comment formater suite à virus innatrapable (Résolu!) (1/12)

Otmovelt
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared\Service moved successfully.
C:\Program Files\Fichiers communs\BOONTY Shared moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07252008_011018

Combofix:
ComboFix 08-07-24.3 - moi 2008-07-25 14:31:24.3 - [color=red]FAT32[/color]x86
Endroit: C:\Documents and Settings\moi\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-06-25 to 2008-07-25 ))))))))))))))))))))))))))))))))))))
.

2008-07-25 01:49 . 2008-07-23 13:14 <REP> d-------- C:\327882R2FWJFW
2008-07-25 01:10 . 2008-07-25 01:10 <REP> d-------- C:\_OTMoveIt
2008-07-23 23:28 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-23 23:27 . 2008-07-23 23:27 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-23 23:27 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-23 09:26 . 2008-07-25 14:28 121 --a------ C:\WINDOWS\bdagent.INI
2008-07-23 09:06 . 2008-07-23 09:06 <REP> d-------- C:\Program Files\BitDefender
2008-07-23 09:06 . 2008-07-23 09:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-23 09:03 . 2008-07-23 09:03 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2008-07-22 13:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-22 01:29 . 2001-08-17 21:28 794,399 --a------ C:\WINDOWS\system32\dllcache\usr1806v.sys
2008-07-22 01:28 . 2001-08-17 21:28 794,654 --a------ C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-22 01:27 . 2001-08-23 16:57 286,848 --a------ C:\WINDOWS\system32\dllcache\stlnata.sys
2008-07-22 01:26 . 2001-08-23 17:47 495,616 --a------ C:\WINDOWS\system32\dllcache\sblfx.dll
2008-07-22 01:25 . 2001-08-23 17:18 899,914 --a------ C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-22 01:24 . 2001-08-17 22:05 351,616 --a------ C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-07-22 01:23 . 2004-08-19 16:03 132,695 --a------ C:\WINDOWS\system32\dllcache\netwlan5.sys
2008-07-22 01:22 . 2001-08-17 21:28 797,500 --a------ C:\WINDOWS\system32\dllcache\ltsmt.sys
2008-07-22 01:21 . 2001-08-17 21:28 802,683 --a------ C:\WINDOWS\system32\dllcache\ltsm.sys
2008-07-22 01:14 . 2004-08-19 16:00 14,848 --a------ C:\WINDOWS\system32\dllcache\kbdhid.sys
2008-07-22 01:10 . 2004-08-19 16:09 702,845 --a------ C:\WINDOWS\system32\dllcache\i81xdnt5.dll
2008-07-22 01:09 . 2001-08-17 21:28 542,879 --a------ C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-07-22 01:08 . 2001-08-23 17:19 908,000 --a------ C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-07-22 01:07 . 2001-08-23 17:46 1,733,120 --a------ C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-22 01:06 . 2001-08-23 17:13 634,166 --a------ C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-07-22 01:05 . 2001-08-17 20:14 952,007 --a------ C:\WINDOWS\system32\dllcache\diwan.sys
2008-07-22 01:04 . 2001-08-23 17:04 980,034 --a------ C:\WINDOWS\system32\dllcache\cicap.sys
2008-07-22 01:03 . 2001-08-17 22:05 314,752 --a------ C:\WINDOWS\system32\dllcache\camdro21.sys
2008-07-22 01:03 . 2001-08-23 17:47 244,224 --a------ C:\WINDOWS\system32\dllcache\camext20.ax
2008-07-22 01:03 . 2001-08-23 17:47 236,032 --a------ C:\WINDOWS\system32\dllcache\camext20.dll
2008-07-22 01:03 . 2001-08-17 22:04 223,232 --a------ C:\WINDOWS\system32\dllcache\camdrv21.sys
2008-07-22 01:03 . 2001-08-17 22:04 171,264 --a------ C:\WINDOWS\system32\dllcache\camdrv30.sys
2008-07-22 01:03 . 2001-08-17 20:13 164,923 --a------ C:\WINDOWS\system32\dllcache\diapi2.sys
2008-07-22 01:03 . 2001-08-23 17:47 119,296 --a------ C:\WINDOWS\system32\dllcache\camext30.dll
2008-07-22 01:03 . 2001-08-23 17:47 116,736 --a------ C:\WINDOWS\system32\dllcache\camext30.ax
2008-07-22 01:03 . 2001-08-23 17:47 74,240 --a------ C:\WINDOWS\system32\dllcache\camexo20.dll
2008-07-22 01:03 . 2001-08-23 17:47 73,216 --a------ C:\WINDOWS\system32\dllcache\camexo20.ax
2008-07-22 01:03 . 2001-08-23 17:47 32,256 --a------ C:\WINDOWS\system32\dllcache\diapi2NT.dll
2008-07-22 01:02 . 2001-08-17 21:12 60,416 --a------ C:\WINDOWS\system32\dllcache\brserwdm.sys
2008-07-22 01:02 . 2001-08-23 17:01 39,808 --a------ C:\WINDOWS\system32\dllcache\brparwdm.sys
