Sujet Précédent Sujet Suivant

Voici mon rapport...quelqu'un peut maider????

abcdefg25 Messages postés 13 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
Rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:23, on 2009-01-10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\afaria\Bin\XCDiffCache.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe
C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\afaria\Bin\XCGSTask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TODDSrv.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\AGI\Python25\pythonw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webi.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: run=C:\NODESYS\MAJ\EXEMAJ.EXE
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AGSearchHook Class - {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - C:\Program Files\AGI\common\agcutils.dll
O2 - BHO: (no name) - {3EE86D91-2F18-4027-9157-A16110AC59BE} - C:\WINDOWS\system32\ljJAsTND.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {E63EB443-A606-4D08-A784-7C23BFD30E98} - C:\WINDOWS\system32\byXQJApO.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\afaria\Bin\XCDiffCache.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [iagconsole] C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pro Antispyware 2009] "C:\Documents and Settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe" /autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Afaria Client Generic Scheduler.lnk = C:\Program Files\afaria\Bin\XCGSTask.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://www.avdlext.com/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://www.avdlext.com/dwa7W.cab
O20 - Winlogon Notify: ljJAsTND - ljJAsTND.dll (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\System32\TODDSrv.exe

11 réponses

Réponse 1 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt

Pro Antispyware 2009 est un espion il faut le virer!

pour cela:

lance rogue remover (et colle le rapport)

pour info :
http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover

pour telecharger :
https://www.01net.com/telecharger/

puis

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0
Réponse 2 / 11
abcdefg25 Messages postés 13 Statut Membre
 
Les liens données sur cette page de fonctionne pas????
0
Réponse 3 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
alors utilise ce combofix que j'ai renommé en killfix et colle le rapport:

http://sd-1.archive-host.com/membres/up/193094576412487685/Killfix.exe
0
Réponse 4 / 11
abcdefg25 Messages postés 13 Statut Membre
 
Merci voici le rapport:

ComboFix 08-12-20.01 - Francis 2009-01-11 9:00:50.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2038.1470 [GMT -5:00]
Lancé depuis: c:\documents and settings\Francis\Bureau\Killfix.exe

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
- Mode FONCTIONNALITES REDUITES -
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.

2009-01-11 08:26 . 2009-01-11 08:26 <REP> d-------- c:\program files\RogueRemover FREE
2009-01-10 21:03 . 2009-01-10 21:03 <REP> d-a------ c:\documents and settings\All Users\Application Data\Solt Lake Software
2009-01-08 20:10 . 2009-01-08 20:10 <REP> d-------- c:\documents and settings\Recouvrement\Application Data\HP
2009-01-08 20:09 . 2008-06-25 11:22 <REP> d--h----- c:\documents and settings\Recouvrement\Voisinage réseau
2009-01-08 20:09 . 2008-06-25 11:22 <REP> d--h----- c:\documents and settings\Recouvrement\Voisinage d'impression
2009-01-08 20:09 . 2008-06-25 16:28 <REP> d--h----- c:\documents and settings\Recouvrement\Modèles
2009-01-08 20:09 . 2009-01-08 20:10 <REP> dr------- c:\documents and settings\Recouvrement\Mes documents
2009-01-08 20:09 . 2008-06-25 11:22 <REP> dr------- c:\documents and settings\Recouvrement\Menu Démarrer
2009-01-08 20:09 . 2009-01-08 20:10 <REP> dr------- c:\documents and settings\Recouvrement\Favoris
2009-01-08 20:09 . 2008-06-25 11:22 <REP> d-------- c:\documents and settings\Recouvrement\Bureau
2009-01-08 20:09 . 2009-01-08 20:09 <REP> d-------- c:\documents and settings\Recouvrement
2008-12-29 18:31 . 2008-12-29 20:38 <REP> d-------- c:\program files\mIRC
2008-12-21 15:09 . 2008-12-21 15:09 <REP> d-------- C:\Concepts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 00:02 --------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 03:30 --------- d---a-w c:\documents and settings\Francis\Application Data\HP
2008-12-30 04:54 --------- d---a-w c:\documents and settings\Francis\Application Data\mIRC
2008-12-11 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-03 02:35 --------- d-----w c:\program files\Picasa2
2008-12-02 19:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 01:32 --------- d---a-w c:\documents and settings\Francis\Application Data\agi
2008-11-29 01:32 --------- d---a-w c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2008-11-29 01:32 --------- d-----w c:\program files\Kiwee Toolbar
2008-11-29 01:31 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-11-29 01:31 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-11-29 01:31 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2008-11-29 01:31 --------- d---a-w c:\documents and settings\All Users\Application Data\agi
2008-11-29 01:31 --------- d-----w c:\program files\AGI
2008-11-25 00:41 --------- d---a-w c:\documents and settings\Francis\Application Data\MarkoSim
2008-11-23 18:40 --------- d---a-w c:\documents and settings\All Users\Application Data\WEBREG
2008-11-23 18:39 --------- d---a-w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-11-23 18:39 --------- d---a-w c:\documents and settings\All Users\Application Data\HP
2008-11-23 18:39 --------- d-----w c:\program files\HP
2008-11-23 18:39 --------- d-----w c:\program files\Fichiers communs\HP
2008-11-23 18:28 --------- d---a-w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-11 18:20 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-06-28 19:38 433 ----a-w c:\program files\INSTALL.LOG
2007-08-31 16:41 69,632 ----a-w c:\program files\Fichiers communs\MPDPDODB.DLL
2006-12-12 15:13 32,768 ----a-w c:\documents and settings\All Users\Application Data\EBLib.dll
2006-07-28 20:25 19,456 ----a-w c:\documents and settings\All Users\Application Data\LPCFilter.sys
1999-06-25 14:55 149,504 ----a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 65536]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2007-03-02 946688]
"iagconsole"="c:\program files\Interface Suite\IAGConsole\iagschedcheck.exe" [2007-01-15 176128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Pro Antispyware 2009"="c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe" [2009-01-10 1093632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-06-01 142104]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-06-01 162584]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-06-01 138008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-13 311296]
"Afaria Client File Differencing"="c:\program files\afaria\Bin\XCDiffCache.exe" [2006-11-30 167936]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-16 c:\windows\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2007-03-02 946688]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Afaria Client Generic Scheduler.lnk - c:\program files\afaria\Bin\XCGSTask.exe [2008-06-26 552960]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\byXQJApO

