Votre question

Problemes pubs incessantes

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Janvier 2008 19:59:56

salut à tous,

j'ai des pubs incessantes sur le manque de securité de mon pc, des sites de rencontre,... qui apparaissent tout le temps sur mon pc .
Que puis-je faire?

j'ai fait un scan Hijackthis : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54:37, on 03/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\GhostSurf Platinum\Proxy.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\PnkBstrA.exe
D:\Program Files\Xfire\xfire.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
D:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\Q-tin\Local Settings\Temp\wz9601\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SYSTRAN Personal 4.0 - {039036AA-7710-11D7-ACDA-00B0D094B576} - C:\Program Files\SYSTRAN\4_0\Personal\IEPlugin.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Host Process] D:\WINDOWS\Fonts\svchost.exe
O4 - HKLM\..\Run: [GhostSurf Reminder] "D:\Program Files\GhostSurf Platinum\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "D:\Program Files\GhostSurf Platinum\DeleteSatellite.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [98c3f665] rundll32.exe "D:\WINDOWS\System32\tquslrsx.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: GhostSurf proxy.lnk = D:\Program Files\GhostSurf Platinum\Proxy.exe
O4 - Global Startup: Privacy Auditor.lnk = D:\Program Files\GhostSurf Platinum\Privacy Auditor.exe
O4 - Global Startup: SpyCatcher Protector.lnk = D:\Program Files\GhostSurf Platinum\Protector.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: secuload.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DomainService - Unknown owner - D:\WINDOWS\System32\pqjwpjis.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 5794 bytes

Autres pages sur : problemes pubs incessantes

3 Janvier 2008 22:15:53

Bonjour


Télécharge Combofix.exe (par sUBs) sur ton Bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Double clique combofix.exe et suis les invites.
Lorsque le scan sera complété, un rapport apparaîtra.

Copie/colle ce rapport dans ta prochaine réponse avec un nouveau HijackThis.
4 Janvier 2008 13:17:30