2008-07-22 01:02 . 2001-08-17 20:11 31,529 --a------ C:\WINDOWS\system32\dllcache\brzwlan.sys
2008-07-22 01:02 . 2001-08-23 17:02 14,080 --a------ C:\WINDOWS\system32\dllcache\bulltlp3.sys
2008-07-22 01:02 . 2001-08-17 21:12 11,008 --a------ C:\WINDOWS\system32\dllcache\brusbmdm.sys
2008-07-22 01:02 . 2001-08-17 21:12 10,368 --a------ C:\WINDOWS\system32\dllcache\brusbscn.sys
2008-07-22 01:02 . 2001-08-23 17:46 9,728 --a------ C:\WINDOWS\system32\dllcache\brserif.dll
2008-07-22 01:02 . 2001-08-23 17:46 5,120 --a------ C:\WINDOWS\system32\dllcache\brscnrsm.dll
2008-07-22 01:02 . 2001-08-17 21:12 3,168 --a------ C:\WINDOWS\system32\dllcache\brparimg.sys
2008-07-22 00:59 . 2001-08-23 17:46 382,592 --a------ C:\WINDOWS\system32\dllcache\atidrab.dll
2008-07-22 00:58 . 2001-08-17 22:07 101,888 --a------ C:\WINDOWS\system32\dllcache\adpu160m.sys
2008-07-22 00:58 . 2001-08-17 22:07 55,168 --a------ C:\WINDOWS\system32\dllcache\aic78u2.sys
2008-07-22 00:58 . 2001-08-17 20:11 46,112 --a------ C:\WINDOWS\system32\dllcache\adptsf50.sys
2008-07-22 00:58 . 2001-08-23 17:47 24,576 --a------ C:\WINDOWS\system32\dllcache\agcgauge.ax
2008-07-22 00:58 . 2001-08-17 21:52 12,800 --a------ C:\WINDOWS\system32\dllcache\aha154x.sys
2008-07-22 00:52 . 2001-08-17 20:19 747,392 --a------ C:\WINDOWS\system32\dllcache\adm8830.sys
2008-07-22 00:52 . 2001-08-17 20:19 584,448 --a------ C:\WINDOWS\system32\dllcache\adm8810.sys
2008-07-22 00:52 . 2001-08-17 20:19 553,984 --a------ C:\WINDOWS\system32\dllcache\adm8820.sys
2008-07-22 00:52 . 2001-08-17 20:11 20,160 --a------ C:\WINDOWS\system32\dllcache\adm8511.sys
2008-07-22 00:52 . 2004-08-03 22:32 10,880 --a------ C:\WINDOWS\system32\dllcache\admjoy.sys
2008-07-22 00:52 . 2001-08-17 21:53 7,424 --a------ C:\WINDOWS\system32\dllcache\adicvls.sys
2008-07-22 00:36 . 2001-08-23 17:46 66,048 --a------ C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-07-21 04:07 . 2008-07-21 04:07 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-19 23:58 . 2008-07-19 23:58 <REP> d-------- C:\Program Files\Softwin
2008-07-19 23:58 . 2008-07-19 23:58 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-07-19 17:51 . 2001-08-28 14:00 28,288 --a------ C:\WINDOWS\system32\dllcache\xjis.nls
2008-07-19 17:47 . 2001-08-28 14:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prcp.nls
2008-07-19 17:47 . 2001-08-28 14:00 83,748 --a------ C:\WINDOWS\system32\dllcache\prc.nls
2008-07-19 17:44 . 2001-08-28 14:00 47,066 --a------ C:\WINDOWS\system32\dllcache\ksc.nls
2008-07-19 17:37 . 2001-08-28 14:00 82,172 --a------ C:\WINDOWS\system32\dllcache\bopomofo.nls
2008-07-19 17:37 . 2001-08-28 14:00 66,728 --a------ C:\WINDOWS\system32\dllcache\big5.nls
2008-07-19 03:12 . 2008-07-19 03:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-18 16:25 . 2008-07-18 16:25 <REP> d-------- C:\virtualroots
2008-07-18 16:25 . 2008-07-18 16:25 <REP> d-------- C:\Program Files\HP
2008-07-18 16:24 . 2008-07-18 16:24 <REP> d-------- C:\WINDOWS\SHELLNEW
2008-07-18 16:23 . 2008-07-18 16:23 <REP> d-------- C:\Program Files\Java
2008-07-18 16:23 . 2008-07-18 16:23 <REP> d-------- C:\Program Files\iTunes
2008-07-18 16:23 . 2008-07-18 16:23 <REP> d-------- C:\Program Files\iPod
2008-07-18 16:23 . 2008-07-18 16:23 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-18 16:23 . 2008-07-18 16:23 <REP> dr-h----- C:\MSOCache
2008-07-18 16:22 . 2008-07-18 16:22 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-17 17:41 . 2008-07-17 17:41 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-07-11 02:43 . 2008-07-11 02:43 <REP> d-------- C:\fsaua.data
2008-07-11 02:29 . 2008-07-11 02:29 <REP> d-------- C:\WINDOWS\McAfee.com
2008-07-09 02:23 . 2008-07-09 02:23 <REP> d-------- C:\Documents and Settings\moi\.housecall6.6
2008-07-08 23:04 . 2008-07-08 23:04 <REP> d-------- C:\Program Files\Panda Security
2008-07-07 21:57 . 2008-07-07 21:57 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-07-07 04:08 . 2008-07-07 04:08 <REP> d-------- C:\Program Files\YesMessenger
2008-07-07 04:08 . 2008-07-07 04:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-07 04:07 . 2008-07-07 04:08 <REP> d--hs---- C:\FOUND.000