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\afaria\\Bin\\XcListener.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-09 78416]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-07-09 20560]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
S2 AGWinService;AG Windows Service;"c:\program files\AGI\common\win32\PythonService.exe" [2008-11-28 10240]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{E63EB443-A606-4D08-A784-7C23BFD30E98} - c:\windows\system32\byXQJApO.dll
HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
HKCU-Run-SpywareStop - c:\program files\SpywareStop\SpywareStop.exe
Notify-ljJAsTND - ljJAsTND.dll

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.webi.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 09:01:12
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSjffo.sys"
.
Heure de fin: 2009-01-11 9:01:36
ComboFix-quarantined-files.txt 2009-01-11 14:01:34

Avant-CF: 171 435 446 272 octets libres
Après-CF: 171,467,739,136 octets libres

160 --- E O F --- 2009-01-11 12:48:15
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 


Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Driver ::
TDSSserv
File::
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pro Antispyware 2009"=-
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSjffo.sys"

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
0
Réponse 6 / 11
abcdefg25 Messages postés 13 Statut Membre
 
ComboFix 09-01-10.03 - Francis 2009-01-11 9:18:46.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2038.1609 [GMT -5:00]
Lancé depuis: c:\documents and settings\Francis\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Francis\Bureau\CFscript.txt

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Solt Lake Software
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\LOG\20090110210352640.log
c:\documents and settings\All Users\Application Data\Solt Lake Software\Pro Antispyware 2009\proas2009.exe
c:\program files\INSTALL.LOG
c:\windows\system32\dmtpmejh.ini
c:\windows\system32\drivers\TDSSjffo.sys
c:\windows\system32\dwjnygff.ini
c:\windows\system32\eybugipj.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\mfcans32.DLL
c:\windows\system32\msrdo20.dll
c:\windows\system32\mxcrhuod.ini
c:\windows\system32\omdlgxgb.ini
c:\windows\system32\OpAJQXyb.ini
c:\windows\system32\OpAJQXyb.ini2
c:\windows\system32\otgpeoxi.ini
c:\windows\system32\qnnpnsqt.ini
c:\windows\system32\rdocurs.dll
c:\windows\system32\sglthoxq.ini
c:\windows\system32\TDSSbioh.dll
c:\windows\system32\TDSScfrx.dll
c:\windows\system32\TDSSghfy.log
c:\windows\system32\TDSSnkxw.dll
c:\windows\system32\TDSSnmxh.log
c:\windows\system32\TDSSphba.log
c:\windows\system32\TDSSposr.dat
c:\windows\system32\TDSSrrqo.dll
c:\windows\system32\TDSSwkbh.dll
c:\windows\system32\TDSSxghc.dll

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv.sys
-------\Legacy_TDSSserv.sys

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.

2009-01-11 08:58 . 2009-01-11 09:01 <REP> d-------- C:\Killfix
2009-01-11 08:26 . 2009-01-11 08:26 <REP> d-------- c:\program files\RogueRemover FREE
2009-01-08 20:10 . 2009-01-08 20:10 <REP> d-------- c:\documents and settings\Recouvrement\Application Data\HP
2009-01-08 20:09 . 2008-06-25 11:22 <REP> d--h----- c:\documents and settings\Recouvrement\Voisinage réseau
2009-01-08 20:09 . 2008-06-25 11:22 <REP> d--h----- c:\documents and settings\Recouvrement\Voisinage d'impression
2009-01-08 20:09 . 2008-06-25 16:28 <REP> d--h----- c:\documents and settings\Recouvrement\Modèles
2009-01-08 20:09 . 2009-01-08 20:10 <REP> dr------- c:\documents and settings\Recouvrement\Mes documents
2009-01-08 20:09 . 2008-06-25 11:22 <REP> dr------- c:\documents and settings\Recouvrement\Menu Démarrer
2009-01-08 20:09 . 2009-01-08 20:10 <REP> dr------- c:\documents and settings\Recouvrement\Favoris
2009-01-08 20:09 . 2008-06-25 11:22 <REP> d-------- c:\documents and settings\Recouvrement\Bureau
2009-01-08 20:09 . 2009-01-08 20:09 <REP> d-------- c:\documents and settings\Recouvrement
2008-12-29 18:31 . 2008-12-29 20:38 <REP> d-------- c:\program files\mIRC
2008-12-21 15:09 . 2008-12-21 15:09 <REP> d-------- C:\Concepts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 00:02 --------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 03:30 --------- d---a-w c:\documents and settings\Francis\Application Data\HP
2008-12-30 04:54 --------- d---a-w c:\documents and settings\Francis\Application Data\mIRC
2008-12-11 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-03 02:35 --------- d-----w c:\program files\Picasa2
2008-12-02 19:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 01:32 --------- d---a-w c:\documents and settings\Francis\Application Data\agi
2008-11-29 01:32 --------- d---a-w c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2008-11-29 01:32 --------- d-----w c:\program files\Kiwee Toolbar
2008-11-29 01:31 --------- d---a-w c:\documents and settings\All Users\Application Data\agi
2008-11-29 01:31 --------- d-----w c:\program files\AGI
2008-11-25 00:41 --------- d---a-w c:\documents and settings\Francis\Application Data\MarkoSim
2008-11-23 18:40 --------- d---a-w c:\documents and settings\All Users\Application Data\WEBREG
2008-11-23 18:39 --------- d---a-w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-11-23 18:39 --------- d---a-w c:\documents and settings\All Users\Application Data\HP
2008-11-23 18:39 --------- d-----w c:\program files\HP
2008-11-23 18:39 --------- d-----w c:\program files\Fichiers communs\HP
2008-11-23 18:28 --------- d---a-w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-11 18:20 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2007-08-31 16:41 69,632 ----a-w c:\program files\Fichiers communs\MPDPDODB.DLL
2006-12-12 15:13 32,768 ----a-w c:\documents and settings\All Users\Application Data\EBLib.dll
2006-07-28 20:25 19,456 ----a-w c:\documents and settings\All Users\Application Data\LPCFilter.sys
1999-06-25 14:55 149,504 ----a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2009-01-11_ 9.01.18,03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-01-11 14:22:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_110.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 65536]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2007-03-02 946688]
"iagconsole"="c:\program files\Interface Suite\IAGConsole\iagschedcheck.exe" [2007-01-15 176128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [BU]
"SpywareStop"="c:\program files\SpywareStop\SpywareStop.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-06-01 142104]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-06-01 162584]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-06-01 138008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-13 311296]
"Afaria Client File Differencing"="c:\program files\afaria\Bin\XCDiffCache.exe" [2006-11-30 167936]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-16 c:\windows\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2007-03-02 946688]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Afaria Client Generic Scheduler.lnk - c:\program files\afaria\Bin\XCGSTask.exe [2008-06-26 552960]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAsTND]
[BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\afaria\\Bin\\XcListener.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-09 78416]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-07-09 20560]
R4 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-03-26 105856]
R4 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-02-19 134016]
S4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-11-28 10240]
S4 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{0BC6E3FA-78EF-4886-842C-5A1258C4455A} - (no file)
BHO-{3EE86D91-2F18-4027-9157-A16110AC59BE} - (no file)
BHO-{E63EB443-A606-4D08-A784-7C23BFD30E98} - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.webi.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 09:23:46
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\TODDSrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\TPSBattM.exe
c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-11 9:25:36 - La machine a redémarré [Francis]
ComboFix-quarantined-files.txt 2009-01-11 14:25:33
ComboFix2.txt 2009-01-11 14:01:37

Avant-CF: 171,469,361,152 octets libres
Après-CF: 171,375,157,248 octets libres

205 --- E O F --- 2009-01-11 12:48:15
0
Réponse 7 / 11
abcdefg25 Messages postés 13 Statut Membre
 
Voici le rapport Hijacksthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:28:31, on 2009-01-11
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\TODDSrv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxsrvc.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\afaria\Bin\XCDiffCache.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe
C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\afaria\Bin\XCGSTask.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.webi.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [Afaria Client File Differencing] C:\Program Files\afaria\Bin\XCDiffCache.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background
O4 - HKCU\..\Run: [iagconsole] C:\Program files\Interface Suite\IAGConsole\iagschedcheck.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpywareStop] C:\Program Files\SpywareStop\SpywareStop.exe -boot
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DiamondView] "C:\Program Files\Manulife Financial\Diamond View\Diamondview.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Afaria Client Generic Scheduler.lnk = C:\Program Files\afaria\Bin\XCGSTask.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://www.avdlext.com/iNotes6W.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://www.avdlext.com/dwa7W.cab
O20 - Winlogon Notify: ljJAsTND - C:\WINDOWS\
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AG Windows Service (AGWinService) - Unknown owner - C:\Program Files\AGI\common\win32\PythonService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\System32\TODDSrv.exe
0
Réponse 8 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok ton ordi doit aller beaucoup mieux!!!

fais gaffa à ce que tu mets ! tu as mis des protections qui sont des espions!!!!

_______________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

File::
c:\program files\SpywareStop\SpywareStop.exe
c:\program files\SpywareStop
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareStop"=-

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

_____________________

scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 9 / 11
abcdefg25 Messages postés 13 Statut Membre
 
Rapport combo fix,
ComboFix 09-01-10.03 - Francis 2009-01-11 13:37:53.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2038.1522 [GMT -5:00]
Lancé depuis: c:\documents and settings\Francis\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Francis\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
c:\program files\SpywareStop
c:\program files\SpywareStop\SpywareStop.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-12-11 au 2009-01-11 ))))))))))))))))))))))))))))))))))))
.

2009-01-11 08:58 . 2009-01-11 09:01 <REP> d-------- C:\Killfix
2009-01-11 08:26 . 2009-01-11 08:26 <REP> d-------- c:\program files\RogueRemover FREE
2009-01-08 20:10 . 2009-01-08 20:10 <REP> d-------- c:\documents and settings\Recouvrement\Application Data\HP
2009-01-08 20:09 . 2008-06-25 11:22 <REP> d--h----- c:\documents and settings\Recouvrement\Voisinage réseau
2009-01-08 20:09 . 2008-06-25 11:22 <REP> d--h----- c:\documents and settings\Recouvrement\Voisinage d'impression
2009-01-08 20:09 . 2008-06-25 16:28 <REP> d--h----- c:\documents and settings\Recouvrement\Modèles
2009-01-08 20:09 . 2009-01-08 20:10 <REP> dr------- c:\documents and settings\Recouvrement\Mes documents
2009-01-08 20:09 . 2008-06-25 11:22 <REP> dr------- c:\documents and settings\Recouvrement\Menu Démarrer
2009-01-08 20:09 . 2009-01-08 20:10 <REP> dr------- c:\documents and settings\Recouvrement\Favoris
2009-01-08 20:09 . 2008-06-25 11:22 <REP> d-------- c:\documents and settings\Recouvrement\Bureau
2009-01-08 20:09 . 2009-01-08 20:09 <REP> d-------- c:\documents and settings\Recouvrement
2008-12-29 18:31 . 2008-12-29 20:38 <REP> d-------- c:\program files\mIRC
2008-12-21 15:09 . 2008-12-21 15:09 <REP> d-------- C:\Concepts

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 00:02 --------- d---a-w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-02 03:30 --------- d---a-w c:\documents and settings\Francis\Application Data\HP
2008-12-30 04:54 --------- d---a-w c:\documents and settings\Francis\Application Data\mIRC
2008-12-11 03:06 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-03 02:35 --------- d-----w c:\program files\Picasa2
2008-12-02 19:47 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-29 01:32 --------- d---a-w c:\documents and settings\Francis\Application Data\agi
2008-11-29 01:32 --------- d---a-w c:\documents and settings\All Users\Application Data\Kiwee Toolbar
2008-11-29 01:32 --------- d-----w c:\program files\Kiwee Toolbar
2008-11-29 01:31 339,968 ----a-w c:\windows\system32\pythoncom25.dll
2008-11-29 01:31 2,117,632 ----a-w c:\windows\system32\python25.dll
2008-11-29 01:31 114,688 ----a-w c:\windows\system32\pywintypes25.dll
2008-11-29 01:31 --------- d---a-w c:\documents and settings\All Users\Application Data\agi
2008-11-29 01:31 --------- d-----w c:\program files\AGI
2008-11-25 00:41 --------- d---a-w c:\documents and settings\Francis\Application Data\MarkoSim
2008-11-23 18:40 --------- d---a-w c:\documents and settings\All Users\Application Data\WEBREG
2008-11-23 18:39 --------- d---a-w c:\documents and settings\All Users\Application Data\HPSSUPPLY
2008-11-23 18:39 --------- d---a-w c:\documents and settings\All Users\Application Data\HP
2008-11-23 18:39 --------- d-----w c:\program files\HP
2008-11-23 18:39 --------- d-----w c:\program files\Fichiers communs\HP
2008-11-23 18:28 --------- d---a-w c:\documents and settings\All Users\Application Data\Hewlett-Packard
2008-11-11 18:20 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2007-08-31 16:41 69,632 ----a-w c:\program files\Fichiers communs\MPDPDODB.DLL
2006-12-12 15:13 32,768 ----a-w c:\documents and settings\All Users\Application Data\EBLib.dll
2006-07-28 20:25 19,456 ----a-w c:\documents and settings\All Users\Application Data\LPCFilter.sys
1999-06-25 14:55 149,504 ----a-w c:\program files\UNWISE.EXE
.

((((((((((((((((((((((((((((( snapshot@2009-01-11_ 9.01.18,03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
+ 2009-01-11 14:22:27 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_110.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-29 65536]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2007-03-02 946688]
"iagconsole"="c:\program files\Interface Suite\IAGConsole\iagschedcheck.exe" [2007-01-15 176128]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2007-06-01 142104]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2007-06-01 162584]
"Persistence"="c:\windows\System32\igfxpers.exe" [2007-06-01 138008]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 178712]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-13 311296]
"Afaria Client File Differencing"="c:\program files\afaria\Bin\XCDiffCache.exe" [2006-11-30 167936]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-02-13 405504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-15 79224]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-10 c:\windows\RTHDCPL.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-16 c:\windows\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]
"TPSMain"="TPSMain.exe" [2005-05-31 c:\windows\system32\TPSMain.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]
"DiamondView"="c:\program files\Manulife Financial\Diamond View\Diamondview.exe" [2007-03-02 946688]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Afaria Client Generic Scheduler.lnk - c:\program files\afaria\Bin\XCGSTask.exe [2008-06-26 552960]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljJAsTND]
[BU]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\afaria\\Bin\\XcListener.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-07-09 78416]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-07-09 20560]
R4 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-03-26 105856]
R4 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-02-19 134016]
S4 AGWinService;AG Windows Service;c:\program files\AGI\common\win32\pythonservice.exe [2008-11-28 10240]
S4 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.webi.ca/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 13:39:10
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-01-11 13:40:03
ComboFix-quarantined-files.txt 2009-01-11 18:40:01
ComboFix2.txt 2009-01-11 14:25:37
ComboFix3.txt 2009-01-11 14:01:37

Avant-CF: 171 368 067 072 octets libres
Après-CF: 171,376,934,912 octets libres

160 --- E O F --- 2009-01-11 12:48:15
0
Réponse 10 / 11
abcdefg25 Messages postés 13 Statut Membre
 
Voici aussi l'autre rapport demandé;...

Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1643
Windows 5.1.2600 Service Pack 3

2009-01-11 13:48:37
mbam-log-2009-01-11 (13-48-29).txt

Type de recherche: Examen rapide
Eléments examinés: 62097
Temps écoulé: 3 minute(s), 49 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
0
Réponse 11 / 11
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
il faut virer ce qui a été trouvé par malwarebyte!

puis remets un rapport hijakchits ou RSIt et dis nous comment se comporte ton pc
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
Problém affichage du tableau croisé dynamique
BK -
Raymond PENTIER -

2 réponses
Theme de rapport de stage option comptabilité
sana saydou -
Raymond PENTIER -

2 réponses