Analyse Hijackthis virus

Résolu
aripou Messages postés 25 Statut Membre -  
sherred Messages postés 8605 Statut Membre -
Bonjour,
J'ai un virus qui est détecté par AVG, mais qui revient toujours, même si j'ai fait un scan en mode sans échec. Pouvez-vous m'aider à m'en débarasser. Voilà un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:10, on 2008-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.canoe.ca/accueil.html
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Browser Helper Object - {AFD4AD01-58C1-47DB-A404-FBE00A6C5486} - C:\Program Files\Common\_helper.dll (file missing)
O2 - BHO: (no name) - {bce00324-24b8-4f33-a573-466f7564713b} - C:\WINDOWS\system32\lilofati.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ZCfgSvc.exe] C:\WINDOWS\system32\ZCfgSvc.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] "C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe"
O4 - HKLM\..\Run: [nuwivayuse] "Rundll32.exe" "C:\WINDOWS\system32\wonizaki.dll",s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CPMbf365421] "Rundll32.exe" "C:\WINDOWS\system32\batujuko.dll",a
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [TOSCDSPD] "C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [nuwivayuse] Rundll32.exe "C:\WINDOWS\system32\wonizaki.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [nuwivayuse] Rundll32.exe "C:\WINDOWS\system32\wonizaki.dll",s (User 'NETWORK SERVICE')
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_05) - https://sdlc-esd.oracle.com/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab?GroupName=JSC&FilePath=/ESD40/JSCDL/jre/6u5-b19/jinstall-6u5-windows-i586-jc.cab&BHost=javadl.sun.com&File=jinstall-6u5-windows-i586-jc.cab&AuthParam=1580944752_ad714b48b0d186f5adbe4ba05260ecbd&ext=.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter hijack: text/html - {530f8087-264b-4fca-abed-a29204d8f38c} - C:\WINDOWS\system32\mst120.dll
O20 - AppInit_DLLs: c:\windows\system32\batujuko.dll,C:\WINDOWS\system32\movemora.dll,avgrsstx.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\batujuko.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\batujuko.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8816 bytes

Merci!!!! Joyeuses fêtes!!
Configuration: Windows XP
Internet Explorer 6.0

3 réponses

  1. sherred Messages postés 8605 Statut Membre 351
     
    Télécharge combofix.exe
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    clique combofix.exe.
    touche 1 (Yes) pour démarrer le scan.
    une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve également ici : C:\Combofix.txt

    Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.et provisoirement
    arrete les anti virus et autres protection pendand l'analyse
    Pendant la durée de l'analyse ne te sert pas de ton pc

    une fois l'analyse terminé ,remet toute tes protections antivirus et antispywares
    0
  2. aripou Messages postés 25 Statut Membre 1
     
    Bonjour,

    J'ai peut-être fait une erreur en ouvrant combofix, mais il ne m'A pas donné d'option 1 ou 2... Il a commencé èa scanner tout de suite... J'espère qu'Il n'a pas effacé quelque chose qu'il ne fallait pas...
    Je vous mets quand même le rapport.

    Merci

    ComboFix 08-12-24.01 - computer 2008-12-24 15:36:22.1 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.641 [GMT -5:00]
    Running from: c:\downloads\ComboFix.exe
    * Created a new restore point

    [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Common\helper.sig
    c:\windows\system32\aginodut.ini
    c:\windows\system32\ajokawen.ini
    c:\windows\system32\ekiyedat.ini
    c:\windows\system32\etobibef.ini
    c:\windows\system32\ipurihib.ini
    c:\windows\system32\onazedet.ini
    c:\windows\system32\onulavur.ini
    c:\windows\system32\uzebusaw.ini

    .
    ((((((((((((((((((((((((( Files Created from 2008-11-24 to 2008-12-24 )))))))))))))))))))))))))))))))
    .