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 12:37 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-07-24 00:32 1,924 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 12:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage(2)
2008-05-28 09:58 --------- d-----w C:\Program Files\Sun
2008-05-11 21:32 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-05-11 21:32 249,856 ------w C:\WINDOWS\Setup1.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2006-07-16 19:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2006-05-25 00:05 54 ----a-w C:\Program Files\bit3.bat
2006-05-25 00:05 54 ----a-w C:\Program Files\bit2.bat
2006-05-25 00:05 54 ----a-w C:\Program Files\bit.bat
2006-05-25 00:04 54 ----a-w C:\Program Files\inc1.bat
2006-05-25 00:04 41 ----a-w C:\Program Files\sleep.bat
2006-04-12 14:52 266 --sh--w C:\Program Files\desktop.ini
2006-04-12 14:52 11,208 ---h--w C:\Program Files\folder.htt
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 05:00 98304]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"RegistryBooster 2 d’Uniblue "="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2007-11-21 17:07 1902592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo RX420 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE" [2004-04-09 05:00 98304]
"SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 16:53 73840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"RaidTool"="C:\Program Files\VIA\RAID\raid_tool.exe" [2004-10-11 08:54 589824]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-03-24 01:43 652528]
"AudioDeck"="C:\Program Files\VIAudioi\SBADeck\ADeck.exe" [2005-09-06 05:10 450560]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 16:46 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-05-23 19:16 368640]
"VTTimer"="VTTimer.exe" [2004-10-01 10:31 53248 C:\WINDOWS\system32\VTTimer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"slide.exe"=c:\progra~1\slide\slide.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MsMsgs.EXE"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\WINDOWS\\PCHEALTH\\HELPCTR\\Binaries\\HELPCTR.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"23:TCP"= 23:TCP:*:Disabled:port