Voila j'ai fait comme tu m'as dit
ComboFix 08-01-04.1 - Q-tin 2008-01-04 13:07:55.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.0.1252.1.1036.18.297 [GMT 1:00]
Running from: D:\Documents and Settings\Q-tin\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Program Files\Temporary
D:\Program Files\Temporary\kernInstall.exe
D:\WINDOWS\b122.exe
D:\WINDOWS\Fonts\a.zip
D:\WINDOWS\Fonts\Crack.exe
D:\WINDOWS\Fonts\svchost.exe
D:\WINDOWS\mrofinu1188.exe
D:\WINDOWS\system32\aplkmxnh.exe
D:\WINDOWS\system32\bcehyvco.dll
D:\WINDOWS\system32\dnbbibye.dll
D:\WINDOWS\system32\drcwhlns.dll
D:\WINDOWS\system32\dtlvpcfq.exe
D:\WINDOWS\system32\dxuiwjxb.ini
D:\WINDOWS\system32\efcaxwv.dll
D:\WINDOWS\system32\efccywv.dll
D:\WINDOWS\system32\egrtesvy.dll
D:\WINDOWS\system32\etomnaqc.exe
D:\WINDOWS\system32\ewqcdnyb.dll
D:\WINDOWS\system32\fcccywx.dll
D:\WINDOWS\system32\ggaupywg.exe
D:\WINDOWS\system32\gsjcwefx.dll
D:\WINDOWS\system32\hgaijttk.exe
D:\WINDOWS\system32\hggdabc.dll
D:\WINDOWS\system32\hggecyw.dll
D:\WINDOWS\system32\hxkttywv.ini
D:\WINDOWS\system32\ibrahjis.dll
D:\WINDOWS\system32\iifffgf.dll
D:\WINDOWS\system32\ipxoetdy.exe
D:\WINDOWS\system32\isiqwfmc.dll
D:\WINDOWS\system32\jcchbbwg.exe
D:\WINDOWS\system32\jcwikvje.exe
D:\WINDOWS\system32\jkkiige.dll
D:\WINDOWS\system32\jkkkjjh.dll
D:\WINDOWS\system32\jsdktwep.ini
D:\WINDOWS\system32\kbwvpnis.dll
D:\WINDOWS\system32\lbhtskmv.exe
D:\WINDOWS\system32\ljjhefe.dll
D:\WINDOWS\system32\lnfnsnkc.dll
D:\WINDOWS\system32\mcrh.tmp
D:\WINDOWS\system32\mljiijk.dll
D:\WINDOWS\system32\muubpekf.exe
D:\WINDOWS\system32\nhoefbkc.dll
D:\WINDOWS\system32\nmmoq.ini
D:\WINDOWS\system32\nmmoq.ini2
D:\WINDOWS\system32\nnnkjig.dll
D:\WINDOWS\system32\nnnljii.dll
D:\WINDOWS\system32\nnnnkjh.dll
D:\WINDOWS\system32\nnnnmji.dll
D:\WINDOWS\system32\nnnnmlk.dll
D:\WINDOWS\system32\nnnxiqrv.ini
D:\WINDOWS\system32\nsfftjab.dll
D:\WINDOWS\system32\ockfgvbn.dll
D:\WINDOWS\system32\opnmnop.dll
D:\WINDOWS\system32\ppndjcwi.dll
D:\WINDOWS\system32\pqjwpjis.exe
D:\WINDOWS\system32\prrhptmd.exe
D:\WINDOWS\system32\qdexamdv.ini
D:\WINDOWS\system32\qmhrjjeo.dll
D:\WINDOWS\system32\qommn.dll
D:\WINDOWS\system32\rogtosqc.dll
D:\WINDOWS\system32\rqrrrpo.dll
D:\WINDOWS\system32\sauumjju.exe
D:\WINDOWS\system32\snlhwcrd.ini
D:\WINDOWS\system32\sovkxcrn.dll
D:\WINDOWS\system32\ssqqpop.dll
D:\WINDOWS\system32\ssqrssq.dll
D:\WINDOWS\system32\sxixcosh.exe
D:\WINDOWS\system32\tfayosxi.ini
D:\WINDOWS\system32\tquslrsx.dll
D:\WINDOWS\system32\tuvssqn.dll
D:\WINDOWS\system32\ujcofyps.exe
D:\WINDOWS\system32\vfjcjsjo.exe
D:\WINDOWS\system32\vrqixnnn.dll
D:\WINDOWS\system32\vtikahyd.dll
D:\WINDOWS\system32\vtuvtuv.dll
D:\WINDOWS\system32\vwyttkxh.dll
D:\WINDOWS\system32\woucqsim.dll
D:\WINDOWS\system32\wvurpmm.dll
D:\WINDOWS\system32\xsrlsuqt.ini
D:\WINDOWS\system32\xsytfwlg.exe
D:\WINDOWS\system32\xxwobvpe.ini
D:\WINDOWS\system32\xxywvts.dll
D:\WINDOWS\system32\yaywtsp.dll
D:\WINDOWS\Fonts\'

