Vundo ! un .dll insuprimable !
Dernière réponse : dans Le monde de Windows
Bonjour tout le monde !
J'ai un gros soucis ! Mon anti-virus Trend Micro Internet security pro ne fait que de s'exiter en m'annoncant un virus :
nom : cryp_tap-2
emplacement: C:\windows\system32\ssqnm.dll
L'antivirus ne peut rien faire, ni le mettre en quarantaine, ni le supprimer. J'essaye alors de l supprimer manuellement mais rien n'y fait!
Après quelques recherches je pense que c'est un vundo, je télécharge donc vundofix. Même après utilisation le virus persévère et reste sur mon ordi !
J'emploie la maniére forte pour le supprimer : -en mode sans echec
-avec total commander
-je termine les processus qui lui sont associé (qui empêchent la suppression) avec Unlocker et tente de le supprimer avec locked files wizard !
RIEN A FAIRE !!! impossible de le supprimer !!!
merci de m'aider c'est la galère !!
PS: un log de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:10, on 05/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Users\iHustle\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfdb.dll,#1
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
--
End of file - 8460 bytes
J'ai un gros soucis ! Mon anti-virus Trend Micro Internet security pro ne fait que de s'exiter en m'annoncant un virus :
nom : cryp_tap-2
emplacement: C:\windows\system32\ssqnm.dll
L'antivirus ne peut rien faire, ni le mettre en quarantaine, ni le supprimer. J'essaye alors de l supprimer manuellement mais rien n'y fait!
Après quelques recherches je pense que c'est un vundo, je télécharge donc vundofix. Même après utilisation le virus persévère et reste sur mon ordi !
J'emploie la maniére forte pour le supprimer : -en mode sans echec
-avec total commander
-je termine les processus qui lui sont associé (qui empêchent la suppression) avec Unlocker et tente de le supprimer avec locked files wizard !
RIEN A FAIRE !!! impossible de le supprimer !!!
merci de m'aider c'est la galère !!
PS: un log de Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:59:10, on 05/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.40\aaCenter.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHookLaunch.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHook32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color Pro\NCProTray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Trend Micro\TrendSecure\TSCFCommander.exe
C:\Program Files\Trend Micro\TrendSecure\TSCFPlatformCOMSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\rundll32.exe
C:\Windows\explorer.exe
C:\Users\iHustle\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O1 - Hosts: ::1 localhost
O3 - Toolbar: Transaction Protector - {E7620C98-FCCC-40E5-92EC-C7685D2E1E40} - C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundTray] C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\khfdb.dll,#1
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MagicTuneEngine - Unknown owner - C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: Orange Contrôle Parental (OPTENET_FILTER) - Unknown owner - C:\Program Files\Controle Parental\bin\optproxy.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Composant de commande centrale Trend Micro (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe
O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\bin\apache\apache2.2.6\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
--
End of file - 8460 bytes
Autres pages sur : vundo dll insuprimable
Lassé par la pub ? Créez un compte
Bonjour,
La .dll est hooké (incrustée). Même en sans échec, elle ne peut être supprimé.
Et des fichiers .ini, .bak, ect. sont là pour remettre la .dll.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double clique sur combofix.exe afin de le lancer.
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
La .dll est hooké (incrustée). Même en sans échec, elle ne peut être supprimé.
Et des fichiers .ini, .bak, ect. sont là pour remettre la .dll.
[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]
J'ai l'impression que le virus à été nettoyer par cobofix car je n'ai plus d'alerte et je ne le voit plus nul part !