    2008-12-24 15:34 . 2008-12-24 15:35 <DIR> d-------- C:\32788R22FWJFW
    2008-12-23 23:30 . 2008-12-23 23:30 <DIR> d-------- c:\program files\Trend Micro
    2008-12-23 23:11 . 2008-12-23 23:11 <DIR> d-------- c:\program files\CCleaner
    2008-12-23 21:19 . 2008-12-23 21:19 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Webroot
    2008-12-23 21:19 . 2008-12-23 21:20 <DIR> d-------- c:\documents and settings\Administrator
    2008-12-15 14:30 . 2008-12-23 21:16 <DIR> d--h----- C:\$AVG8.VAULT$
    2008-12-15 14:28 . 2008-12-24 10:12 <DIR> d-------- c:\windows\system32\drivers\Avg
    2008-12-15 14:28 . 2008-12-15 14:28 <DIR> d-------- c:\program files\AVG
    2008-12-15 14:28 . 2008-12-15 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
    2008-12-15 14:28 . 2008-12-15 14:28 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
    2008-12-15 14:28 . 2008-12-15 14:28 10,520 --a------ c:\windows\system32\avgrsstx.dll
    2008-12-15 14:02 . 2008-12-15 14:02 268 --ah----- C:\sqmdata17.sqm
    2008-12-15 14:02 . 2008-12-15 14:02 244 --ah----- C:\sqmnoopt17.sqm
    2008-12-12 17:53 . 2008-12-12 17:53 <DIR> d-------- C:\HEROES
    2008-12-12 11:59 . 2008-12-12 11:59 <DIR> d-------- c:\documents and settings\computer\Application Data\Apple Computer
    2008-12-11 21:39 . 2008-12-12 11:09 54,156 --ah----- c:\windows\QTFont.qfn
    2008-12-11 21:39 . 2008-12-11 21:39 1,409 --a------ c:\windows\QTFont.for
    2008-12-11 21:38 . 2008-12-24 15:40 6,265 --a------ C:\logfile
    2008-12-11 21:36 . 2008-12-11 21:37 <DIR> d-------- c:\program files\QuickTime
    2008-12-11 21:36 . 2008-12-11 21:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
    2008-12-11 21:35 . 2008-12-11 21:35 <DIR> d-------- c:\program files\Common Files\Kodak
    2008-12-11 21:35 . 2004-08-04 03:56 159,232 --a------ c:\windows\system32\ptpusd.dll
    2008-12-11 21:35 . 2004-08-04 01:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
    2008-12-11 21:35 . 2004-08-04 01:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
    2008-12-11 21:35 . 2001-08-18 01:36 5,632 --a------ c:\windows\system32\ptpusb.dll
    2008-12-11 21:34 . 2008-12-11 21:36 <DIR> d-------- c:\program files\Kodak
    2008-12-11 21:31 . 2008-12-11 21:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kodak
    2008-12-04 19:15 . 2008-12-04 19:16 <DIR> d-------- c:\windows\system32\NtmsData
    2008-12-02 13:31 . 2008-12-02 13:31 <DIR> d-------- c:\windows\system32\IOSUBSYS
    2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\SHOUTcast Source
    2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\OpenSource Flash Video Splitter
    2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\MONOGRAM AMR SplitterDecoder
    2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\DScaler5
    2008-11-30 15:02 . 2008-11-30 15:02 <DIR> d-------- c:\program files\CD Audio Reader Filter
    2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\Haali
    2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\ffdshow
    2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\DSP-worx
    2008-11-30 15:01 . 2008-11-30 15:01 <DIR> d-------- c:\program files\DirectVobSub
    2008-11-30 15:01 . 2007-11-29 15:52 60,273 --a------ c:\windows\system32\pthreadGC2.dll
    2008-11-30 15:01 . 2007-12-03 19:34 7,680 --a------ c:\windows\system32\ff_vfw.dll
    2008-11-30 15:01 . 2007-11-29 15:52 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
    2008-11-30 15:00 . 2008-11-30 18:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zoom Player
    2008-11-30 14:00 . 2008-11-30 14:00 244 --ah----- C:\sqmnoopt16.sqm
    2008-11-30 14:00 . 2008-11-30 14:00 232 --ah----- C:\sqmdata16.sqm
    2008-11-25 15:24 . 2008-12-24 15:36 <DIR> d-------- c:\program files\Common