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-04 13:06 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-03 20:26 . 2008-01-03 20:26 <REP> d-------- D:\Program Files\kernel
2008-01-03 20:23 . 2008-01-03 20:23 39,936 --a------ D:\WINDOWS\mrofinu1188.exe.tmp
2008-01-03 20:19 . 2008-01-03 20:19 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys
2008-01-03 20:19 . 2008-01-03 20:19 298,104 --a------ D:\WINDOWS\system32\imon.dll
2008-01-03 20:19 . 2008-01-03 20:19 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-02 13:42 . 2008-01-03 15:39 1,195 ---hs---- D:\WINDOWS\system32\rdmjdocq.ini
2008-01-01 13:35 . 2008-01-02 13:35 895 ---hs---- D:\WINDOWS\system32\vrbsxcvq.ini
2007-12-31 12:37 . 2008-01-01 13:30 595 ---hs---- D:\WINDOWS\system32\hvxkalqe.ini
2007-12-30 11:19 . 2007-12-31 12:35 475 ---hs---- D:\WINDOWS\system32\rmxpnhvs.ini
2007-12-29 22:52 . 2008-01-03 20:23 <REP> d-------- D:\Program Files\ModernRcon v0.4
2007-12-28 11:14 . 2007-12-29 11:16 63,017 ---hs---- D:\WINDOWS\system32\cnyacons.ini
2007-12-27 14:12 . 2007-12-27 14:12 268 --ah----- D:\sqmdata07.sqm
2007-12-27 14:12 . 2007-12-27 14:12 244 --ah----- D:\sqmnoopt07.sqm
2007-12-27 13:42 . 2007-12-27 13:42 268 --ah----- D:\sqmdata06.sqm
2007-12-27 13:42 . 2007-12-27 13:42 244 --ah----- D:\sqmnoopt06.sqm
2007-12-27 13:39 . 2007-12-27 13:45 <REP> d-------- D:\Program Files\CoD RconTool
2007-12-27 11:10 . 2007-12-28 11:11 62,597 ---hs---- D:\WINDOWS\system32\acwexxhj.ini
2007-12-26 21:09 . 2007-12-26 21:09 268 --ah----- D:\sqmdata05.sqm
2007-12-26 21:09 . 2007-12-26 21:09 244 --ah----- D:\sqmnoopt05.sqm
2007-12-26 14:15 . 2007-12-26 14:15 268 --ah----- D:\sqmdata04.sqm
2007-12-26 14:15 . 2007-12-26 14:15 244 --ah----- D:\sqmnoopt04.sqm
2007-12-26 11:59 . 2007-12-26 11:59 268 --ah----- D:\sqmdata03.sqm
2007-12-26 11:59 . 2007-12-26 11:59 244 --ah----- D:\sqmnoopt03.sqm
2007-12-26 11:13 . 2007-12-27 10:55 475 ---hs---- D:\WINDOWS\system32\gnjdotbl.ini
2007-12-24 14:56 . 2007-12-24 14:56 <REP> d-------- D:\Program Files\MSECache
2007-12-23 20:42 . 2007-12-23 20:45 <REP> d-------- D:\WINDOWS\system32\URTTemp
2007-12-21 20:48 . 2007-12-22 20:25 475 ---hs---- D:\WINDOWS\system32\ktvcclhc.ini
2007-12-20 01:17 . 2007-12-20 01:17 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Nvu
2007-12-20 01:16 . 2007-12-20 01:17 <REP> d-------- D:\Program Files\Nvu
2007-12-20 01:01 . 2007-12-20 01:01 <REP> d-------- D:\Program Files\vmntoolbar
2007-12-20 01:01 . 2007-12-20 01:01 <REP> d-------- D:\Program Files\Visicom Media
2007-12-20 01:01 . 2008-01-03 15:46 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\vmntoolbar
2007-12-20 01:01 . 2007-12-28 22:01 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Sites
2007-12-20 01:01 . 2007-12-20 01:02 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Dynamique
2007-12-20 01:01 . 2007-12-20 01:01 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Classes de site
2007-12-17 21:58 . 2007-12-17 22:06 37 --a------ D:\WINDOWS\DeliveryReader.INI
2007-12-17 21:52 . 2007-12-19 09:51 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Delivery
2007-12-17 20:02 . 2007-12-17 20:02 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Apple Computer
2007-12-17 19:53 . 2007-12-30 14:29 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2007-12-17 19:53 . 2007-12-17 19:53 1,409 --a------ D:\WINDOWS\QTFont.for
2007-12-17 19:51 . 2007-12-17 19:52 <REP> d-------- D:\Program Files\QuickTime
2007-12-17 19:51 . 2007-12-17 19:51 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-17 19:50 . 2007-12-17 19:50 <REP> d-------- D:\Program Files\Apple Software Update
2007-12-17 19:50 . 2007-12-17 19:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 19:50 . 2005-09-23 07:28 270,848 --a------ D:\WINDOWS\system32\TBD55.tmp
2007-12-17 00:04 . 2004-08-04 13:00 1,392,671 --a------ D:\WINDOWS\system32\msvbvm60.dll
2007-12-17 00:04 . 2003-09-12 19:09 608,448 --a------ D:\WINDOWS\system32\comctl32.ocx
2007-12-17 00:04 . 2005-02-10 21:03 212,240 --a------ D:\WINDOWS\system32\RICHTX32.OCX
2007-12-17 00:04 . 2000-05-22 16:58 209,608 --a------ D:\WINDOWS\system32\tabctl32.ocx
2007-12-17 00:04 . 2000-05-22 15:58 140,488 --a------ D:\WINDOWS\system32\comdlg32.ocx