enfin voila le log quand même:
ComboFix 08-03-06.4 - iHustle 2008-03-07 12:43:50.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.2669 [GMT 1:00]
Endroit: C:\Users\iHustle\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\ihkmp.ini
C:\Windows\System32\ihkmp.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\mnqss.ini
C:\Windows\System32\mnqss.ini2
C:\Windows\system32\ssqnm.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 12:49 --------- d-----w C:\Users\iHustle\AppData\Roaming\fltk.org
2008-03-06 12:45 --------- d-----w C:\Users\iHustle\AppData\Roaming\Azureus
2008-03-05 19:39 --------- d-----w C:\Users\iHustle\AppData\Roaming\OpenOffice.org2
2008-03-05 19:04 --------- d-----w C:\Program Files\Unlocker
2008-03-05 16:00 --------- d-----w C:\Program Files\Project64 1.6
2008-03-02 20:52 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-02 20:17 --------- d-----w C:\Program Files\Daniusoft
2008-03-02 20:16 --------- d-----w C:\Users\iHustle\AppData\Roaming\Download Manager
2008-03-01 17:59 --------- d-----w C:\Program Files\wamp
2008-03-01 16:03 --------- d-----w C:\Program Files\RegCleaner
2008-03-01 08:41 --------- d-----w C:\ProgramData\Nero
2008-03-01 08:41 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-27 19:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-27 19:13 --------- d-----w C:\ProgramData\WLInstaller
2008-02-24 19:17 --------- d-----w C:\Program Files\Video Converter for Nokia Smartphones
2008-02-14 09:52 --------- d-----w C:\Users\iHustle\AppData\Roaming\Nokia Multimedia Player
2008-02-13 17:29 --------- d-----w C:\ProgramData\Trend Micro
2008-02-13 17:29 --------- d-----w C:\Program Files\Trend Micro
2008-02-13 10:56 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 10:54 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 10:54 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 10:54 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 10:54 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 10:54 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 10:54 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 10:54 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 10:54 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 10:52 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 10:52 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-13 10:52 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 10:52 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 10:52 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 10:52 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 10:52 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-02-13 10:51 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 10:51 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 10:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-13 10:42 --------- d-----w C:\Program Files\eRightSoft
2008-02-13 10:42 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-13 10:30 --------- d-----w C:\Program Files\Cain
2008-02-13 09:23 --------- d-----w C:\Program Files\totalcmd
2008-02-13 09:19 --------- d-----w C:\ProgramData\Nokia
2008-02-13 09:16 --------- d-----w C:\Program Files\Nokia
2008-02-13 09:15 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-13 09:14 --------- d-----w C:\ProgramData\Installations
2008-02-13 09:13 --------- d-----w C:\Users\iHustle\AppData\Roaming\PC Suite
2008-02-13 09:10 --------- d-----w C:\Users\iHustle\AppData\Roaming\Nokia
2008-02-13 09:09 --------- d-----w C:\ProgramData\PC Suite
2008-02-13 09:05 --------- d-----w C:\Program Files\DIFX
2008-02-13 09:05 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-13 09:03 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-12 07:31 --------- d-----w C:\Users\iHustle\AppData\Roaming\Nero
2008-02-12 07:26 --------- d-----w C:\Program Files\Nero
2008-02-11 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 19:34 --------- d-----w C:\Program Files\Veoh Networks
2008-02-07 14:17 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-07 14:05 --------- d-----w C:\Program Files\Valve
2008-02-07 12:46 --------- d-----w C:\ProgramData\Lavasoft
2008-02-07 12:42 --------- d-----w C:\Program Files\Lavasoft
2008-02-07 12:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 19:30 --------- d-----w C:\Program Files\WinPcap
2008-02-05 17:51 --------- d-----w C:\Program Files\VstPlugins
2008-02-05 17:51 --------- d-----w C:\Program Files\Image-Line
2008-02-05 17:49 --------- d-----w C:\Program Files\Notepad++
2008-02-05 12:41 --------- d-----w C:\Program Files\Azureus
2008-02-05 12:38 --------- d-----w C:\ProgramData\Azureus
2008-02-05 12:32 --------- d-----w C:\ProgramData\FLEXnet
2008-02-05 12:29 --------- d-----w C:\Users\iHustle\AppData\Roaming\Notepad++
2008-02-05 12:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 12:02 --------- d-----w C:\Program Files\Bonjour
2008-02-05 11:54 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-03 14:48 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-03 14:39 --------- d-----w C:\ProgramData\WindowsLiveInstaller
2008-02-03 14:39 --------- d-----w C:\Program Files\Windows Live
2008-02-03 10:24 84,992 ----a-w C:\Windows\system32\drivers\FWPKCLNT.SYS
2008-02-03 10:23 --------- d-----w C:\Program Files\Tools
2008-02-03 10:23 --------- d-----w C:\Program Files\Setup
2008-02-03 10:23 --------- d-----w C:\Program Files\Manual
2008-02-01 19:55 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-01 19:54 --------- d-----w C:\Program Files\Java
2008-02-01 19:54 --------- d-----w C:\Program Files\Common Files\Java
2008-02-01 13:08 --------- d-----w C:\Program Files\LucasArts
2008-02-01 12:34 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-01 12:08 --------- d-----w C:\Program Files\Ubisoft
2008-01-31 14:54 --------- d-----w C:\Program Files\DivX
2008-01-31 14:54 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-31 14:36 --------- d-----w C:\Users\iHustle\AppData\Roaming\DivX
2008-01-29 20:01 --------- d-----w C:\Program Files\IZArc
2008-01-29 19:54 --------- d-----w C:\Program Files\MagicISO
2008-01-29 17:25 --------- d-----w C:\Users\iHustle\AppData\Roaming\Logitech
2008-01-29 17:25 --------- d-----w C:\ProgramData\LogiShrd