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R0 tffsport;M-Systems DiskOnChip 2000;C:\WINDOWS\system32\DRIVERS\tffsport.sys [2004-08-03 23:00]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2006-07-18 12:02]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2006-07-18 12:02]
R3 PAC7311;VGA SoC PC-Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2005-06-27 18:09]
S2 wins;wins(WINS);C:\WINDOWS\system32\winscntrl.exe []
S3 p2pgasvc;Authentification de groupe réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-20 01:10]
S3 p2pimsvc;Gestionnaire d'identité réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-20 01:10]
S3 p2psvc;Réseau homologue;C:\WINDOWS\system32\svchost.exe [2004-08-20 01:10]
S3 PNRPSvc;Protocole de résolution de noms d'homologues;C:\WINDOWS\system32\svchost.exe [2004-08-20 01:10]
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-04 07:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 08:08]
S4 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe []
S4 NBSystem;Network Browser;C:\WINDOWS\system32\nbsystem.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
bdx REG_MULTI_SZ scan
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2007-04-04 13:24:56 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
"2008-07-25 12:10:12 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://google.fr/
R0 -: HKCU-Main,Default_Search_URL =
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 -: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?58f5005e9f88412184a89bc9eaae6c17
O8 -: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?58f5005e9f88412184a89bc9eaae6c17
O8 -: Recherche sur eBay - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-25 14:37:25
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

C:\WINDOWS\Explorer.EXE [656] 0xFF726BC0

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-25 14:40:53
ComboFix-quarantined-files.txt 2008-07-25 12:40:40
ComboFix3.txt 2008-07-24 00:34:42
ComboFix2.txt 2008-07-25 00:01:00

Pre-Run: 15,855,058,944 octets libres
Post-Run: 15,853,322,240 octets libres

236 --- E O F --- 2008-07-19 23:22:04

J'ai refais un rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:58, on 25/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\tlntsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Documents and Settings\moi\Mes documents\HiJackThis.exe
C:\Documents and Settings\moi\Local Settings\Temporary Internet Files\Content.IE5\I8Q1F148\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /M "Stylus Photo RX420" /EF "HKCU"
O4 - HKCU\..\Run: [RegistryBooster 2 d’Uniblue ] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?58f5005e9f88412184a89bc9eaae6c17
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?58f5005e9f88412184a89bc9eaae6c17
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://toolbar.imageshack.us
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://squel59msn.spaces.live.com/PhotoUpload/MsnPUpld.cab?10,0,912,0
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://bitdefender.bwm-mediasoft.com/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1145368972718
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epson-europe.com/selftest/fr/Prg/ESTPTest.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_13.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5335/mcfscan.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: wins(WINS) (wins) - Unknown owner - C:\WINDOWS\system32\winscntrl.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 11254 bytes

comment formater suite à virus innatrapable

Participer! →

casimodotte →

Le 23 juillet à 23:05 #

tonic02 →

Le 24 juillet à 00:47 #

casimodotte →

Le 24 juillet à 03:16 #

tonic02 →

Le 24 juillet à 04:08 #

Ichigo11 →

Le 24 juillet à 04:28 #

tonic02 →

Le 24 juillet à 04:48 #

casimodotte →

Le 25 juillet à 13:52 #

Ichigo11 →

Le 25 juillet à 17:53 #

casimodotte →

Le 25 juillet à 18:12 #

Ichigo11 →

Le 25 juillet à 18:24 #

Participer! →

Sujets Connexes

Arakien & WéWé

Du nouveau ?

Forums

Navigation

Publicité

Connectés

Recherche

Annonces

Partenaires

	comment formater suite à virus innatrapable
	» Liste des Forums » Virus, troyens, etc... » Discussion