2007-12-17 00:04 . 2004-03-08 23:00 132,880 --a------ D:\WINDOWS\system32\MSINET.OCX
2007-12-17 00:04 . 2000-05-22 16:58 109,248 --a------ D:\WINDOWS\system32\mswinsck.ocx
2007-12-14 14:39 . 2007-12-14 14:39 <REP> d-------- D:\Program Files\Siber Systems
2007-12-14 14:27 . 2007-12-14 14:27 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Tenebril
2007-12-14 14:27 . 2007-12-14 14:27 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Tenebril
2007-12-14 14:22 . 2007-12-14 14:22 <REP> d-------- D:\WINDOWS\system32\tenarchlib
2007-12-14 14:22 . 2007-12-14 14:23 <REP> d-------- D:\Program Files\GhostSurf Platinum
2007-12-14 14:22 . 2007-03-14 01:30 1,712,128 --a------ D:\WINDOWS\system32\GdiPlus.dll
2007-12-14 14:22 . 2007-05-07 11:39 1,103,944 --a-s---- D:\WINDOWS\system32\Protector.dll
2007-12-14 14:22 . 2005-10-12 23:10 180,224 --a-s---- D:\WINDOWS\system32\archlib.dll
2007-12-14 14:22 . 2007-05-07 11:39 169,544 --a-s---- D:\WINDOWS\system32\SecuLoad.dll
2007-12-14 14:22 . 2006-07-26 22:13 57,344 --a------ D:\WINDOWS\system32\MFC71ENU.DLL
2007-12-14 14:22 . 2007-05-07 11:42 40,960 --a-s---- D:\WINDOWS\system32\ProcessKiller.dll
2007-12-11 19:07 . 2007-12-13 12:08 1,060,175 ---hs---- D:\WINDOWS\system32\yfdbgydp.ini
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ D:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ D:\WINDOWS\system32\QuickTime.qts
2007-12-10 16:12 . 2007-12-10 16:13 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
2007-12-08 12:18 . 2007-12-08 12:18 147,456 --a------ D:\WINDOWS\system32\vbzip10.dll
2007-12-08 12:13 . 2008-01-04 12:55 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 12:14 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\Xfire
2008-01-04 12:01 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\LimeWire
2008-01-04 12:00 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\teamspeak2
2008-01-03 10:56 --------- d-----w D:\Program Files\HLSW
2008-01-01 23:25 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 23:24 107,832 ----a-w D:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 10:38 --------- d-----w D:\Program Files\FlashGet
2007-12-20 10:00 --------- d-----w D:\Program Files\Xfire
2007-12-08 16:15 --------- d-----w D:\Program Files\DivX
2007-12-03 14:59 --------- d-----w D:\Program Files\Log In 1
2007-12-01 16:37 --------- d-----w D:\Program Files\BitTorrent
2007-11-30 18:54 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\BitTorrent
2007-11-27 17:32 --------- d-----w D:\Program Files\Movie Stream 1.3
2007-11-25 11:56 --------- d--h--w D:\Program Files\GLF2A.tmp
2007-11-24 11:03 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\DeepBurner
2007-11-22 16:21 --------- d-----w D:\Program Files\Common Files
2007-11-22 16:13 123,392 ----a-w D:\WINDOWS\system32\itss.dll
2007-11-22 16:12 9,728 ----a-w D:\WINDOWS\system32\mstinit.exe
2007-11-22 16:12 48,640 ----a-w D:\WINDOWS\system32\browser.dll
2007-11-22 16:12 257,536 ----a-w D:\WINDOWS\system32\mstask.dll
2007-11-22 16:12 161,280 ----a-w D:\WINDOWS\system32\schedsvc.dll
2007-11-17 10:18 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-11-17 09:51 --------- d-----w D:\Program Files\TaalNet2
2007-11-04 17:45 --------- d-----w D:\Program Files\SystemRequirementsLab
2007-11-04 17:41 --------- d-----w D:\Program Files\Java
2007-11-04 17:38 --------- d-----w D:\Program Files\Fichiers communs\Java
2007-10-28 19:35 73,216 ----a-w D:\WINDOWS\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14 1077277]
"kernel"="D:\Program Files\kernel\kernel.exe" [2008-01-03 20:26 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2004-10-29 15:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 15:50 921600 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 15:50 86016]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GhostSurf Reminder"="D:\Program Files\GhostSurf Platinum\Privacy Control Center.exe" [2005-08-14 23:32 82037]
"GhostSurfDelSatellite"="D:\Program Files\GhostSurf Platinum\DeleteSatellite.exe" [ ]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2008-01-03 20:19 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=secuload.dll