2008-01-29 17:22 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-29 17:21 --------- d-----w C:\ProgramData\Logitech
2008-01-29 17:21 --------- d-----w C:\Program Files\Logitech
2008-01-29 17:21 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-01-29 17:20 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-27 20:51 --------- d-----w C:\Program Files\Windows Mail
2008-01-27 20:02 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-27 17:41 --------- d-----w C:\Program Files\Audacity
2008-01-27 16:46 --------- d-----w C:\Program Files\OrangeHSS
2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2007-10-31 20:03 103760]
[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-26 20:18 1232896]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 09:19 492808]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-26 20:25 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 07:35 1261568]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 14:53 49152]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-04 21:33 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\Windows\KHALMNPR.Exe]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 09:18 1393928]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 06:10 15872]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"MSServer"="C:\Windows\system32\khfdb.dll" [2008-02-05 13:13 41984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
C:\Users\iHustle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2008-01-25 21:07:56 36864]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-29 18:21:22 784912]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-01-25 20:56:44 49220]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7FC83CEF-E707-4496-8A7F-3643AF660DB5}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{8FA00233-3B75-4ADE-A35F-16AB6EEF0499}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{5E696798-51D3-4195-BE40-EC90549C8F75}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{73DE6CB9-B0FD-4173-AA1E-498DEE021593}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{F6377D74-9CC9-4918-BF4F-D261C632D1E3}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:graw|Desc=graw
"UDP Query User{8F9F56C2-A809-4F6B-81E6-25CB55A67DC7}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:graw|Desc=graw
"{89B3513C-D25B-4BCF-9EF4-798718C8AE2F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{6B8FC23E-B574-4620-91C0-99E67975ABFB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{0F46EA49-4846-49FB-9C66-53DC5D9BD6BC}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{AD421DBE-81EA-4F50-87AA-544E1081B72D}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"TCP Query User{8C935DFF-4D49-4BF4-B7B6-5804FD2A0246}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
"UDP Query User{40F04E36-7385-46E6-A74F-4B34A9C20110}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
"TCP Query User{0D1405CF-0B7C-4A7B-914F-BCD8CE8D69AE}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process |Desc=Nokia Service Layer Host Process
"UDP Query User{0C0AD0D9-0B16-4303-9D7C-6997690E54DB}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process |Desc=Nokia Service Layer Host Process
"TCP Query User{E8991EB6-9E3C-45AB-A2C8-81D8E26C7316}C:\program files\nokia\nokia software updater\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater|Desc=Nokia Software Updater
"UDP Query User{6A4F00F0-3725-47C5-8089-0C84E6355B88}C:\program files\nokia\nokia software updater\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater|Desc=Nokia Software Updater
"{4ACD0EE7-219E-412F-B61D-B9DF14F6253A}"= UDP:C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe![:p]( ":p")
ro Evolution Soccer 2008
"{58EC16BC-F48E-4270-8D31-B1A61D55EBD1}"= TCP:C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe![:p]( ":p")
ro Evolution Soccer 2008
"TCP Query User{94421F4C-88D1-4C14-B8B3-16C2268474DB}C:\program files\valve\steam\steamapps\bernarino\half-life 2 deathmatch\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bernarino\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2
"UDP Query User{1168A1B0-FAD7-43F2-A15E-4691FC56B0EE}C:\program files\valve\steam\steamapps\bernarino\half-life 2 deathmatch\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bernarino\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2
"TCP Query User{526C84C4-8F06-4272-91D0-12088FF6B837}C:\program files\valve\steam\steamapps\bernarino\counter-strike source\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bernarino\counter-strike source\hl2.exe:hl2|Desc=hl2
"UDP Query User{CA27C20C-1A81-4F8D-8309-43E0FAA83C3C}C:\program files\valve\steam\steamapps\bernarino\counter-strike source\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bernarino\counter-strike source\hl2.exe:hl2|Desc=hl2
"{90268994-7411-44BD-AFF2-01A7C213E01F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{17297CDB-EA67-4D5B-B3A5-060CACCBDA91}C:\program files\wamp\bin\apache\apache2.2.6\bin\httpd.exe"= UDP:C:\program files\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server|Desc=Apache HTTP Server
"UDP Query User{C7004F3B-918E-46BE-B989-7018251D8E75}C:\program files\wamp\bin\apache\apache2.2.6\bin\httpd.exe"= TCP:C:\program files\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server|Desc=Apache HTTP Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 09:18]
S2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-07 00:41]
S2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe []
S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 09:18]
S3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 08:30]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-07 15:15]
S3 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe" wampmysqld []
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 10:15]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-06 11:30:26 C:\Windows\Tasks\User_Feed_Synchronization-{F9A71A21-1517-488D-81D1-AC68C8410EAF}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 12:48:28
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-07 12:50:44 - machine was rebooted [iHustle]
ComboFix-quarantined-files.txt 2008-03-07 11:50:40
.
2008-02-14 10:37:45 --- E O F ---
enfin voila le log quand même:
ComboFix 08-03-06.4 - iHustle 2008-03-07 12:43:50.1 - NTFSx86 MINIMAL
Microsoft® Windows Vista™ Professionnel 6.0.6000.0.1252.1.1036.18.2669 [GMT 1:00]
Endroit: C:\Users\iHustle\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\ihkmp.ini
C:\Windows\System32\ihkmp.ini2
C:\Windows\system32\mcrh.tmp
C:\Windows\System32\mnqss.ini
C:\Windows\System32\mnqss.ini2
C:\Windows\system32\ssqnm.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-07 to 2008-03-07 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-06 12:49 --------- d-----w C:\Users\iHustle\AppData\Roaming\fltk.org
2008-03-06 12:45 --------- d-----w C:\Users\iHustle\AppData\Roaming\Azureus
2008-03-05 19:39 --------- d-----w C:\Users\iHustle\AppData\Roaming\OpenOffice.org2
2008-03-05 19:04 --------- d-----w C:\Program Files\Unlocker
2008-03-05 16:00 --------- d-----w C:\Program Files\Project64 1.6
2008-03-02 20:52 --------- d-----w C:\ProgramData\Messenger Plus!
2008-03-02 20:17 --------- d-----w C:\Program Files\Daniusoft
2008-03-02 20:16 --------- d-----w C:\Users\iHustle\AppData\Roaming\Download Manager
2008-03-01 17:59 --------- d-----w C:\Program Files\wamp
2008-03-01 16:03 --------- d-----w C:\Program Files\RegCleaner
2008-03-01 08:41 --------- d-----w C:\ProgramData\Nero
2008-03-01 08:41 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-27 19:15 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-27 19:13 --------- d-----w C:\ProgramData\WLInstaller
2008-02-24 19:17 --------- d-----w C:\Program Files\Video Converter for Nokia Smartphones
2008-02-14 09:52 --------- d-----w C:\Users\iHustle\AppData\Roaming\Nokia Multimedia Player
2008-02-13 17:29 --------- d-----w C:\ProgramData\Trend Micro
2008-02-13 17:29 --------- d-----w C:\Program Files\Trend Micro
2008-02-13 10:56 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 10:54 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-02-13 10:54 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-02-13 10:54 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-02-13 10:54 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-02-13 10:54 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-02-13 10:54 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-02-13 10:54 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-02-13 10:54 15,872 ----a-w C:\Windows\system32\drivers\kbdhid.sys
2008-02-13 10:52 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 10:52 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-02-13 10:52 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 10:52 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 10:52 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 10:52 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 10:52 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-02-13 10:51 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 10:51 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 10:50 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-13 10:42 --------- d-----w C:\Program Files\eRightSoft
2008-02-13 10:42 --------- d-----w C:\Program Files\AviSynth 2.5
2008-02-13 10:30 --------- d-----w C:\Program Files\Cain
2008-02-13 09:23 --------- d-----w C:\Program Files\totalcmd
2008-02-13 09:19 --------- d-----w C:\ProgramData\Nokia
2008-02-13 09:16 --------- d-----w C:\Program Files\Nokia
2008-02-13 09:15 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-13 09:14 --------- d-----w C:\ProgramData\Installations
2008-02-13 09:13 --------- d-----w C:\Users\iHustle\AppData\Roaming\PC Suite
2008-02-13 09:10 --------- d-----w C:\Users\iHustle\AppData\Roaming\Nokia
2008-02-13 09:09 --------- d-----w C:\ProgramData\PC Suite
2008-02-13 09:05 --------- d-----w C:\Program Files\DIFX
2008-02-13 09:05 --------- d-----w C:\Program Files\Common Files\PCSuite
2008-02-13 09:03 --------- d-----w C:\Program Files\PC Connectivity Solution
2008-02-12 07:31 --------- d-----w C:\Users\iHustle\AppData\Roaming\Nero
2008-02-12 07:26 --------- d-----w C:\Program Files\Nero
2008-02-11 19:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-11 19:34 --------- d-----w C:\Program Files\Veoh Networks
2008-02-07 14:17 --------- d-----w C:\Program Files\Common Files\Steam
2008-02-07 14:05 --------- d-----w C:\Program Files\Valve
2008-02-07 12:46 --------- d-----w C:\ProgramData\Lavasoft
2008-02-07 12:42 --------- d-----w C:\Program Files\Lavasoft
2008-02-07 12:41 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-06 19:30 --------- d-----w C:\Program Files\WinPcap
2008-02-05 17:51 --------- d-----w C:\Program Files\VstPlugins
2008-02-05 17:51 --------- d-----w C:\Program Files\Image-Line
2008-02-05 17:49 --------- d-----w C:\Program Files\Notepad++
2008-02-05 12:41 --------- d-----w C:\Program Files\Azureus
2008-02-05 12:38 --------- d-----w C:\ProgramData\Azureus
2008-02-05 12:32 --------- d-----w C:\ProgramData\FLEXnet
2008-02-05 12:29 --------- d-----w C:\Users\iHustle\AppData\Roaming\Notepad++
2008-02-05 12:02 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 12:02 --------- d-----w C:\Program Files\Bonjour
2008-02-05 11:54 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-02-03 14:48 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-02-03 14:39 --------- d-----w C:\ProgramData\WindowsLiveInstaller
2008-02-03 14:39 --------- d-----w C:\Program Files\Windows Live
2008-02-03 10:24 84,992 ----a-w C:\Windows\system32\drivers\FWPKCLNT.SYS
2008-02-03 10:23 --------- d-----w C:\Program Files\Tools
2008-02-03 10:23 --------- d-----w C:\Program Files\Setup
2008-02-03 10:23 --------- d-----w C:\Program Files\Manual
2008-02-01 19:55 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-02-01 19:54 --------- d-----w C:\Program Files\Java
2008-02-01 19:54 --------- d-----w C:\Program Files\Common Files\Java
2008-02-01 13:08 --------- d-----w C:\Program Files\LucasArts
2008-02-01 12:34 --------- d-----w C:\Program Files\AGEIA Technologies
2008-02-01 12:08 --------- d-----w C:\Program Files\Ubisoft
2008-01-31 14:54 --------- d-----w C:\Program Files\DivX
2008-01-31 14:54 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-01-31 14:36 --------- d-----w C:\Users\iHustle\AppData\Roaming\DivX
2008-01-29 20:01 --------- d-----w C:\Program Files\IZArc
2008-01-29 19:54 --------- d-----w C:\Program Files\MagicISO
2008-01-29 17:25 --------- d-----w C:\Users\iHustle\AppData\Roaming\Logitech
2008-01-29 17:25 --------- d-----w C:\ProgramData\LogiShrd
2008-01-29 17:22 0 ---ha-w C:\Windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-01-29 17:21 --------- d-----w C:\ProgramData\Logitech
2008-01-29 17:21 --------- d-----w C:\Program Files\Logitech
2008-01-29 17:21 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-01-29 17:20 716,272 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-27 20:51 --------- d-----w C:\Program Files\Windows Mail
2008-01-27 20:02 --------- d-----w C:\Program Files\Common Files\Logitech
2008-01-27 17:41 --------- d-----w C:\Program Files\Audacity
2008-01-27 16:46 --------- d-----w C:\Program Files\OrangeHSS
2006-05-03 10:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 11:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E7620C98-FCCC-40E5-92EC-C7685D2E1E40}"= "C:\Program Files\Trend Micro\TrendSecure\TransactionProtector\TSToolbar.dll" [2007-10-31 20:03 103760]
[HKEY_CLASSES_ROOT\clsid\{e7620c98-fccc-40e5-92ec-c7685d2e1e40}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EC525605-2266-4775-8F78-A68A6446465C}]
[HKEY_CLASSES_ROOT\TSToolbar.TSProtectorBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-26 20:18 1232896]
"OE"="C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2007-11-06 09:19 492808]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-26 20:25 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-06-06 07:35 1261568]
"SoundTray"="C:\Program Files\Analog Devices\SoundMAX\SoundTray.exe" [2007-05-21 14:53 49152]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-09-06 11:19 1426432]
"CPU Power Monitor"="C:\Program Files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2007-10-04 21:33 626176]
"Cpu Level Up help"="C:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-09-11 10:32 880640]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\Windows\KHALMNPR.Exe]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 20:43 331776]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2007-11-06 09:18 1393928]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-03-01 06:10 15872]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]
"MSServer"="C:\Windows\system32\khfdb.dll" [2008-02-05 13:13 41984]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]
C:\Users\iHustle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 21:57:56 393216]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2008-01-25 21:07:56 36864]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-01-29 18:21:22 784912]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-01-25 20:56:44 49220]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7FC83CEF-E707-4496-8A7F-3643AF660DB5}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{8FA00233-3B75-4ADE-A35F-16AB6EEF0499}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{5E696798-51D3-4195-BE40-EC90549C8F75}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{73DE6CB9-B0FD-4173-AA1E-498DEE021593}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"TCP Query User{F6377D74-9CC9-4918-BF4F-D261C632D1E3}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe"= UDP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:graw|Desc=graw
"UDP Query User{8F9F56C2-A809-4F6B-81E6-25CB55A67DC7}C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe"= TCP:C:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:graw|Desc=graw
"{89B3513C-D25B-4BCF-9EF4-798718C8AE2F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"{6B8FC23E-B574-4620-91C0-99E67975ABFB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{0F46EA49-4846-49FB-9C66-53DC5D9BD6BC}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{AD421DBE-81EA-4F50-87AA-544E1081B72D}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"TCP Query User{8C935DFF-4D49-4BF4-B7B6-5804FD2A0246}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
"UDP Query User{40F04E36-7385-46E6-A74F-4B34A9C20110}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
"TCP Query User{0D1405CF-0B7C-4A7B-914F-BCD8CE8D69AE}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= UDP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process |Desc=Nokia Service Layer Host Process
"UDP Query User{0C0AD0D9-0B16-4303-9D7C-6997690E54DB}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe"= TCP:C:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process |Desc=Nokia Service Layer Host Process
"TCP Query User{E8991EB6-9E3C-45AB-A2C8-81D8E26C7316}C:\program files\nokia\nokia software updater\nsu_ui_client.exe"= UDP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater|Desc=Nokia Software Updater
"UDP Query User{6A4F00F0-3725-47C5-8089-0C84E6355B88}C:\program files\nokia\nokia software updater\nsu_ui_client.exe"= TCP:C:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater|Desc=Nokia Software Updater
"{4ACD0EE7-219E-412F-B61D-B9DF14F6253A}"= UDP:C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe
ro Evolution Soccer 2008"{58EC16BC-F48E-4270-8D31-B1A61D55EBD1}"= TCP:C:\Program Files\Pro Evolution Soccer 2008\PES2008.exe
ro Evolution Soccer 2008"TCP Query User{94421F4C-88D1-4C14-B8B3-16C2268474DB}C:\program files\valve\steam\steamapps\bernarino\half-life 2 deathmatch\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bernarino\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2
"UDP Query User{1168A1B0-FAD7-43F2-A15E-4691FC56B0EE}C:\program files\valve\steam\steamapps\bernarino\half-life 2 deathmatch\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bernarino\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2
"TCP Query User{526C84C4-8F06-4272-91D0-12088FF6B837}C:\program files\valve\steam\steamapps\bernarino\counter-strike source\hl2.exe"= UDP:C:\program files\valve\steam\steamapps\bernarino\counter-strike source\hl2.exe:hl2|Desc=hl2
"UDP Query User{CA27C20C-1A81-4F8D-8309-43E0FAA83C3C}C:\program files\valve\steam\steamapps\bernarino\counter-strike source\hl2.exe"= TCP:C:\program files\valve\steam\steamapps\bernarino\counter-strike source\hl2.exe:hl2|Desc=hl2
"{90268994-7411-44BD-AFF2-01A7C213E01F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
"TCP Query User{17297CDB-EA67-4D5B-B3A5-060CACCBDA91}C:\program files\wamp\bin\apache\apache2.2.6\bin\httpd.exe"= UDP:C:\program files\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server|Desc=Apache HTTP Server
"UDP Query User{C7004F3B-918E-46BE-B989-7018251D8E75}C:\program files\wamp\bin\apache\apache2.2.6\bin\httpd.exe"= TCP:C:\program files\wamp\bin\apache\apache2.2.6\bin\httpd.exe:Apache HTTP Server|Desc=Apache HTTP Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
S1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;C:\Windows\system32\DRIVERS\tmlwf.sys [2007-11-06 09:18]
S2 AEADIFilters;Andrea ADI Filters Service;C:\Windows\system32\AEADISRV.EXE [2007-06-07 00:41]
S2 OPTENET_FILTER;Orange Contrôle Parental;C:\Program Files\Controle Parental\bin\optproxy.exe []
S2 tmwfp;Trend Micro WFP Callout Driver;C:\Windows\system32\DRIVERS\tmwfp.sys [2007-11-06 09:18]
S3 MRV6X32P;Pilote WiFi natif Vista 32-bits;C:\Windows\system32\DRIVERS\MRVW13B.sys [2006-11-02 08:30]
S3 PCAMp50;PCAMp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCAMp50.sys [2006-11-28 21:46]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\Windows\system32\Drivers\PCASp50.sys [2006-11-28 21:46]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-02-07 15:15]
S3 wampapache;wampapache;"C:\Program Files\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;"C:\Program Files\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe" wampmysqld []
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-05-24 10:15]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-06 11:30:26 C:\Windows\Tasks\User_Feed_Synchronization-{F9A71A21-1517-488D-81D1-AC68C8410EAF}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-07 12:48:28
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-07 12:50:44 - machine was rebooted [iHustle]
ComboFix-quarantined-files.txt 2008-03-07 11:50:40
.
2008-02-14 10:37:45 --- E O F ---
Re,
On continue![:)]( ":)")
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
![]()
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
On continue
[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
File::
C:\Windows\system32\khfdb.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
C:\Windows\system32\khfdb.dll
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSServer"=-
Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]
salut,
en matiere de virus je fais gaffe donc vous oubliez SOUVENT une chose
TRES IMPORTANTE, quand vous tentez de supprimer un virus, ne nettoyez pas
la facade si vous laisser la cave dans un etat de delabrement.
je pense à la base de registre car il faut savoir qu'un virus n'est pas venu seul,
en general il vient avec sa famille ses potes sa bande.
alors si vous voulez un disk propre, chercher le repertoire qui s'est incrusté
dans la base de registre et qui fera renaitre le virus car c'est ce qui se
passe.
le virus que tu as est un polymorphe donc il se regenere automatiquement,
voila, soit tu nettoies ta base, soit tu trouves un bon killer soit tu
formates,
soit methodique et tu devrais y arriver et pense aussi a visiter le
programme files et voit si un intrus y figure.
bon courage
en matiere de virus je fais gaffe donc vous oubliez SOUVENT une chose
TRES IMPORTANTE, quand vous tentez de supprimer un virus, ne nettoyez pas
la facade si vous laisser la cave dans un etat de delabrement.
je pense à la base de registre car il faut savoir qu'un virus n'est pas venu seul,
en general il vient avec sa famille ses potes sa bande.
alors si vous voulez un disk propre, chercher le repertoire qui s'est incrusté
dans la base de registre et qui fera renaitre le virus car c'est ce qui se
passe.
le virus que tu as est un polymorphe donc il se regenere automatiquement,
voila, soit tu nettoies ta base, soit tu trouves un bon killer soit tu
formates,
soit methodique et tu devrais y arriver et pense aussi a visiter le
programme files et voit si un intrus y figure.
bon courage
Lassé par la pub ? Créez un compte