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-12-24 20:35 --------- d-----w c:\program files\BitComet
    2008-12-02 18:31 --------- d-----w c:\program files\Google
    2008-11-26 20:37 --------- d-----w c:\documents and settings\computer\Application Data\LimeWire
    2008-11-19 19:16 --------- d-----w c:\documents and settings\computer\Application Data\LANCITE
    2008-11-17 20:04 2,306,113 ----a-w c:\windows\system32\GPhotos.scr
    2008-11-09 01:14 --------- d-----w c:\program files\Atheros
    2008-11-09 01:14 --------- d-----w c:\documents and settings\All Users\Application Data\Atheros
    2008-11-09 01:13 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-11-09 01:13 --------- d-----w c:\documents and settings\computer\Application Data\InstallShield
    2008-11-09 01:08 --------- d-----w c:\program files\Intel
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2006-11-10 417792]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-19 68856]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "BitComet"="c:\program files\BitComet\BitComet.exe" [2008-12-03 2514744]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-11-29 98304]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-11-29 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-11-29 118784]
    "ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2006-08-03 639040]
    "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-15 1261336]
    "SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 5367664]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-13 c:\windows\RTHDCPL.exe]
    "SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]
    RAMASST.lnk - c:\windows\system32\RAMASST.exe [2008-02-15 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    2006-08-03 06:20 188482 c:\windows\system32\LgNotify.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\computer\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\documents and settings\computer\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^computer^Start Menu^Programs^Startup^Outil de détection de support de Cyber-shot Viewer.lnk]
    path=c:\documents and settings\computer\Start Menu\Programs\Startup\Outil de détection de support de Cyber-shot Viewer.lnk
    backup=c:\windows\pss\Outil de détection de support de Cyber-shot Viewer.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
    --a------ 2008-12-03 05:11 2514744 c:\program files\BitComet\BitComet.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    --a--c--- 2006-10-27 03:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
    --a------ 2007-10-18 14:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
    --a------ 2008-01-04 23:56 5367664 c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2008-04-19 22:25 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    -ra--c--- 2006-11-07 01:50 3772416 c:\windows\RtHDVCpl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "gusvc"=3 (0x3)
    "ERSvc"=2 (0x2)
    "usnjsvc"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "UpdatesDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe"=
    "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9565:TCP"= 9565:TCP:BitComet 9565 TCP
    "9565:UDP"= 9565:UDP:BitComet 9565 UDP
    "9709:TCP"= 9709:TCP:BitComet 9709 TCP
    "9709:UDP"= 9709:UDP:BitComet 9709 UDP
    "23530:TCP"= 23530:TCP:BitComet 23530 TCP
    "23530:UDP"= 23530:UDP:BitComet 23530 UDP
    "8360:TCP"= 8360:TCP:BitComet 8360 TCP
    "8360:UDP"= 8360:UDP:BitComet 8360 UDP
    "21450:TCP"= 21450:TCP:BitComet 21450 TCP
    "21450:UDP"= 21450:UDP:BitComet 21450 UDP
    "24273:TCP"= 24273:TCP:BitComet 24273 TCP
    "24273:UDP"= 24273:UDP:BitComet 24273 UDP
    "20227:TCP"= 20227:TCP:BitComet 20227 TCP
    "20227:UDP"= 20227:UDP:BitComet 20227 UDP
    "8002:TCP"= 8002:TCP:BitComet 8002 TCP
    "8002:UDP"= 8002:UDP:BitComet 8002 UDP
    "15088:TCP"= 15088:TCP:BitComet 15088 TCP
    "15088:UDP"= 15088:UDP:BitComet 15088 UDP
    "27081:TCP"= 27081:TCP:BitComet 27081 TCP
    "27081:UDP"= 27081:UDP:BitComet 27081 UDP

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-15 97928]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-15 231704]
    R3 WSIMD;wsimd Service;c:\windows\system32\DRIVERS\wsimd.sys [2008-11-08 57408]
    .
    Contents of the 'Scheduled Tasks' folder

    2008-12-24 c:\windows\Tasks\EasyShare Registration RunOnce Task.job
    - c:\windows\system32\rundll32.exe [2004-08-03 19:56]

    2008-12-12 c:\windows\Tasks\EasyShare Registration Task.job
    - c:\windows\system32\rundll32.exe [2004-08-03 19:56]

    2008-12-24 c:\windows\Tasks\RegCure Program Check.job
    - c:\documents and settings\computer\Desktop\RegCure\RegCure.exe []

    2008-11-20 c:\windows\Tasks\RegCure.job
    - c:\documents and settings\computer\Desktop\RegCure\RegCure.exe []
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{bce00324-24b8-4f33-a573-466f7564713b} - c:\windows\system32\lilofati.dll
    HKLM-Run-nuwivayuse - c:\windows\system32\wonizaki.dll
    HKLM-Run-CPMbf365421 - c:\windows\system32\batujuko.dll
    MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://fr.canoe.ca/accueil.html
    uSearch Page = hxxp://www.google.com
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearch Bar = hxxp://www.google.com/ie
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-12-24 15:39:41
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(720)
    c:\windows\system32\WRLogonNTF.dll
    c:\windows\system32\LgNotify.dll

    - - - - - - - > 'explorer.exe'(940)
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\agrsmsvc.exe
    c:\windows\system32\DVDRAMSV.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\Synaptics\SynTP\SynToshiba.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Webroot\Spy Sweeper\ssu.exe
    .
    **************************************************************************
    .
    Completion time: 2008-12-24 15:42:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-12-24 20:42:10

    Pre-Run: 23 998 451 712 bytes free
    Post-Run: 23,925,256,192 bytes free

    241
    0
  3. sherred Messages postés 8605 Statut Membre 351
     
    télechargez Malwarebyte's ici http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    0