Virus : antivirus xp 2008 agreement

Bapt33 · Septembre 15, 2008, 10:57

Voilà j’ai choppé un virus je ne sais où j’aimerais m’en débarrasser! Voilà le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:37, on 15/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wnivqjyj.exe
C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\WINDOWS\system32\wnivqjyj.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.orange.fr…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com…
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com…
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d’Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3EDBAE74-679D-DA4B-F81F-00A75D181118} - C:\Program Files\lqvikn\CmdStr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d’aide de l’Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BHO Barre de Confiance - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Barre de confiance - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM…\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM…\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 “EPSON Stylus CX3200” /O6 “USB001” /M “Stylus CX3200”
O4 - HKLM…\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe”
O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”
O4 - HKLM…\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM…\Run: [EverioService] “C:\Program Files\CyberLink\PCM4Everio\EverioService.exe”
O4 - HKLM…\Run: [SystrayORAHSS] “C:\Program Files\Orange HSS\Systray\SystrayApp.exe”
O4 - HKLM…\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM…\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM…\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM…\Run: [LogitechCommunicationsManager] “C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe”
O4 - HKLM…\Run: [LogitechQuickCamRibbon] “C:\Program Files\Logitech\QuickCam\Quickcam.exe” /hide
O4 - HKLM…\Run: [ccApp] “C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe”
O4 - HKLM…\Run: [osCheck] “C:\Program Files\Norton 360\osCheck.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [MsnMsgr] “C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” /background
O4 - HKCU…\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU…\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU…\Run: [dbweb] C:\WINDOWS\system32\wnivqjyj.exe
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE LOCAL’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SERVICE RÉSEAU’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: WiFi Station pour Livebox.lnk = ?
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE…
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra ‘Tools’ menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - www.wanadoo.fr… (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - appldnld.apple.com.edgesuite.net…
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\CCPD-LC\symlcsvc.exe

–
End of file - 13889 bytes

guigui14100 · Septembre 15, 2008, 11:04

Salut

Suis cette procédure et colle tout les rapoort

Bapt33 · Septembre 15, 2008, 11:09

J’ai déjà fait un coup de ccleaner registre compris et aussi un scan Malwarebytes voilà le rapport :

Malwarebytes’ Anti-Malware 1.28
Version de la base de données: 1155
Windows 5.1.2600 Service Pack 2

15/09/2008 22:09:56
mbam-log-2008-09-15 (22-09-50).txt

Type de recherche: Examen complet (C:|D:|E:|F:|G:|H:|I:|)
Eléments examinés: 129928
Temps écoulé: 1 hour(s), 33 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 23
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Proprietaire\Local Settings\Temp.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Proprietaire\Local Settings\Temp.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Proprietaire\Local Settings\Temp.tt90.tmp.exe (Trojan.FakeAlert) -> No action taken.

guigui14100 · Septembre 15, 2008, 11:22

Je me disait que vu le log hijackthis ti n"était pas tellement infecter

Dans hijacthis coche

Puis fait fixed checked

Aprés désactive tes protections
Lance combofix, laisse travailler puis colle le rapport

[quote=""] O2 - BHO: (no name) - {3EDBAE74-679D-DA4B-F81F-00A75D181118} - C:\Program Files\lqvikn\CmdStr.dll [/quote] Fixe la aussi ;)

Bapt33 · Septembre 15, 2008, 11:28

merci de ta réponse mais je ne trouve pas :

C:\WINDOWS\system32\wnivqjyj.exe
C:\WINDOWS\system32\wnivqjyj.exe

c’est normale?

guigui14100 · Septembre 15, 2008, 11:33

Ok c’est pas grave

Bapt33 · Septembre 15, 2008, 11:35

ok je lance combofix et je post le rapport

Bapt33 · Septembre 15, 2008, 11:47

Voilà le rapport :

ComboFix 08-09-15.01 - Proprietaire 2008-09-15 23:36:42.1 - NTFSx86
Lancé depuis: C:\Documents and Settings\Proprietaire\Bureau\ComboFix.exe

Un nouveau point de restauration a été créé

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N’EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
.

2008-09-15 22:05 . 2008-09-15 22:05 7,168 --ahs---- C:\WINDOWS\Thumbs.db
2008-09-15 18:27 . 2008-04-01 11:39 d–h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-09-15 18:27 . 2008-04-01 11:39 d–h----- C:\Documents and Settings\Administrateur\Voisinage d’impression
2008-09-15 18:27 . 2008-04-01 10:02 d–h----- C:\Documents and Settings\Administrateur\Modèles
2008-09-15 18:27 . 2008-04-01 11:39 d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-15 18:27 . 2008-04-01 11:39 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-09-15 18:27 . 2008-04-01 11:39 d-------- C:\Documents and Settings\Administrateur\Favoris
2008-09-15 18:27 . 2008-09-15 19:46 d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-15 18:27 . 2008-09-15 18:27 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-09-15 18:27 . 2008-09-15 18:27 d-------- C:\Documents and Settings\Administrateur
2008-09-15 18:10 . 2008-09-15 18:10 d-------- C:\Program Files\Malwarebytes’ Anti-Malware
2008-09-15 18:10 . 2008-09-15 18:10 d-------- C:\Documents and Settings\Proprietaire\Application Data\Malwarebytes
2008-09-15 18:10 . 2008-09-15 18:10 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-15 18:10 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-15 18:10 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-15 18:03 . 2008-09-15 18:03 d-------- C:\Program Files\Trend Micro
2008-09-15 08:00 . 2008-09-15 08:00 d-------- C:\Program Files\lqvikn
2008-09-15 07:59 . 2008-09-15 07:59 90,112 --a------ C:\WINDOWS\system32\wnivqjyj.exe
2008-09-01 11:16 . 2008-09-01 11:16 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-09-01 11:10 . 2008-09-01 11:10 d-------- C:\Documents and Settings\Proprietaire\Application Data\Jasc Software Inc
2008-08-31 17:04 . 2008-09-15 19:46 d-------- C:\Documents and Settings\All Users\Application Data\cpqbkzub
2008-08-29 11:28 . 2008-08-29 11:59 d-------- C:\Program Files\Elaborate Bytes
2008-08-28 20:41 . 2008-08-28 20:41 d-------- C:\WINDOWS\system32\N360_BACKUP
2008-08-28 19:52 . 2008-08-28 19:52 d-------- C:\Program Files\Windows Sidebar
2008-08-28 19:51 . 2008-09-15 22:29 d-------- C:\Program Files\Norton 360
2008-08-28 19:49 . 2008-09-02 21:53 d-------- C:\Program Files\Symantec
2008-08-28 19:49 . 2008-09-02 21:45 d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-08-28 19:49 . 2008-09-02 21:53 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-08-28 19:49 . 2008-09-02 21:53 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-08-28 19:49 . 2008-09-02 21:53 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-08-28 19:49 . 2008-09-02 21:53 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-08-28 19:42 . 2008-09-15 23:34 d-------- C:\Program Files\Fichiers communs\Symantec Shared
2008-08-28 19:38 . 2008-08-28 20:08 d-------- C:\Documents and Settings\Proprietaire\Application Data\Symantec
2008-08-28 19:21 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-08-28 19:18 . 2008-08-28 19:18 d-------- C:\Program Files\Microsoft.NET
2008-08-28 19:13 . 2008-09-10 22:49 d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-28 19:11 . 2008-08-28 19:11 dr-h----- C:\MSOCache
2008-08-28 17:38 . 2008-08-28 17:38 21,419 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-08-28 17:37 . 2008-08-28 17:37 d-------- C:\Program Files\Hercules
2008-08-28 17:37 . 2007-02-15 10:36 432,128 --a------ C:\WINDOWS\system32\drivers\rt73u98.sys
2008-08-28 17:37 . 2006-12-21 19:25 429,440 --a------ C:\WINDOWS\system32\drivers\rt73.sys
2008-08-28 17:37 . 2007-02-15 10:36 242,816 --a------ C:\WINDOWS\system32\drivers\rt25u98.sys
2008-08-28 17:37 . 2006-11-08 14:45 240,384 --a------ C:\WINDOWS\system32\drivers\rt2500usb.sys
2008-08-28 17:37 . 2007-02-15 10:36 2,048 --a------ C:\WINDOWS\system32\drivers\rt73.bin
2008-08-28 17:30 . 2008-08-28 17:30 d-------- C:\Documents and Settings\Proprietaire\Application Data\InstallShield
2008-08-28 17:28 . 2004-08-19 16:10 16,384 --a------ C:\WINDOWS\system32\ipsink.ax
2008-08-28 17:28 . 2004-08-19 16:10 16,384 --a–c— C:\WINDOWS\system32\dllcache\ipsink.ax
2008-08-28 17:28 . 2004-08-03 23:10 15,360 --a------ C:\WINDOWS\system32\drivers\StreamIP.sys
2008-08-28 17:28 . 2004-08-03 23:10 15,360 --a–c— C:\WINDOWS\system32\dllcache\streamip.sys
2008-08-28 17:28 . 2004-08-03 23:10 11,136 --a------ C:\WINDOWS\system32\drivers\SLIP.sys
2008-08-28 17:28 . 2004-08-03 23:10 11,136 --a–c— C:\WINDOWS\system32\dllcache\slip.sys
2008-08-28 17:28 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-08-28 17:28 . 2004-08-03 23:10 10,880 --a–c— C:\WINDOWS\system32\dllcache\ndisip.sys
2008-08-28 17:28 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-08-28 17:28 . 2004-08-03 22:58 5,504 --a–c— C:\WINDOWS\system32\dllcache\mstee.sys
2008-08-28 17:20 . 2008-08-28 17:20 d-------- C:\Documents and Settings\Proprietaire\Application Data\Leadertech
2008-08-28 17:15 . 2004-08-19 16:09 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-08-28 17:15 . 2004-08-19 16:09 21,504 --a–c— C:\WINDOWS\system32\dllcache\hidserv.dll
2008-08-28 17:15 . 2008-08-28 17:15 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-28 17:15 . 2008-08-28 17:15 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-08-28 17:12 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2008-08-28 17:12 . 2004-08-19 16:00 14,848 --a–c— C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-08-28 16:49 . 2008-08-28 16:49 d-------- C:\Documents and Settings\Proprietaire\Application Data\Logitech
2008-08-28 16:49 . 2008-08-28 16:49 127,034 -r------- C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-08-28 16:48 . 2007-01-23 15:45 1,419,024 --a------ C:\WINDOWS\system32\WdfCoInstaller01005.dll
2008-08-28 16:48 . 2007-01-30 01:46 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2008-08-28 16:48 . 2007-01-30 01:46 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2008-08-28 16:48 . 2007-01-30 01:46 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2008-08-28 16:48 . 2007-01-23 15:44 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2008-08-28 16:48 . 2007-01-30 01:46 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2008-08-28 16:48 . 2007-01-23 15:45 34,576 --a------ C:\WINDOWS\system32\drivers\LHidFilt.Sys
2008-08-28 16:48 . 2007-01-23 15:45 33,296 --a------ C:\WINDOWS\system32\drivers\LMouFilt.Sys
2008-08-28 16:48 . 2007-01-23 15:44 20,496 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2008-08-28 16:47 . 2008-08-28 16:48 d-------- C:\Program Files\Fichiers communs\Logitech
2008-08-28 14:00 . 2008-09-03 17:23 d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-25 21:49 . 2008-08-25 21:49 268 --ah----- C:\sqmdata12.sqm
2008-08-25 21:49 . 2008-08-25 21:49 244 --ah----- C:\sqmnoopt12.sqm
2008-08-25 11:07 . 2008-08-25 11:07 268 --ah----- C:\sqmdata11.sqm
2008-08-25 11:07 . 2008-08-25 11:07 244 --ah----- C:\sqmnoopt11.sqm

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 20:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-09-15 20:16 --------- d-----w C:\Documents and Settings\Proprietaire\Application Data\OpenOffice.org2
2008-09-10 19:26 1,628 ----a-w C:\Documents and Settings\Proprietaire\Application Data\wklnhst.dat
2008-09-08 18:05 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-08 15:51 --------- d-----w C:\Program Files\Fichiers communs\AVSMedia
2008-09-05 16:25 --------- d-----w C:\Documents and Settings\Proprietaire\Application Data\LimeWire
2008-09-01 09:10 --------- d-----w C:\Program Files\Jasc Software Inc
2008-08-28 17:21 --------- d-----w C:\Program Files\AtomixMP3
2008-08-28 17:20 --------- d-----w C:\Program Files\Microsoft Works
2008-08-28 17:16 --------- d-----w C:\Program Files\AVS4YOU
2008-08-28 17:13 --------- d—a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-28 15:37 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-08-28 15:27 --------- d-----w C:\Program Files\Fichiers communs\LogiShrd
2008-08-28 15:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logishrd
2008-08-28 15:17 --------- d-----w C:\Program Files\Logitech
2008-08-28 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-08-07 18:53 --------- d-----w C:\Program Files\Google
2008-08-05 04:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-30 15:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-30 15:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-30 15:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-23 20:14 --------- d-----w C:\Program Files\QuickTime
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-05-21 16:22 67,600 ----a-w C:\Documents and Settings\Proprietaire\Application Data\GDIPFONTCACHEV1.DAT
2004-03-11 11:27 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Note les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{3EDBAE74-679D-DA4B-F81F-00A75D181118}]
2008-09-15 08:00 110592 --a------ C:\Program Files\lqvikn\CmdStr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 10:34 576352 --a------ C:\Program Files\Fichiers communs\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2006-03-02 15360]
“MsnMsgr”=“C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe” [2007-10-18 5724184]
“swg”=“C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe” [2008-04-04 68856]
“MSMSGS”=“C:\Program Files\Messenger\msmsgs.exe” [2004-10-13 1694208]
“AdobeUpdater”=“C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe” [2007-03-01 2321600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2004-04-06 1298542]
“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 155648]
“EPSON Stylus CX3200”=“C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE” [2002-07-01 74752]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe” [2007-06-14 132760]
“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2008-01-11 39792]
“PCSuiteTrayApplication”=“C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe” [2007-06-18 271360]
“EverioService”=“C:\Program Files\CyberLink\PCM4Everio\EverioService.exe” [2007-11-01 151552]
“SystrayORAHSS”=“C:\Program Files\Orange HSS\Systray\SystrayApp.exe” [2007-07-24 94208]
“ORAHSSSessionManager”=“C:\Program Files\Orange HSS\SessionManager\SessionManager.exe” [2007-07-24 102400]
“Microsoft Works Update Detection”=“C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe” [2003-06-10 50688]
“QuickTime Task”=“C:\Program Files\QuickTime\qttask.exe” [2008-07-23 413696]
“LogitechCommunicationsManager”=“C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe” [2008-02-13 564496]
“LogitechQuickCamRibbon”=“C:\Program Files\Logitech\QuickCam\Quickcam.exe” [2008-02-13 2196240]
“ccApp”=“C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe” [2008-02-18 51048]
“osCheck”=“C:\Program Files\Norton 360\osCheck.exe” [2008-02-26 988512]
“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE” [2007-01-23 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2006-03-02 15360]
“Nokia.PCSync”=“C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe” [2007-06-19 1241088]

C:\Documents and Settings\Proprietaire\Menu D?marrer\Programmes\D?marrage
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]

C:\Documents and Settings\All Users\Menu D?marrer\Programmes\D?marrage
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-02 962661]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-08-28 66864]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-08-28 688128]
Outil de mise
jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-04-04 124400]
WiFi Station pour Livebox.lnk - C:\Program Files\Hercules\WiFi Station pour Livebox\WifiStationLB.exe [2008-08-28 721408]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2008-07-09 40960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\Windows Live\Messenger\livecall.exe”=
“C:\Program Files\Microsoft Games\Age of Empires III\age3.exe”=
“C:\Program Files\Microsoft Games\Age of Empires III\age3x.exe”=
“C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe”=
“C:\Program Files\LimeWire\LimeWire.exe”=
“C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe”=
“C:\Program Files\CyberLink\PCM4Everio\EverioService.exe”=
“C:\Program Files\CyberLink\PowerDirector Express\PDX.exe”=
“C:\Program Files\Orange HSS\Connectivity\ConnectivityManager.exe”=
“C:\Program Files\Windows Live\Messenger\msnmsgr.exe”=
“C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe”=
“C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE”=

R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [ ]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 167424]

Newly Created Service - COMHOST
Newly Created Service - PROCEXP90
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Proprietaire\Application Data\Mozilla\Firefox\Profiles\mte1uyqy.default
FireFox -: prefs.js - SEARCH.DEFAULTURL - www.google.com…
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.wanadoo.fr…
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1172.2021\npCIDetect11.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, www.gmer.net…
Rootkit scan 2008-09-15 23:41:13
Windows 5.1.2600 Service Pack 2 NTFS

Recherche de processus cachés …

Recherche d’éléments en démarrage automatique cachés …

Recherche de fichiers cachés …

Scan terminé avec succès
Fichiers cachés: 0

.
Heure de fin: 2008-09-15 23:45:59
ComboFix-quarantined-files.txt 2008-09-15 21:45:31

Avant-CF: 79,730,855,936 octets libres
Apr?s-CF: 79,756,009,472 octets libres

240 — E O F — 2008-09-10 20:49:32

Bapt33 · Septembre 16, 2008, 6:28

Up svp!

guigui14100 · Septembre 16, 2008, 10:21

Upload c’est fichier sur virus total puis colle les rapport