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;D:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]

*Newly Created Service* - ALG
*Newly Created Service* - IPNAT
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-12-17 18:51:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 13:14:34
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
-> D:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-04 13:15:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-04 12:15:42
.
2007-12-13 20:40:11 --- E O F ---


Hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:17:20, on 04/01/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Eset\nod32krn.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\PnkBstrA.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\System32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\kernel\kernel.exe
C:\PROGRA~1\SYSTRAN\4_0\Personal\SYSTRA~2.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
D:\Documents and Settings\Q-tin\Local Settings\Temp\wz9248\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - D:\Program Files\GhostSurf Platinum\SCActiveBlock.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\Program Files\FlashGet\jccatch.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SYSTRAN Personal 4.0 - {039036AA-7710-11D7-ACDA-00B0D094B576} - C:\Program Files\SYSTRAN\4_0\Personal\IEPlugin.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - D:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [GhostSurf Reminder] "D:\Program Files\GhostSurf Platinum\Privacy Control Center.exe" reminder
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "D:\Program Files\GhostSurf Platinum\DeleteSatellite.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kernel] D:\Program Files\kernel\kernel.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O4 - Global Startup: GhostSurf proxy.lnk = D:\Program Files\GhostSurf Platinum\Proxy.exe
O4 - Global Startup: Privacy Auditor.lnk = D:\Program Files\GhostSurf Platinum\Privacy Auditor.exe
O4 - Global Startup: SpyCatcher Protector.lnk = D:\Program Files\GhostSurf Platinum\Protector.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O20 - AppInit_DLLs: secuload.dll
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\System32\PnkBstrA.exe

--
End of file - 5827 bytes

Merci de m'aider :) 
Contenus similaires
4 Janvier 2008 22:34:13

Bonjour


Copie (Ctrl+C) le texte ci-dessous :

File::
D:\WINDOWS\mrofinu1188.exe.tmp
D:\WINDOWS\system32\rdmjdocq.ini
D:\WINDOWS\system32\vrbsxcvq.ini
D:\WINDOWS\system32\hvxkalqe.ini
D:\WINDOWS\system32\rmxpnhvs.ini
D:\WINDOWS\system32\cnyacons.ini
D:\sqmdata07.sqm
D:\sqmnoopt07.sqm
D:\sqmdata06.sqm
D:\sqmnoopt06.sqm
D:\WINDOWS\system32\acwexxhj.ini
D:\sqmdata05.sqm
D:\sqmnoopt05.sqm
D:\sqmdata04.sqm
D:\sqmnoopt04.sqm
D:\sqmdata03.sqm
D:\sqmnoopt03.sqm
D:\WINDOWS\system32\gnjdotbl.ini
D:\WINDOWS\system32\ktvcclhc.ini
D:\WINDOWS\system32\yfdbgydp.ini

Folder::
D:\Program Files\kernel

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kernel"=-


Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt



Comme l'image le montre, fait glisser CFScript.txt sur Combofix.exe
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
5 Janvier 2008 22:04:25

J'ai fait ce que tu m'as dit

ComboFix 08-01-04.1 - Q-tin 2008-01-05 22:01:16.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.0.1252.1.1036.18.225 [GMT 1:00]
Running from: D:\Documents and Settings\Q-tin\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\Q-tin\Bureau\CFScript.txt
* Created a new restore point

FILE
D:\sqmdata03.sqm
D:\sqmdata04.sqm
D:\sqmdata05.sqm
D:\sqmdata06.sqm
D:\sqmdata07.sqm
D:\sqmnoopt03.sqm
D:\sqmnoopt04.sqm
D:\sqmnoopt05.sqm
D:\sqmnoopt06.sqm
D:\sqmnoopt07.sqm
D:\WINDOWS\mrofinu1188.exe.tmp
D:\WINDOWS\system32\acwexxhj.ini
D:\WINDOWS\system32\cnyacons.ini
D:\WINDOWS\system32\gnjdotbl.ini
D:\WINDOWS\system32\hvxkalqe.ini
D:\WINDOWS\system32\ktvcclhc.ini
D:\WINDOWS\system32\rdmjdocq.ini
D:\WINDOWS\system32\rmxpnhvs.ini
D:\WINDOWS\system32\vrbsxcvq.ini
D:\WINDOWS\system32\yfdbgydp.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Program Files\kernel
D:\Program Files\kernel\kernel.exe
D:\sqmdata03.sqm
D:\sqmdata04.sqm
D:\sqmdata05.sqm
D:\sqmdata06.sqm
D:\sqmdata07.sqm
D:\sqmnoopt03.sqm
D:\sqmnoopt04.sqm
D:\sqmnoopt05.sqm
D:\sqmnoopt06.sqm
D:\sqmnoopt07.sqm
D:\WINDOWS\mrofinu1188.exe.tmp
D:\WINDOWS\system32\acwexxhj.ini
D:\WINDOWS\system32\cnyacons.ini
D:\WINDOWS\system32\gnjdotbl.ini
D:\WINDOWS\system32\hvxkalqe.ini
D:\WINDOWS\system32\ktvcclhc.ini
D:\WINDOWS\system32\rdmjdocq.ini
D:\WINDOWS\system32\rmxpnhvs.ini
D:\WINDOWS\system32\vrbsxcvq.ini
D:\WINDOWS\system32\yfdbgydp.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-05 to 2008-01-05 ))))))))))))))))))))))))))))))))))))
.

2008-01-04 13:06 . 2000-08-31 08:00 51,200 --a------ D:\WINDOWS\NirCmd.exe
2008-01-03 20:19 . 2008-01-03 20:19 512,096 --a------ D:\WINDOWS\system32\drivers\amon.sys
2008-01-03 20:19 . 2008-01-03 20:19 298,104 --a------ D:\WINDOWS\system32\imon.dll
2008-01-03 20:19 . 2008-01-03 20:19 15,424 --a------ D:\WINDOWS\system32\drivers\nod32drv.sys
2007-12-29 22:52 . 2008-01-03 20:23 <REP> d-------- D:\Program Files\ModernRcon v0.4
2007-12-27 13:39 . 2007-12-27 13:45 <REP> d-------- D:\Program Files\CoD RconTool
2007-12-24 14:56 . 2007-12-24 14:56 <REP> d-------- D:\Program Files\MSECache
2007-12-23 20:42 . 2007-12-23 20:45 <REP> d-------- D:\WINDOWS\system32\URTTemp
2007-12-20 01:17 . 2007-12-20 01:17 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Nvu
2007-12-20 01:16 . 2007-12-20 01:17 <REP> d-------- D:\Program Files\Nvu
2007-12-20 01:01 . 2007-12-20 01:01 <REP> d-------- D:\Program Files\vmntoolbar
2007-12-20 01:01 . 2007-12-20 01:01 <REP> d-------- D:\Program Files\Visicom Media
2007-12-20 01:01 . 2008-01-04 16:10 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\vmntoolbar
2007-12-20 01:01 . 2007-12-28 22:01 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Sites
2007-12-20 01:01 . 2007-12-20 01:02 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Dynamique
2007-12-20 01:01 . 2007-12-20 01:01 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Classes de site
2007-12-17 21:58 . 2007-12-17 22:06 37 --a------ D:\WINDOWS\DeliveryReader.INI
2007-12-17 21:52 . 2007-12-19 09:51 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Delivery
2007-12-17 20:02 . 2007-12-17 20:02 <REP> d-------- D:\Documents and Settings\Q-tin\Application Data\Apple Computer
2007-12-17 19:53 . 2007-12-30 14:29 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2007-12-17 19:53 . 2007-12-17 19:53 1,409 --a------ D:\WINDOWS\QTFont.for
2007-12-17 19:51 . 2007-12-17 19:52 <REP> d-------- D:\Program Files\QuickTime
2007-12-17 19:51 . 2007-12-17 19:51 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-17 19:50 . 2007-12-17 19:50 <REP> d-------- D:\Program Files\Apple Software Update
2007-12-17 19:50 . 2007-12-17 19:50 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Apple
2007-12-17 19:50 . 2005-09-23 07:28 270,848 --a------ D:\WINDOWS\system32\TBD55.tmp
2007-12-17 00:04 . 2004-08-04 13:00 1,392,671 --a------ D:\WINDOWS\system32\msvbvm60.dll
2007-12-17 00:04 . 2003-09-12 19:09 608,448 --a------ D:\WINDOWS\system32\comctl32.ocx
2007-12-17 00:04 . 2005-02-10 21:03 212,240 --a------ D:\WINDOWS\system32\RICHTX32.OCX
2007-12-17 00:04 . 2000-05-22 16:58 209,608 --a------ D:\WINDOWS\system32\tabctl32.ocx
2007-12-17 00:04 . 2000-05-22 15:58 140,488 --a------ D:\WINDOWS\system32\comdlg32.ocx
2007-12-17 00:04 . 2004-03-08 23:00 132,880 --a------ D:\WINDOWS\system32\MSINET.OCX
2007-12-17 00:04 . 2000-05-22 16:58 109,248 --a------ D:\WINDOWS\system32\mswinsck.ocx
2007-12-14 14:39 . 2007-12-14 14:39 <REP> d-------- D:\Program Files\Siber Systems
2007-12-14 14:22 . 2007-12-14 14:22 <REP> d-------- D:\WINDOWS\system32\tenarchlib
2007-12-14 14:22 . 2007-03-14 01:30 1,712,128 --a------ D:\WINDOWS\system32\GdiPlus.dll
2007-12-14 14:22 . 2005-10-12 23:10 180,224 --a-s---- D:\WINDOWS\system32\archlib.dll
2007-12-14 14:22 . 2007-05-07 11:39 169,544 --a-s---- D:\WINDOWS\system32\SecuLoad.dll
2007-12-14 14:22 . 2006-07-26 22:13 57,344 --a------ D:\WINDOWS\system32\MFC71ENU.DLL
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ D:\WINDOWS\system32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ D:\WINDOWS\system32\QuickTime.qts
2007-12-10 16:12 . 2007-12-10 16:13 <REP> d-------- D:\Documents and Settings\All Users\Application Data\WinZip
2007-12-08 12:18 . 2007-12-08 12:18 147,456 --a------ D:\WINDOWS\system32\vbzip10.dll
2007-12-08 12:13 . 2008-01-04 12:55 <REP> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 21:01 --------- d-----w D:\Program Files\HLSW
2008-01-05 14:46 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\Xfire
2008-01-04 12:01 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\LimeWire
2008-01-04 12:00 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\teamspeak2
2008-01-01 23:25 22,328 ----a-w D:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-01 23:24 107,832 ----a-w D:\WINDOWS\system32\PnkBstrB.exe
2007-12-29 10:38 --------- d-----w D:\Program Files\FlashGet
2007-12-20 10:00 --------- d-----w D:\Program Files\Xfire
2007-12-08 16:15 --------- d-----w D:\Program Files\DivX
2007-12-03 14:59 --------- d-----w D:\Program Files\Log In 1
2007-12-01 16:37 --------- d-----w D:\Program Files\BitTorrent
2007-11-30 18:54 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\BitTorrent
2007-11-27 17:32 --------- d-----w D:\Program Files\Movie Stream 1.3
2007-11-25 11:56 --------- d--h--w D:\Program Files\GLF2A.tmp
2007-11-24 11:03 --------- d-----w D:\Documents and Settings\Q-tin\Application Data\DeepBurner
2007-11-22 16:21 --------- d-----w D:\Program Files\Common Files
2007-11-22 16:13 123,392 ----a-w D:\WINDOWS\system32\itss.dll
2007-11-22 16:12 9,728 ----a-w D:\WINDOWS\system32\mstinit.exe
2007-11-22 16:12 48,640 ----a-w D:\WINDOWS\system32\browser.dll
2007-11-22 16:12 257,536 ----a-w D:\WINDOWS\system32\mstask.dll
2007-11-22 16:12 161,280 ----a-w D:\WINDOWS\system32\schedsvc.dll
2007-11-17 10:18 --------- d-----w D:\Program Files\Fichiers communs\InstallShield
2007-11-17 09:51 --------- d-----w D:\Program Files\TaalNet2
2007-10-28 19:35 73,216 ----a-w D:\WINDOWS\ST6UNST.EXE
.

((((((((((((((((((((((((((((( snapshot@2008-01-04_13.15.27.61 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-04 12:13:55 16,384 -c--a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-01-05 20:53:44 16,384 -c--a-w D:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-01-04 12:13:55 32,768 -c--a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
+ 2008-01-05 20:53:44 32,768 -c--a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat
- 2008-01-04 12:13:55 49,152 -c--a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-05 20:53:44 49,152 -c--a-w D:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-04 12:07:44 262,144 ----a-w D:\WINDOWS\system32\config\systemprofile\NtUser.dat
+ 2008-01-05 21:01:05 262,144 ----a-w D:\WINDOWS\system32\config\systemprofile\NtUser.dat
- 2007-12-24 11:31:54 62,480 ----a-w D:\WINDOWS\system32\perfc009.dat
+ 2008-01-04 12:15:33 62,480 ----a-w D:\WINDOWS\system32\perfc009.dat
- 2007-12-24 11:31:54 75,506 ----a-w D:\WINDOWS\system32\perfc00C.dat
+ 2008-01-04 12:15:33 75,506 ----a-w D:\WINDOWS\system32\perfc00C.dat
- 2007-12-24 11:31:54 401,200 ----a-w D:\WINDOWS\system32\perfh009.dat
+ 2008-01-04 12:15:33 401,200 ----a-w D:\WINDOWS\system32\perfh009.dat
- 2007-12-24 11:31:54 468,490 ----a-w D:\WINDOWS\system32\perfh00C.dat
+ 2008-01-04 12:15:33 468,490 ----a-w D:\WINDOWS\system32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\ctfmon.exe" [2001-08-28 13:00 13312]
"MsnMsgr"="D:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"MSMSGS"="D:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14 1077277]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="D:\WINDOWS\System32\NvCpl.dll" [2004-10-29 15:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 15:50 921600 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="D:\WINDOWS\System32\NvMcTray.dll" [2004-10-29 15:50 86016]
"Adobe Reader Speed Launcher"="D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"GhostSurfDelSatellite"="D:\Program Files\GhostSurf Platinum\DeleteSatellite.exe" [ ]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"nod32kui"="D:\Program Files\Eset\nod32kui.exe" [2008-01-03 20:19 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2001-08-28 13:00 13312]

D:\Documents and Settings\Q-tin\Menu D‚marrer\Programmes\D‚marrage\
Xfire.lnk - D:\Program Files\Xfire\xfire.exe [2007-12-05 03:25:52]

R3 FA312;Pilote de la carte Fast Ethernet FA330/FA312/FA311 NETGEAR;D:\WINDOWS\System32\DRIVERS\FA312nd5.sys [2001-08-17 20:12]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-12-17 18:51:02 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-05 22:02:44
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.0000]
-> D:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-05 22:03:39
ComboFix-quarantined-files.txt 2008-01-05 21:03:06
ComboFix2.txt 2008-01-04 12:15:51
.
2007-12-13 20:40:11 --- E O F ---
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS