Se connecter / S'enregistrer
Votre question

encore un virus merillym

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
23 Mars 2008 18:13:41

(re)salut

:cry:  j'ai encore un virus

merillym ;tu m'avais deja bien aider la derniere fois

comment decrire le virus ou les virus

1; mon fond d'ecran disparait quelque secondes apres avoir fait le demarrage

2; des programmes apparaissent tout seul (enfin les raccourcis )

3; mon systeme est tres ralentis ... :pt1cable: 

4; des messages apparaissent tres regulierement en m'enoncant la fin de mon ordinateur ( error critical voier telecharger telle utilitere pour y remedier

merci de votre aide

peut erte deja un rapport hijackthis ??

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24, on 23/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ATKKBService.exe
C:\PROGRA~1\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\PROGRA~1\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\PROGRA~1\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILLA FIREFOX\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: qvdntlmw - {3D5F91CB-4CEC-4AA8-BF5D-D7797DE45A4B} - C:\WINDOWS\qvdntlmw.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: WiFi Station.lnk = C:\Program Files\Hercules\WiFi Station\WiFiStation.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O21 - SSODL: dwnrpofk - {BC93C22A-D997-4FC4-9173-6DFA73124DD7} - C:\WINDOWS\dwnrpofk.dll
O21 - SSODL: vbgtorfd - {3297D724-9C96-454F-BF75-3B238BFCFCC6} - C:\WINDOWS\vbgtorfd.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

--
End of file - 7057 bytes

Autres pages sur : virus merillym

23 Mars 2008 18:33:35

comment je mets une catpure d'ecran ?? sur le forum ??
23 Mars 2008 18:47:26

ComboFix 08-03-23.2 - Administrateur 2008-03-23 18:56:45.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1620 [GMT 1:00]
Endroit: C:\Documents and Settings\Administrateur.TITANIUM\Mes documents\serveur\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrateur.TITANIUM\Favoris\Error Cleaner.url
C:\Documents and Settings\Administrateur.TITANIUM\Favoris\Privacy Protector.url
C:\Documents and Settings\Administrateur.TITANIUM\Favoris\Spyware&Malware Protection.url
C:\WINDOWS\dwnrpofk.dll
C:\WINDOWS\qvdntlmw.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-23 to 2008-03-23 ))))))))))))))))))))))))))))))))))))
.

