UDP"= 12124:UDP:BitComet 12124 UDP
    "20486:TCP"= 20486:TCP:BitComet 20486 TCP
    "20486:UDP"= 20486:UDP:BitComet 20486 UDP
    "16358:TCP"= 16358:TCP:BitComet 16358 TCP
    "16358:UDP"= 16358:UDP:BitComet 16358 UDP

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
    R3 C4C_BSC2;C4C_BSC2;C:\WINDOWS\system32\DRIVERS\C4C_BSC2.sys [2002-07-08 19:32]
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 06:58]
    R3 V0220Dev;Live! Cam Video IM;C:\WINDOWS\system32\DRIVERS\V0220Dev.sys [2006-06-29 06:58]
    R3 V0220Vfx;V0220VFX;C:\WINDOWS\system32\DRIVERS\V0220Vfx.sys [2006-06-08 09:00]
    S3 btwavdt;Bluetooth AVDT;C:\WINDOWS\system32\DRIVERS\btwavdt.sys [2007-07-12 06:01]
    S3 btwrchid;btwrchid;C:\WINDOWS\system32\DRIVERS\btwrchid.sys [2007-07-12 06:03]
    S3 cdspacex;cdspacex;C:\WINDOWS\system32\DRIVERS\CDSPACEX.sys []
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 14:23]
    S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-17 17:29]
    S3 MBAMCatchMe;MBAMCatchMe;C:\WINDOWS\system32\drivers\mbamcatchme.sys [2008-05-05 20:46]
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 12:16]
    S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 12:17]
    S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 12:17]
    S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 12:18]
    S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 12:15]
    S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 12:18]
    S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 12:15]
    S3 TwoRabts;Two Rabbits Live Bus;C:\WINDOWS\system32\DRIVERS\TwoRabts.sys []
    S3 usbstor;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

    *Newly Created Service* - CATCHME
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-05-27 16:41:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-05-27 19:40:11
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs a chargé sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\system32\lsass.exe
    -> C:\WINDOWS\system32\xfire_lsp_9028.dll
    .
    Temps d'accomplissement: 2008-05-27 19:40:42
    ComboFix-quarantined-files.txt 2008-05-27 17:40:40

    Pre-Run: 9,906,814,976 octets libres
    Post-Run: 10,494,869,504 octets libres

    248 --- E O F --- 2008-05-21 11:15:39
    a b 8 Sécurité
    27 Mai 2008 19:48:40

    Pourquoi penses-tu à Vundo ?
    28 Mai 2008 13:05:18

    je sais pas c est ce qu on m a fait comprendre, moi j y connais pas grand chose, je sais que mon pc est tres tres lent, enfin je suis sur qu il y a quelque chose, n aurai tu pas un moyen de decouvrir quoi?
    a b 8 Sécurité
    28 Mai 2008 13:31:21

    Il te l'a fait comprendre ? Ô_o
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS