Infecté par clcd3.dll

FORUM Tom's Hardware » Le monde de Windows » Sécurité » Infecté par clcd3.dll

Infecté par clcd3.dll

Il y a 349 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici

Voir les posts : Par défaut Tous Les bonnes notes Les notes insuffisantes

Mot : Pseudo : Filtrer
Bas de page
Auteur	Sujet : Infecté par clcd3.dll

Le_Cid_974 25

LeCid - Pro Ati

Plus d'informations

04-01-2008 à 12:57:20

Bonjour !
Comme dit dans le titre, sur l'ordi de mon pote sur lequel je suis, ya un petit souçis ^^
ce "clcd3.dll" est un troj recalcitrant... avast! l'a trouvé sans problème, mais n'arrive pas à le supprimer ou le deplacer ou quoique ce soit d'autre... et ce même en mode sans echec ou après un scan au démarrage !
j'ai essayé A2free et Ad Aware 2007 mais rien, ils n'arrivent pas à le trouver... et SpyBot Search&Destroy refuse de se lancer ! il se bug tt seul et je dois le "terminer maintenant" ...
la config est a base de P4 3Ghz @ 3.23Ghz 1Go de ram sur P4P800XT avec WinXp eviemment, derniere réinstalle ya heu... en 2005 ptet.
donc si vous avez de la soluce pour moi ^^
actuelement je vais tenter de faire fonctionner SpyBot et puis je vous poste dans quelques secondes un pti scan hijackthis
a tte et merci de vous intéresser au probleme

---------------
E6750 - MSI P35 Neo Combo-F - 2Go de G.Skill PK - HD3850 512Mo
Mon guide complet pour le montage de son premier PC [:fraye@idn:5]

Le_Cid_974 25

LeCid - Pro Ati

Plus d'informations

04-01-2008 à 13:05:02

Masquer

voici le scan hijack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:12:25, on 04/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\HijackThisdestroy\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {0D2C6FEC-9313-8C2D-BAD8-E1D4950AFD07} - (no file)
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {57332429-865A-40EA-B15D-DB3898E85EA0} - C:\WINDOWS\system32\clcd3.dll
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nskC.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Tooltipizer - {C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A} - C:\WINDOWS\system32\dcadssuggest.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [Gigaget] "C:\Program Files\Giganology\Gigaget\GigagetShell.exe" /s
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [AAWTray] C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Activer l'ensemble clavier et souris sans fil Labtec.lnk = C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Reference 2001\EROProj.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CB70089-7D10-4B6C-9733-0AD56BD9ADC2}: NameServer = 217.175.160.11 217.175.160.12
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Unknown owner - C:\WINDOWS\system32\CTSVCCDA.EXE (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

--
End of file - 9636 bytes

Angeldark

Profil : Helper

Plus d'informations

04-01-2008 à 13:12:42

Masquer

Bonjour,

Désactive tes protections résidentes (antivirus, Spybot...) !

Télécharge Combofix (sUBs) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

Le_Cid_974 25

LeCid - Pro Ati

Plus d'informations

04-01-2008 à 13:33:49

Masquer

voici le resultat du scan
je n'ai plus beaucoup de temps ici, je de dois rentrer chez moi.
par conséquent il se peut que si tu mets du temps à répondre je ne répondu plus de mon coté ^^

ComboFix 08-01-04.1 - Erwan 2008-01-04 16:30:57.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.576 [GMT 3:00]
Running from: C:\Documents and Settings\Erwan\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\nsk95.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-04 to 2008-01-04 ))))))))))))))))))))))))))))))))))))
.

2008-01-04 16:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 16:12 . 2008-01-04 16:12 <REP> d-------- C:\HijackThisdestroy
2008-01-04 14:43 . 2008-01-04 16:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 14:36 . 2008-01-04 14:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 14:20 . 2008-01-04 15:31 <REP> d-------- C:\Program Files\a-squared Free
2008-01-03 20:48 . 2008-01-03 20:48 <REP> d-------- C:\Program Files\Common Files
2008-01-03 20:48 . 2008-01-03 20:48 35 --a------ C:\WINDOWS\Worldbuilder.INI
2008-01-03 20:47 . 2008-01-03 20:47 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\My Battle for Middle-earth(tm) II Files
2008-01-03 19:34 . 2008-01-04 14:04 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 19:34 . 2008-01-03 19:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-02 22:12 . 2008-01-02 22:12 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Xfire
2008-01-02 14:15 . 2008-01-02 14:15 0 --a------ C:\warhammer_40000_dawn_of_war_dark_crusade_lotw_v1-5-1.zip
2008-01-01 22:12 . 2008-01-02 08:01 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-01-01 22:11 . 2008-01-02 22:12 <REP> d---s---- C:\Program Files\Xfire
2008-01-01 22:07 . 2008-01-01 22:06 211,584 --a------ C:\Replay 11-12-2006 - 00-46.zip
2008-01-01 22:02 . 2008-01-01 22:02 141,776 --a------ C:\Replay 22-01-2007 - 00-01.zip
2008-01-01 20:06 . 2008-01-01 20:06 268 --ah----- C:\sqmdata06.sqm
2008-01-01 20:06 . 2008-01-01 20:06 244 --ah----- C:\sqmnoopt06.sqm
2007-12-29 15:42 . 2008-01-04 07:53 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-27 18:18 . 2004-10-13 13:28 2,277,376 --------- C:\WINDOWS\UNNMP.exe
2007-12-27 18:18 . 2004-10-20 15:29 45,155 --------- C:\WINDOWS\UNNMP.cfg
2007-12-27 17:54 . 2007-12-27 17:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-12-27 17:54 . 2007-12-27 18:18 <REP> d-------- C:\Program Files\Ahead
2007-12-27 17:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-27 17:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-27 17:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-27 17:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-27 17:54 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-27 17:54 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-27 17:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-27 17:54 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-27 17:17 . 2007-12-27 17:17 <REP> dr-h----- C:\MSOCache
2007-12-27 13:57 . 2007-12-27 13:57 <REP> d-------- C:\WINDOWS\73B5C5C0FEF44DC189F3C45DC11957DF.TMP
2007-12-27 11:59 . 2007-12-27 11:59 <REP> d-------- C:\Program Files\Picasa2
2007-12-27 11:59 . 2007-12-27 11:59 <REP> d-------- C:\Program Files\Microsoft Encarta
2007-12-27 11:59 . 2007-12-27 12:00 <REP> d-------- C:\Program Files\AdorageI-GfxDatas
2007-12-27 11:58 . 2007-12-27 11:58 <REP> d-------- C:\Documents and Settings\Admin\Application Data\My Battle for Middle-earth(tm) II Demo Files
2007-12-27 11:57 . 2007-12-27 11:57 <REP> d-------- C:\Program Files\NAMCO BANDAI Games
2007-12-27 11:57 . 2007-12-27 11:57 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\InstallShield
2007-12-27 11:55 . 2007-12-27 11:55 <REP> d-------- C:\Program Files\Mindscape
2007-12-27 11:53 . 2007-12-27 11:53 <REP> d-------- C:\Program Files\Fichiers communs\Broderbund
2007-12-27 11:46 . 2008-01-04 14:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-27 11:43 . 2007-12-27 11:43 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Electronic Arts
2007-12-27 11:42 . 2007-12-27 11:42 <REP> d-------- C:\Program Files\iTunes
2007-12-27 11:42 . 2007-12-27 11:42 <REP> d-------- C:\Program Files\iPod
2007-12-27 11:41 . 2007-12-27 11:41 <REP> d-------- C:\Documents and Settings\Admin\Application Data\vlc
2007-12-27 11:39 . 2007-12-27 11:39 <REP> d-------- C:\Program Files\BitTorrent
2007-12-27 11:38 . 2007-12-27 11:38 <REP> d-------- C:\Program Files\NODouble
2007-12-27 11:38 . 2007-12-27 11:38 <REP> d-------- C:\coktel
2007-12-27 11:30 . 2004-08-05 15:00 1,361 --a------ C:\WINDOWS\system32\fxscount.h
2007-12-26 11:42 . 2007-12-27 11:22 1,943 --a------ C:\WINDOWS\imsins.BAK
2007-12-14 12:07 . 2007-12-14 13:54 <REP> d-------- C:\Documents and Settings\Admin\Application Data\U3
2007-12-11 18:57 . 2007-12-11 18:57 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Electronic Arts
2007-12-10 19:54 . 2007-12-10 19:54 <REP> d-------- C:\Program Files\OpenAL
2007-12-10 19:54 . 2007-12-10 19:54 413,696 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-12-10 19:54 . 2007-12-10 19:54 86,016 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-12-10 19:53 . 2007-12-27 11:43 <REP> d-------- C:\Program Files\Legion of Man
2007-12-09 08:42 . 2007-12-09 08:42 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\teamspeak2
2007-12-07 07:50 . 19,456 C:\WINDOWS\system32\drivers\elthtxpp.dat
2007-12-05 15:06 . 2000-03-25 06:00 84,992 --a------ C:\WINDOWS\system32\clcd3.dll
2007-12-04 20:24 . 2007-12-29 15:08 <REP> d-------- C:\Program Files\Zeb-Utility

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-04 11:36 --------- d-----w C:\Program Files\Lavasoft
2008-01-04 10:59 --------- d-----w C:\Program Files\eMule
2008-01-04 09:04 --------- d-----w C:\Documents and Settings\Admin\Application Data\Skype
2008-01-03 17:43 --------- d-----w C:\Program Files\Electronic Arts
2008-01-01 11:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-27 14:43 --------- d-----w C:\Documents and Settings\Admin\Application Data\OpenOffice.org2
2007-12-27 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-27 14:26 --------- d-----w C:\Program Files\Microsoft Works
2007-12-27 09:54 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-27 08:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 08:56 --------- d-----w C:\Program Files\Warcraft III
2007-12-27 08:53 --------- d-----w C:\Program Files\Broderbund
2007-12-27 08:42 --------- d-----w C:\Program Files\InterVideo
2007-12-27 08:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-27 08:41 --------- d-----w C:\Program Files\VideoLAN
2007-12-27 08:41 --------- d-----w C:\Program Files\Google
2007-12-27 08:39 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-27 08:39 --------- d-----w C:\Program Files\Astonsoft
2007-12-27 08:38 --------- d-----w C:\Program Files\7-Zip
2007-12-26 07:06 --------- d-----w C:\Program Files\Microsoft Games
2007-12-25 06:11 --------- d-----w C:\Program Files\THQ
2007-12-12 09:04 --------- d-----w C:\Program Files\Pinnacle
2007-12-11 16:32 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Apple Computer
2007-12-11 14:49 59,219 ----a-w C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe
2007-12-09 05:42 434,471 ----a-w C:\WINDOWS\Lord of the Rings 1.exe
2007-12-09 05:42 306,000 ----a-w C:\WINDOWS\Lord of the Rings 1.scr
2007-12-09 05:42 30,208 ----a-w C:\WINDOWS\mickey32.dll
2007-12-04 17:37 --------- d-----w C:\Program Files\LimeWire
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-02 14:50 --------- d-----w C:\Documents and Settings\Erwan\Application Data\vlc
2007-11-30 17:59 --------- d-----w C:\Documents and Settings\Admin\Application Data\Dcads Advanced Toolbar
2007-11-30 13:47 --------- d-----w C:\Program Files\Dcads Advanced Toolbar
2007-11-30 13:46 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-30 13:46 194,368 ----a-w C:\WINDOWS\system32\dcadssuggest_uninstall.exe
2007-11-30 13:46 --------- d-----w C:\Program Files\Dcads Games Collection
2007-11-30 08:12 --------- d-----w C:\Documents and Settings\Erwan\Application Data\My Battle for Middle-earth(tm) II Demo Files
2007-11-29 21:56 282,624 ----a-w C:\WINDOWS\system32\Dcads_sidebar.dll
2007-11-27 16:43 327,680 ----a-w C:\WINDOWS\system32\dcadssuggest.dll
2007-11-17 16:58 --------- d-----w C:\Program Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-09 15:23 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2007-11-09 15:23 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2007-11-09 15:20 --------- d-----w C:\Program Files\AGEIA Technologies
2007-11-09 15:05 --------- d-----w C:\Program Files\Monte Cristo
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-25 06:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2005-07-27 04:07 31,772 ----a-w C:\WINDOWS\Fonts\fondamentale.zip
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-11-30 00:56 282624 --a------ C:\WINDOWS\system32\dcads_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57332429-865A-40EA-B15D-DB3898E85EA0}]
2000-03-25 06:00 84992 --a------ C:\WINDOWS\system32\clcd3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}]
C:\WINDOWS\system32\nskC.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]
2007-11-27 19:43 327680 --a------ C:\WINDOWS\system32\dcadssuggest.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 16:00 79224]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19 221184]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-10 17:21 406016]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 10:28 495616]
"AdslTaskBar"="stmctrl.dll" [2005-02-11 09:38 167936 C:\WINDOWS\system32\stmctrl.dll]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-05 15:00 160768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

C:\Documents and Settings\Admin\Menu D‚marrer\Programmes\D‚marrage\
Skype.lnk - C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico [2007-12-01 16:08:17]
Xfire.lnk - C:\Program Files\Xfire\Xfire.exe [2006-08-30 03:21:11]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Activer l'ensemble clavier et souris sans fil Labtec.lnk - C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe [2005-06-21 08:59:31]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 13:13 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-05 15:00 15360 --a--c--- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-16 17:22 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

R0 hlpnzann;hlpnzann;C:\WINDOWS\system32\drivers\elthtxpp.dat []
R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 12:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 13:29]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 15:50]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 12:10]
R3 P101bVID;Creative WebCam;C:\WINDOWS\system32\DRIVERS\P101bVid.sys [2002-04-28 15:00]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2005-07-07 12:07]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2005-07-07 12:11]
S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 08:22]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-04 16:36:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-04 16:37:12
ComboFix-quarantined-files.txt 2008-01-04 13:36:57
.
2007-12-27 09:52:39 --- E O F ---

Le_Cid_974 25

LeCid - Pro Ati

Plus d'informations

04-01-2008 à 13:56:33

Masquer

bon et bien ça s'arrete ici pour l'instant. je vais surement expliquer a la mere qui vis ici comment venir arranger ces problemes ici pour qu'elle continue la manip' d'elle meme avec toi
si ça ne l'interesse pas peut etre je verrais d'ici 3 ou 4 jours

Angeldark

Profil : Helper

Plus d'informations

04-01-2008 à 14:01:55

Masquer

Ok
La suite.

Désactive tes protections résidentes (antivirus...) !
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :

Driver::
hlpnzann

File::
C:\warhammer_40000_dawn_of_war_dark_crusade_lotw_v1-5-1.zip
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\clcd3.dll
C:\WINDOWS\system32\drivers\elthtxpp.dat
C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\superiorads-uninst.exe
C:\WINDOWS\system32\dcadssuggest_uninstall.exe
C:\WINDOWS\system32\Dcads_sidebar.dll
C:\WINDOWS\system32\dcadssuggest.dll

Folder ::
C:\Program Files\Dcads Advanced Toolbar
C:\Program Files\Dcads Games Collection

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57332429-865A-40EA-B15D-DB3898E85EA0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C004D9F0-A742-4DC7-AFD0-BC29CE3FE04A}]

Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.

Message édité par Angeldark le 04-01-2008 à 14:02:09

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

Le_Cid_974 25

LeCid - Pro Ati

Plus d'informations

11-01-2008 à 07:53:11

Masquer

Bonjour angeldark !
Me revoilà j'ai fait ce que tu m'a demandé, voici le résultat de ComboFix :

ComboFix 08-01-04.1 - Erwan 2008-01-11 10:41:59.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.522 [GMT 3:00]
Running from: C:\Documents and Settings\Erwan\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Erwan\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\warhammer_40000_dawn_of_war_dark_crusade_lotw_v1-5-1.zip
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\clcd3.dll
C:\WINDOWS\system32\Dcads_sidebar.dll
C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\dcadssuggest.dll
C:\WINDOWS\system32\dcadssuggest_uninstall.exe
C:\WINDOWS\system32\drivers\elthtxpp.dat
C:\WINDOWS\system32\superiorads-uninst.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\warhammer_40000_dawn_of_war_dark_crusade_lotw_v1-5-1.zip
C:\WINDOWS\imsins.BAK
C:\WINDOWS\system32\clcd3.dll
C:\WINDOWS\system32\Dcads_sidebar.dll
C:\WINDOWS\system32\Dcads_sidebar_uninstall.exe
C:\WINDOWS\system32\dcadssuggest.dll
C:\WINDOWS\system32\dcadssuggest_uninstall.exe
C:\WINDOWS\system32\drivers\elthtxpp.dat
C:\WINDOWS\system32\superiorads-uninst.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_HLPNZANN
-------\hlpnzann

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-11 to 2008-01-11 ))))))))))))))))))))))))))))))))))))
.

2008-01-11 10:40 . 2008-01-11 10:40 <REP> d-------- C:\Program Files\Trend Micro
2008-01-08 20:08 . 2008-01-08 20:08 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\ScanSoft
2008-01-05 12:56 . 2008-01-05 12:56 <REP> d-------- C:\Documents and Settings\Les jumeaux\Application Data\Electronic Arts
2008-01-04 16:29 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-04 16:12 . 2008-01-04 17:40 <REP> d-------- C:\HijackThisdestroy
2008-01-04 14:43 . 2008-01-04 16:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-04 14:36 . 2008-01-04 14:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-04 14:20 . 2008-01-04 15:31 <REP> d-------- C:\Program Files\a-squared Free
2008-01-03 20:48 . 2008-01-03 20:48 <REP> d-------- C:\Program Files\Common Files
2008-01-03 20:48 . 2008-01-03 20:48 35 --a------ C:\WINDOWS\Worldbuilder.INI
2008-01-03 20:47 . 2008-01-03 20:47 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\My Battle for Middle-earth(tm) II Files
2008-01-03 19:34 . 2008-01-10 13:17 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-03 19:34 . 2008-01-03 19:34 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-02 22:12 . 2008-01-02 22:12 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Xfire
2008-01-01 22:12 . 2008-01-02 08:01 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Xfire
2008-01-01 22:11 . 2008-01-02 22:12 <REP> d---s---- C:\Program Files\Xfire
2008-01-01 22:07 . 2008-01-01 22:06 211,584 --a------ C:\Replay 11-12-2006 - 00-46.zip
2008-01-01 22:02 . 2008-01-01 22:02 141,776 --a------ C:\Replay 22-01-2007 - 00-01.zip
2008-01-01 20:06 . 2008-01-01 20:06 268 --ah----- C:\sqmdata06.sqm
2008-01-01 20:06 . 2008-01-01 20:06 244 --ah----- C:\sqmnoopt06.sqm
2007-12-29 15:42 . 2008-01-09 09:47 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-27 18:18 . 2004-10-13 13:28 2,277,376 --------- C:\WINDOWS\UNNMP.exe
2007-12-27 18:18 . 2004-10-20 15:29 45,155 --------- C:\WINDOWS\UNNMP.cfg
2007-12-27 17:54 . 2007-12-27 17:54 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
2007-12-27 17:54 . 2007-12-27 18:18 <REP> d-------- C:\Program Files\Ahead
2007-12-27 17:54 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-12-27 17:54 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-12-27 17:54 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-12-27 17:54 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-12-27 17:54 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-12-27 17:54 . 2004-03-02 17:37 125,184 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-12-27 17:54 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-12-27 17:54 . 2004-03-02 17:37 5,504 --------- C:\WINDOWS\system32\drivers\imagedrv.sys
2007-12-27 17:17 . 2007-12-27 17:17 <REP> dr-h----- C:\MSOCache
2007-12-27 13:57 . 2008-01-08 12:56 <REP> d-------- C:\WINDOWS\73B5C5C0FEF44DC189F3C45DC11957DF.TMP
2007-12-27 11:59 . 2008-01-09 09:31 <REP> d-------- C:\Program Files\Picasa2
2007-12-27 11:59 . 2007-12-27 11:59 <REP> d-------- C:\Program Files\Microsoft Encarta
2007-12-27 11:59 . 2007-12-27 12:00 <REP> d-------- C:\Program Files\AdorageI-GfxDatas
2007-12-27 11:58 . 2007-12-27 11:58 <REP> d-------- C:\Documents and Settings\Admin\Application Data\My Battle for Middle-earth(tm) II Demo Files
2007-12-27 11:57 . 2007-12-27 11:57 <REP> d-------- C:\Program Files\NAMCO BANDAI Games
2007-12-27 11:57 . 2007-12-27 11:57 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\InstallShield
2007-12-27 11:55 . 2007-12-27 11:55 <REP> d-------- C:\Program Files\Mindscape
2007-12-27 11:53 . 2007-12-27 11:53 <REP> d-------- C:\Program Files\Fichiers communs\Broderbund
2007-12-27 11:46 . 2008-01-04 14:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-12-27 11:43 . 2007-12-27 11:43 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Electronic Arts
2007-12-27 11:42 . 2007-12-27 11:42 <REP> d-------- C:\Program Files\iTunes
2007-12-27 11:42 . 2007-12-27 11:42 <REP> d-------- C:\Program Files\iPod
2007-12-27 11:39 . 2007-12-27 11:39 <REP> d-------- C:\Program Files\BitTorrent
2007-12-27 11:38 . 2007-12-27 11:38 <REP> d-------- C:\Program Files\NODouble
2007-12-27 11:38 . 2007-12-27 11:38 <REP> d-------- C:\coktel
2007-12-27 11:30 . 2004-08-05 15:00 1,361 --a------ C:\WINDOWS\system32\fxscount.h
2007-12-14 12:07 . 2007-12-14 13:54 <REP> d-------- C:\Documents and Settings\Admin\Application Data\U3
2007-12-11 18:57 . 2007-12-11 18:57 <REP> d-------- C:\Documents and Settings\Erwan\Application Data\Electronic Arts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 07:29 --------- d-----w C:\Documents and Settings\Admin\Application Data\Skype
2008-01-11 07:25 --------- d-----w C:\Program Files\eMule
2008-01-10 07:55 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-01-09 06:19 --------- d-----w C:\Documents and Settings\Admin\Application Data\OpenOffice.org2
2008-01-04 14:04 --------- d-----w C:\Program Files\Lavasoft
2008-01-04 14:04 --------- d-----w C:\Documents and Settings\Admin\Application Data\Lavasoft
2008-01-03 17:43 --------- d-----w C:\Program Files\Electronic Arts
2007-12-29 12:08 --------- d-----w C:\Program Files\Zeb-Utility
2007-12-27 14:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-27 14:26 --------- d-----w C:\Program Files\Microsoft Works
2007-12-27 08:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-27 08:56 --------- d-----w C:\Program Files\Warcraft III
2007-12-27 08:53 --------- d-----w C:\Program Files\Broderbund
2007-12-27 08:43 --------- d-----w C:\Program Files\Legion of Man
2007-12-27 08:42 --------- d-----w C:\Program Files\InterVideo
2007-12-27 08:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-12-27 08:41 --------- d-----w C:\Program Files\VideoLAN
2007-12-27 08:41 --------- d-----w C:\Program Files\Google
2007-12-27 08:39 --------- d-----w C:\Program Files\DAEMON Tools
2007-12-27 08:39 --------- d-----w C:\Program Files\Astonsoft
2007-12-27 08:38 --------- d-----w C:\Program Files\7-Zip
2007-12-26 07:06 --------- d-----w C:\Program Files\Microsoft Games
2007-12-25 06:11 --------- d-----w C:\Program Files\THQ
2007-12-12 09:04 --------- d-----w C:\Program Files\Pinnacle
2007-12-11 16:32 --------- d-----w C:\Documents and Settings\Erwan\Application Data\Apple Computer
2007-12-10 16:54 --------- d-----w C:\Program Files\OpenAL
2007-12-09 05:42 434,471 ----a-w C:\WINDOWS\Lord of the Rings 1.exe
2007-12-09 05:42 306,000 ----a-w C:\WINDOWS\Lord of the Rings 1.scr
2007-12-09 05:42 30,208 ----a-w C:\WINDOWS\mickey32.dll
2007-12-09 05:42 --------- d-----w C:\Documents and Settings\Erwan\Application Data\teamspeak2
2007-12-04 17:37 --------- d-----w C:\Program Files\LimeWire
2007-12-04 14:56 93,264 -c--a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-02 14:50 --------- d-----w C:\Documents and Settings\Erwan\Application Data\vlc
2007-11-30 17:59 --------- d-----w C:\Documents and Settings\Admin\Application Data\Dcads Advanced Toolbar
2007-11-30 13:47 --------- d-----w C:\Program Files\Dcads Advanced Toolbar
2007-11-30 13:46 --------- d-----w C:\Program Files\Dcads Games Collection
2007-11-30 08:12 --------- d-----w C:\Documents and Settings\Erwan\Application Data\My Battle for Middle-earth(tm) II Demo Files
2007-11-17 16:58 --------- d-----w C:\Program Files\Java
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-04_16.36.24,35 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-27 11:01:30 121,421 ----a-w C:\WINDOWS\73B5C5C0FEF44DC189F3C45DC11957DF.TMP\WiseCustomCalla.dll
+ 2008-01-08 09:56:12 121,421 ----a-w C:\WINDOWS\73B5C5C0FEF44DC189F3C45DC11957DF.TMP\WiseCustomCalla.dll
+ 2000-08-31 05:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2006-08-17 12:29:49 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 -c--a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
- 2006-04-20 11:51:50 359,808 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2007-10-30 17:20:55 360,064 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-04-20 11:51:50 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
+ 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
- 2006-08-17 12:29:49 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
+ 2007-11-07 09:28:31 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
- 2007-12-02 23:00:05 18,684,536 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-01-04 13:00:55 80,108 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-11 07:39:45 82,776 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-04 13:00:55 94,252 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-11 07:39:45 97,656 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-04 13:00:55 449,038 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-11 07:39:45 456,122 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-04 13:00:55 467,646 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-11 07:39:45 476,340 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-11 07:51:25 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_568.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15:00 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 17:22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 16:00 79224]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-12-14 18:19 221184]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152]
"PinnacleDriverCheck"="C:\WINDOWS\system32\\PSDrvCheck.exe" [2004-03-10 17:21 406016]
"Gigaget"="C:\Program Files\Giganology\Gigaget\GigagetShell.exe" [2006-02-07 10:28 495616]
"AdslTaskBar"="stmctrl.dll" [2005-02-11 09:38 167936 C:\WINDOWS\system32\stmctrl.dll]
"AAWTray"="C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53 88024]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2006-04-24 13:13 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll 2007-03-05 17:36 140976 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-05 15:00 15360 --a--c--- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-09-25 01:11 132496 --a------ C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-16 17:22 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PinnacleDriverCheck"=C:\WINDOWS\system32\\PSDrvCheck.exe
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe

R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys [2003-08-01 15:47]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2003-03-27 12:55]
R1 moufiltr;Mouse Filter Driver;C:\WINDOWS\system32\drivers\moufiltr.sys [2003-01-23 13:29]
R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys [2004-09-01 15:50]
R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys [2004-08-03 12:10]
R3 P101bVID;Creative WebCam;C:\WINDOWS\system32\DRIVERS\P101bVid.sys [2002-04-28 15:00]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2005-07-07 12:07]
R3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2005-07-07 12:11]
S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2000-01-08 08:22]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 10:52:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-11 10:56:21
ComboFix-quarantined-files.txt 2008-01-11 07:56:17
ComboFix2.txt 2008-01-04 13:37:12
.
2008-01-09 09:12:53 --- E O F ---

DIGIT_89

Ta tro OC kan tu monte 1 Zalman sur ta caftière

Plus d'informations

11-01-2008 à 08:50:39

Masquer

Ben là ça devrait être bon, tu devrais être débarrassé!

---------------
CPU = E6750 O/C 3,6 GHz + Zalman CNPS9700 NT
CM = Asus P5N-E SLI
RAM = 4GO (2x2GO) DDR2 O/C 720 MHz + Dissipateurs Thermiques
GPU = 8800 GTS v2 (G92) O/C
Alim = OCZ GameXstrem

Le_Cid_974 25

LeCid - Pro Ati

Plus d'informations

11-01-2008 à 09:44:42

Masquer

ok, j'ai effectivement remarqué que lorsque je clique sur "poste de travail" ou "panneau de config" j'ai plus d'alerte virus ^^
merci a toi angeldark

Angeldark

Profil : Helper

Plus d'informations

11-01-2008 à 17:53:08

Masquer

DIGIT_89 : tu peux me laisser faire ?
Le_cid, reposte un rapport Hijackthis.

Message cité 1 fois

---------------
Prévention & Protection|Les logiciels gratuits|L'homme du FLCCF

Le_Cid_974 25

LeCid - Pro Ati

Plus d'informations

11-01-2008 à 20:53:47

Masquer

Bien sûr

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:03:21, on 12/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MagicKey.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\MulMouse.exe
C:\Program Files\Ensemble clavier et souris sans fil Labtec\OSD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Giganology\Gigaget\Gigaget.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1