2008-03-23 18:42 . 2008-03-23 18:42 <REP> d-------- C:\Program Files\Gadwin Systems
2008-03-23 07:39 . 2008-03-23 04:02 221,184 --a------ C:\WINDOWS\vbgtorfd.dll
2008-03-23 07:39 . 2008-03-23 04:02 81,920 --a------ C:\WINDOWS\norlatmx.exe
2008-03-19 17:07 . 2008-03-19 17:07 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Xfire
2008-03-19 13:56 . 2008-03-19 13:56 <REP> d-------- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\Xfire
2008-03-19 13:55 . 2008-03-21 16:22 <REP> d-------- C:\Program Files\Xfire
2008-03-19 13:55 . 2008-03-21 17:02 <REP> d-------- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Xfire
2008-03-19 12:26 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-18 13:59 . 2008-03-18 13:59 <REP> d-------- C:\Program Files\MSECache
2008-03-15 15:11 . 2008-03-15 15:15 <REP> d-------- C:\PunkBuster
2008-03-14 00:05 . 2008-03-14 00:05 41,296 --a------ C:\WINDOWS\system32\xfcodec.dll
2008-03-13 19:15 . 2008-03-13 19:15 <REP> d-------- C:\Program Files\AusLogics Disk Defrag
2008-03-10 17:41 . 2008-03-10 17:41 <REP> d-------- C:\Program Files\CCleaner
2008-03-09 21:26 . 2008-03-09 21:26 2,359,350 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
2008-03-09 21:26 . 2008-03-09 21:26 63,238 --a------ C:\WINDOWS\BricoPackUninst.cmd
2008-03-09 21:25 . 2008-03-09 21:26 247 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-03-09 16:29 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-09 16:19 . 2008-03-09 16:19 <REP> d-------- C:\WINDOWS\Sun
2008-03-09 15:17 . 2008-03-09 15:17 1,158 --a------ C:\WINDOWS\mozver.dat
2008-03-09 15:04 . 2008-03-18 14:04 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-09 12:58 . 2008-03-09 12:58 <REP> d-------- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\vlc
2008-03-09 12:53 . 2008-03-09 12:53 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-03-09 12:53 . 2008-03-09 12:53 <REP> d-------- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\DAEMON Tools
2008-03-09 12:34 . 2008-03-09 12:34 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-09 12:30 . 2007-01-18 13:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-03-09 12:10 . 2008-03-09 12:10 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Logitech
2008-03-09 12:05 . 2008-03-09 12:05 <REP> d-------- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Logitech
2008-03-09 12:03 . 2008-03-09 12:03 81,920 -r------- C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe
2008-03-09 12:00 . 2008-03-09 12:42 <REP> d-------- C:\Documents and Settings\Administrateur.TITANIUM\Contacts
2008-03-09 11:34 . 2008-03-09 11:34 <REP> d-------- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Talkback
2008-03-09 11:34 . 2008-03-09 11:34 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-09 11:29 . 2008-03-09 11:29 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-03-09 00:52 . 2008-03-23 06:30 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-09 00:52 . 2008-03-15 15:14 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-09 00:52 . 2008-03-23 06:30 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-09 00:52 . 2008-03-15 15:03 22,328 --a------ C:\Documents and Settings\Administrateur.TITANIUM\Application Data\PnkBstrK.sys
2008-03-09 00:52 . 2008-03-09 00:52 319 --a------ C:\WINDOWS\game.ini
2008-03-09 00:43 . 2008-03-09 00:43 <REP> d-------- C:\Program Files\Activision
2008-03-08 22:23 . 2004-08-04 01:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-03-08 22:23 . 2001-08-17 22:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-03-08 22:22 . 2004-08-04 01:39 58,496 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-03-08 22:21 . 2004-08-04 01:54 77,312 --a------ C:\WINDOWS\system32\usbui.dll
2008-03-08 22:21 . 2001-08-17 22:46 6,400 --a------ C:\WINDOWS\system32\drivers\enum1394.sys
2008-03-08 22:19 . 2008-03-08 22:19 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage réseau
2008-03-08 22:19 . 2008-03-08 22:19 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Voisinage d'impression
2008-03-08 22:19 . 2008-03-08 21:25 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS\Modèles
2008-03-08 22:19 . 2008-03-08 22:19 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Mes documents
2008-03-08 22:19 . 2008-03-08 22:19 <REP> dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Démarrer
2008-03-08 22:19 . 2008-03-08 22:19 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Favoris
2008-03-08 22:19 . 2008-03-08 22:19 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS\Bureau
2008-03-08 22:19 . 2008-03-08 22:19 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS\Modèles
2008-03-08 22:19 . 2008-03-08 21:30 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer
2008-03-08 22:19 . 2008-03-08 22:19 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Favoris
2008-03-08 22:19 . 2008-03-08 21:26 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS\Documents
2008-03-08 22:19 . 2008-03-19 13:55 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Bureau
2008-03-08 22:17 . 2008-03-09 21:01 <REP> d-------- C:\INSTALL
2008-03-08 22:17 . 2008-03-08 21:30 1,340 --a------ C:\WINDOWS\system32\$winnt$.inf
2008-03-08 22:12 . 2008-03-08 22:12 <REP> d---s---- C:\Documents and Settings\Administrateur.TITANIUM\UserData
2008-03-08 22:08 . 2006-03-09 11:33 366,080 --a------ C:\WINDOWS\system32\drivers\rt61.sys
2008-03-08 22:08 . 2006-03-09 11:33 365,440 --a------ C:\WINDOWS\system32\drivers\RT619x.sys
2008-03-08 22:08 . 2006-01-12 19:47 255,616 --a------ C:\WINDOWS\system32\drivers\rt73u98.sys
2008-03-08 22:08 . 2006-01-12 19:46 252,928 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-03-08 22:08 . 2005-10-17 19:50 247,808 --a------ C:\WINDOWS\system32\drivers\rt25u98.sys
2008-03-08 22:08 . 2005-10-17 19:50 245,376 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-03-08 22:08 . 2005-10-20 15:00 244,608 --a------ C:\WINDOWS\system32\drivers\rt25009x.sys
2008-03-08 22:08 . 2005-10-20 15:00 243,328 --a------ C:\WINDOWS\system32\drivers\rt2500.sys
2008-03-08 22:08 . 2008-03-08 22:08 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-03-08 22:07 . 2008-03-08 22:07 <REP> d-------- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\AdobeUM
2008-03-08 22:06 . 2008-03-08 22:06 <REP> d-------- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\InstallShield
2008-03-08 22:00 . 2004-03-17 14:36 15,872 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-08 21:57 . 2008-03-08 21:57 25 --a------ C:\WINDOWS\FileName
2008-03-08 21:55 . 2006-05-05 11:32 941,454 -ra------ C:\WINDOWS\system32\SATA.bmp
2008-03-08 21:55 . 2006-05-05 11:32 941,454 -ra------ C:\WINDOWS\system32\Alert.bmp
2008-03-08 21:55 . 2006-02-21 12:38 486,400 -ra------ C:\WINDOWS\system32\AsusSetup.exe
2008-03-08 21:55 . 2008-03-08 22:04 33,860 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-03-08 21:55 . 2006-10-11 04:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-03-08 21:55 . 2004-08-13 03:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-03-08 21:55 . 2006-03-23 19:08 804 -ra------ C:\WINDOWS\system32\AsusSetup.ini
2008-03-08 21:55 . 2006-05-05 12:16 396 -ra------ C:\WINDOWS\system32\raidmgmt.ini
2008-03-08 21:53 . 2006-06-18 23:40 43,520 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-03-08 21:45 . 2006-06-14 13:44 12,288 --a------ C:\WINDOWS\system32\drivers\EIO.sys
2008-03-08 21:45 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-03-08 21:45 . 2004-08-03 22:58 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys
2008-03-08 21:40 . 2007-04-26 21:43 5,421,568 --a------ C:\WINDOWS\system32\ATKOSDX32.dll
2008-03-08 21:39 . 2007-04-13 00:51 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-08 21:36 . 2004-08-04 01:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-08 21:34 . 2004-08-23 15:38 <REP> d-------- C:\Program Files\WINAMP
2008-03-08 21:34 . 2008-03-08 21:34 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink
2008-03-08 21:34 . 2004-03-03 20:30 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2008-03-08 21:34 . 2004-03-03 20:30 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2008-03-08 21:33 . 2008-03-08 21:33 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\MSN Messenger 6.2.0137
2008-03-08 21:33 . 2008-03-08 21:33 <REP> d-------- C:\Documents and Settings\Administrateur.TITANIUM\Application Data\Lavasoft
2008-03-08 21:33 . 2004-07-20 16:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-03-08 21:33 . 2004-07-20 16:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-03-08 21:33 . 2004-07-20 16:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-03-08 21:33 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-03-08 21:33 . 2004-07-20 16:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-03-08 21:33 . 2001-07-09 10:50 155,648 -ra------ C:\WINDOWS\system32\NeroCheck.exe
2008-03-08 21:33 . 2000-06-26 10:45 106,496 -ra------ C:\WINDOWS\system32\TwnLib20.dll
2008-03-08 21:33 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-21 15:36 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-19 11:26 --------- d-----w C:\Program Files\Java
2008-03-18 13:19 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-03-09 20:26 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-03-09 11:10 --------- d-----w C:\Program Files\Logitech
2008-03-09 11:00 --------- d-----w C:\Program Files\MSN Messenger
2008-03-08 20:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-08 20:40 --------- d-----w C:\Program Files\ASUS
2008-03-08 20:35 --------- d-----w C:\Program Files\WinISO
2008-03-08 20:34 --------- d-----w C:\Program Files\DVD Shrink
2008-03-02 13:16 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-02 13:14 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-03-02 09:29 --------- d-----w C:\Program Files\Kazaa Lite Resurrection
2008-02-16 20:30 --------- d-----w C:\Program Files\Auslogics
.

------- Sigcheck -------

2004-08-04 01:54 694784 f6ad4c0f992b3b51c044ad74d9e2e854 C:\WINDOWS\system32\wininet.dll
2004-08-04 01:54 694784 f6ad4c0f992b3b51c044ad74d9e2e854 C:\WINDOWS\system32\dllcache\wininet.dll

2004-08-18 10:22 359040 27a5959c94ee173a063ca06bd14f021a C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-22 23:35 978432 9f3b76c8cf787449a47f05abab4e13e6 C:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-03-09 12:17 20480]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2007-12-15 11:02 482760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 16:44 8429568]
"nwiz"="nwiz.exe" [2007-04-12 16:44 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 16:44 81920]
"GamerOSD"="C:\Program Files\ASUS\GamerOSD\GamerOSD.exe" [2007-02-14 09:42 380928]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 14:34 868352]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12 729088]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-02 10:20 249896]
"Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 16:31 1122304]
"Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 16:14 497152]

C:\Documents and Settings\Administrateur.TITANIUM\Menu D‚marrer\Programmes\D‚marrage\
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 08:43:08 180224]

C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-03-09 12:18:03 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-12-09 17:36:02 581632]
WiFi Station.lnk - C:\Program Files\Hercules\WiFi Station\WiFiStation.exe [2007-11-21 17:32:37 650240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"dwnrpofk"= {BC93C22A-D997-4FC4-9173-6DFA73124DD7} - C:\WINDOWS\dwnrpofk.dll [ ]
"vbgtorfd"= {3297D724-9C96-454F-BF75-3B238BFCFCC6} - C:\WINDOWS\vbgtorfd.dll [2008-03-23 04:02 221184]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"D:\\Program Files\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=

R1 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb32.sys [2005-10-20 16:25]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2006-09-29 10:06]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7c6ae20c-ed54-11dc-b579-806d6172696f}]
\Shell\AutoRun\command - E:\Setup.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 18:57:35
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
-> C:\WINDOWS\vbgtorfd.dll
.
Temps d'accomplissement: 2008-03-23 18:57:48
ComboFix-quarantined-files.txt 2008-03-23 17:57:46


sa c'est le rapport combofix ;) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS