Sujet Précédent Sujet Suivant

Infecté par un trojan gen

budoudou -  
 budoudou -
Bonjour, je suis infecté par un trojan gen !! avast ne veut pas me le supprimer !! j'ai essayer ad adware 2008 et spy bot ils me trouve le virus mais impossible de le supprimer !!! Quelqu'un pourrait til m'aider ??? merci
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
slt,

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 22
dessagne Messages postés 14 Statut Membre 1
 
Bonjour,

pareil pour moi ce matin; 23 virus, alors que hier rien; jai mis en route
AVIRA ANTIVIR PERSONNAL; il me les a tous mis en quarantaine, et après je les ai supprimé.

Bon couge à toi.

Moi je cherche cet A.M un logiciel pour bloquer les fenêtres intempestives, car depuis hier, c'est de la folie.

a +

Line
0
Réponse 3 / 22
budoudou
 
Re merci pour ta reponse super rapide JLPJLP !!! Dessagne moi aussi c'est la m**** avec les fenêtre intempestive mais moi ca fait déjà 1 mois et je me suis dit qu'il est temps de faire quelque chose lol !!!

Voici le résultat de l'analyse LOG :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Buty at 2009-01-13 14:03:28
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 85 GB (73%) free of 116 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:03:33, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\documents and settings\buty\local settings\application data\casok.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Documents and Settings\Buty\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Documents and Settings\Buty\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Buty\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Buty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {0A33C2C4-A6BD-4AF3-8EAB-137A90BE142C} - C:\WINDOWS\system32\urqPhiFx.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: {10b0ef99-1946-d0f8-b6a4-c6d45aa98b18} - {81b89aa5-4d6c-4a6b-8f0d-649199fe0b01} - C:\WINDOWS\system32\egriaj.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PromoReg] C:\DOCUME~1\Buty\LOCALS~1\Temp\TMP62.tmp
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8185] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7175] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5344] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6966] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8577] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3618] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3703] command /c del "C:\WINDOWS\system32\bdvuvgra.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4934] cmd /c del "C:\WINDOWS\system32\bdvuvgra.dll_old"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5768] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5832] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3913] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2608] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6621] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4677] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2895] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4549] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5915] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9028] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7465] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3359] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2185] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5244] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA985] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3617] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6685] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4546] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3451] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2210] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5882] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8482] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7747] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC675] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7715] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3671] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3210] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC890] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6755] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9539] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2427] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9424] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKLM\..\RunOnce: [SpybotDeletingA9010] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2506] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA500] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4930] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA521] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7254] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7521] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC3004] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA634] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6957] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKLM\..\RunOnce: [SpybotDeletingA5030] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2871] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [casok] "c:\documents and settings\buty\local settings\application data\casok.exe" casok
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB2007] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4172] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8125] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7060] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5283] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9059] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2605] command /c del "C:\WINDOWS\system32\bdvuvgra.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7945] cmd /c del "C:\WINDOWS\system32\bdvuvgra.dll_old"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3019] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD980] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8308] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6581] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1764] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4494] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8551] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5201] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4728] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9146] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3176] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4342] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB426] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3823] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1980] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2816] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6118] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3888] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7628] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1424] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB755] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9738] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9633] command /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD17] cmd /c del "C:\Program Files\Everest Poker\casino.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8916] command /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2114] cmd /c del "C:\Program Files\Everest Poker\gvcrt.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2155] command /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9432] cmd /c del "C:\Program Files\Everest Poker\gvmain.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5281] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2825] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\btn_scroll.gvt"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4768] command /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1043] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\bitmaps\chips.art"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6557] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1042] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\button.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6329] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3157] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\carddeal.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7839] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9986] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\cardflip.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6272] command /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8736] cmd /c del "C:\Program Files\Everest Poker\data\shared\shared\sounds\chipclick.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5184] command /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingD3673] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\icons\ep.ico"
O4 - HKCU\..\RunOnce: [SpybotDeletingB1266] command /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKCU\..\RunOnce: [SpybotDeletingD8396] cmd /c del "C:\Program Files\Everest Poker\data\startup\shared\sounds\alert.ogg"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Buty\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - AppInit_DLLs: egriaj.dll
O20 - Winlogon Notify: geBSlMCV - geBSlMCV.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
0
Réponse 4 / 22
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire ce qui est en quarantaine dans spybot (sauvegarde) puis desinstalle spybot de ton ordinateur

ensuite

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
budoudou
 
Voila le raport combofix merci :

ComboFix 09-01-11.04 - Buty 2009-01-13 15:14:33.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1513 [GMT 1:00]
Lancé depuis: c:\documents and settings\Buty\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090113-0] *On-access scanning disabled* (Outdated)
AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
FW: Pare-feu BitDefender *disabled*
FW: Sygate Personal Firewall *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Buty\Local Settings\Application Data\casok.dat
c:\documents and settings\Buty\Local Settings\Application Data\casok.exe
c:\documents and settings\Buty\Local Settings\Application Data\casok_nav.dat
c:\documents and settings\Buty\Local Settings\Application Data\casok_navps.dat
c:\windows\system32\bcolec.dll
c:\windows\system32\egriaj.dll
c:\windows\system32\hjgutjhu.dll
c:\windows\system32\oxvaomvf.dll
c:\windows\system32\raclujfi.dll
c:\windows\system32\uesfcpiv.dll

----- BITS: Il y a peut-être des sites infectés -----

hxxp://childhe.com
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-12-13 au 2009-01-13 ))))))))))))))))))))))))))))))))))))
.

2009-01-13 14:03 . 2009-01-13 14:03 <REP> d-------- C:\rsit
2009-01-13 13:54 . 2009-01-13 13:54 <REP> d-------- c:\program files\Trend Micro
2009-01-13 13:08 . 2009-01-13 14:01 2,096 --a------ c:\windows\wininit.ini
2009-01-13 10:53 . 2009-01-13 15:01 <REP> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-13 10:50 . 2009-01-13 10:50 <REP> d-------- c:\program files\Lavasoft
2009-01-13 10:50 . 2009-01-13 10:50 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-13 10:21 . 2009-01-13 10:24 <REP> d-------- c:\program files\Personal Media Manager
2009-01-06 22:51 . 2009-01-06 22:51 <REP> d-------- C:\MicroGaming
2009-01-06 22:51 . 2009-01-06 22:51 <REP> d-------- c:\documents and settings\All Users\Application Data\Microgaming
2009-01-06 22:51 . 2009-01-06 22:58 <REP> d-------- c:\documents and settings\All Users\Application Data\MGS
2009-01-06 08:41 . 2009-01-07 21:26 <REP> d-------- c:\documents and settings\Buty\Application Data\dvdcss
2009-01-05 19:19 . 2009-01-07 19:49 <REP> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-01-05 19:18 . 2009-01-05 19:18 <REP> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-01-05 18:40 . 2009-01-05 18:40 0 --a------ C:\rasj.exe
2009-01-05 18:39 . 2009-01-05 18:39 2 --a------ C:\946934425
2009-01-05 18:39 . 2009-01-05 18:39 0 --a------ C:\xuntnh.exe
2009-01-05 18:39 . 2009-01-05 18:39 0 --a------ C:\liek.exe
2009-01-05 18:39 . 2009-01-05 18:39 0 --a------ C:\ajfcj.exe
2009-01-05 18:36 . 2009-01-05 18:36 <REP> d-------- c:\program files\ESTsoft
2009-01-05 18:36 . 2009-01-05 18:36 <REP> d-------- c:\documents and settings\Buty\Application Data\ESTsoft
2009-01-05 18:36 . 2009-01-05 18:36 <REP> d-------- c:\documents and settings\All Users\Application Data\ESTsoft
2009-01-04 19:07 . 2009-01-04 19:07 <REP> d-------- c:\program files\Alwil Software
2009-01-03 11:23 . 2009-01-03 11:23 <REP> d-------- c:\windows\Sun
2009-01-02 17:15 . 2009-01-02 17:15 230,424 --a------ C:\img2-001.raw
2009-01-02 16:17 . 2009-01-02 16:17 <REP> d-------- c:\program files\Fichiers communs\snpstd3
2009-01-02 16:17 . 2007-03-27 18:19 10,252,544 --a------ c:\windows\system32\drivers\snpstd3.sys
2009-01-02 16:17 . 2006-09-19 09:07 827,392 --a------ c:\windows\vsnpstd3.exe
2009-01-02 16:17 . 2006-01-10 17:02 147,456 --a------ c:\windows\system32\rsnpstd3.dll
2009-01-02 16:17 . 2005-12-20 14:39 94,208 --a------ c:\windows\tsnpstd3.exe
2009-01-02 16:17 . 2005-12-23 17:17 53,248 --a------ c:\windows\vsnpstd3.dll
2009-01-02 16:17 . 2005-11-23 12:55 53,248 --a------ c:\windows\system32\csnpstd3.dll
2009-01-02 16:17 . 2004-12-08 18:40 20,480 --a------ c:\windows\usnpstd3.exe
2009-01-02 16:17 . 2006-04-12 09:08 20,480 --a------ c:\windows\CameraFixer.exe
2009-01-02 16:17 . 2004-02-27 16:36 15,498 --a------ c:\windows\snpstd3.ini
2009-01-02 16:17 . 2004-02-27 16:36 13,023 --a------ c:\windows\snpstd3.src
2008-12-28 18:49 . 2008-12-28 18:49 <REP> d-------- c:\program files\Free CD-DA Extractor
2008-12-26 20:21 . 2009-01-13 13:08 <REP> d-------- c:\program files\Enigma Software Group
2008-12-24 18:31 . 2008-12-24 18:31 <REP> d-------- c:\program files\PacificPoker
2008-12-24 18:31 . 2008-12-25 16:29 <REP> d-------- c:\documents and settings\Buty\Application Data\PacificPoker
2008-12-24 17:58 . 2008-12-24 18:02 <REP> d-------- C:\Downloads
2008-12-23 22:10 . 2009-01-13 15:18 <REP> d-------- c:\documents and settings\Buty\Tracing
2008-12-23 22:08 . 2008-12-23 22:08 <REP> d-------- c:\program files\Microsoft Silverlight
2008-12-23 22:08 . 2008-12-08 17:01 55,136 --a------ c:\windows\system32\drivers\fssfltr_tdi.sys
2008-12-23 22:07 . 2008-12-23 22:07 <REP> d-------- c:\program files\Microsoft Sync Framework
2008-12-23 22:04 . 2008-12-23 22:04 <REP> d-------- c:\program files\Microsoft
2008-12-23 22:03 . 2008-12-23 22:03 <REP> d-------- c:\program files\Windows Live SkyDrive
2008-12-17 18:02 . 2008-12-17 18:02 <REP> d-------- c:\program files\Fichiers communs\Windows Live
2008-12-14 19:06 . 2008-12-14 19:06 <REP> d-------- c:\windows\system32\LogFiles

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-13 12:08 --------- d-----w c:\program files\Everest Poker
2009-01-13 09:49 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-12 14:26 --------- d-----w c:\documents and settings\Buty\Application Data\LimeWire
2009-01-11 20:48 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-07 13:27 --------- d-----w c:\program files\eMule
2009-01-05 20:36 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
2009-01-05 18:29 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-05 17:37 --------- d-----w c:\program files\LimeWire
2009-01-04 18:11 --------- d-----w c:\program files\Fichiers communs\BitDefender
2009-01-04 18:11 --------- d-----w c:\program files\BitDefender
2009-01-02 15:17 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-24 17:16 --------- d-----w c:\program files\GemMasterFrench
2008-12-24 17:05 --------- d-----w c:\program files\EA SPORTS
2008-12-23 21:08 --------- d-----w c:\program files\Windows Live
2008-12-23 21:07 --------- d-----w c:\program files\Windows Live Toolbar
2008-12-04 23:11 308,584 ----a-w c:\windows\WLXPGSS.SCR
2008-11-28 22:33 --------- d-----w c:\program files\Fichiers communs\Adobe AIR
2008-11-28 22:31 --------- d-----w c:\program files\Fichiers communs\Adobe
2008-11-26 21:36 --------- d-----w c:\documents and settings\Buty\Application Data\vlc
2008-11-26 21:30 --------- d-----w c:\program files\VideoLAN
2008-11-19 20:17 --------- d-----w c:\documents and settings\Buty\Application Data\OpenOffice.org
2008-11-19 20:15 --------- d-----w c:\program files\OpenOffice.org 3
2008-11-19 20:15 --------- d-----w c:\program files\JRE
2008-11-19 20:14 --------- d-----w c:\program files\Java
2008-11-10 12:15 65,302 ----a-w c:\windows\BricoPackUninst.cmd
2008-11-10 12:15 6,112 ----a-w c:\windows\BricoPackFoldersDelete.cmd
.

------- Sigcheck -------

2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\explorer.exe
2004-08-10 21:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtServicePackUninstall$\explorer.exe
2008-04-14 03:34 979968 3efe912dd25d2586e6a0341db0a66f69 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"CameraFixer"="c:\windows\CameraFixer.exe" [2006-04-12 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-04-27 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Buty\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]
Outil de notification Live Search.lnk - c:\documents and settings\Buty\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2008-12-23 143360]
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-06-01 65536]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]
Y'z Shadow.lnk - c:\windows\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe [2006-05-21 155648]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-11-08 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=egriaj.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-04 111184]
R3 Hauppauge WinTV-HVR-1110;Hauppauge WinTV-HVR-1110 PCI Card;c:\windows\system32\drivers\HVR1110.sys [2006-05-25 882048]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-04 20560]
R4 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2008-12-23 55136]
R4 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2008-12-04 226640]
S3 fsssvc;Windows Live Contrôle parental;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{0A33C2C4-A6BD-4AF3-8EAB-137A90BE142C} - c:\windows\system32\urqPhiFx.dll
BHO-{81b89aa5-4d6c-4a6b-8f0d-649199fe0b01} - c:\windows\system32\egriaj.dll
HKCU-Run-casok - c:\documents and settings\buty\local settings\application data\casok.exe
Notify-geBSlMCV - geBSlMCV.dll

.
------- Examen supplémentaire -------
.
uStart Page = fr.msn.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites

c:\windows\Downloaded Program Files\iefax.dll - O16 -: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65}
hxxps://plugins.valueactive.eu/flashax/iefax.cab
c:\windows\Downloaded Program Files\iefax.inf
FF - ProfilePath - c:\documents and settings\Buty\Application Data\Mozilla\Firefox\Profiles\t9lsr4j9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?mkt=fr-FR&FORM=MIMWA5&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 15:17:42
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\_av_proI.tm~a00324\setup.lok 0 bytes

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\scecli.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Sygate\SPF\Smc.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\rundll32.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\documents and settings\Buty\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\ehome\mcrdsvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Heure de fin: 2009-01-13 15:20:21 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-13 14:20:18

Avant-CF: 91 060 105 216 octets libres
Après-CF: 91,264,151,552 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

255 --- E O F --- 2008-12-19 02:00:41
0
Réponse 6 / 22
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau
(choisir l'option nettoyage)
--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides

______________________

remets un rapport hijkahcits ou RSIT
0
Réponse 7 / 22
budoudou
 
Voici le raport usb fix :

-------------- UsbFix V2.414 ---------------

* User : Buty - BUDOUDOU
* Outils mis a jours le 09/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 15:38:15 le 13/01/2009
* Windows Xp - Internet Explorer 7.0.5730.13

--------------- [ Processus actifs ] ----------------

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\setup\avast.setup

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

D: - Lecteur fixe

J: - Lecteur amovible

--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe

+- Listing des fichiers présents :

[08/09/2006 12:30][--a------] C:\AUTOEXEC.BAT
[10/08/2004 21:00][-rahs----] C:\NTDETECT.COM
[05/01/2009 18:39][--a------] C:\ajfcj.exe
[05/01/2009 18:39][--a------] C:\liek.exe
[05/01/2009 18:39][--a------] C:\rasj.exe
[05/01/2009 18:39][--a------] C:\xuntnh.exe
[13/01/2009 15:13][-rahs----] C:\boot.ini
[13/01/2009 15:20][--a------] C:\ComboFix.txt
[13/01/2009 15:20][--a------] C:\log_lobby.txt
[13/01/2009 15:20][--a------] C:\log_lobby_dumper.txt
[13/01/2009 15:20][--a------] C:\UsbFix.txt
[08/09/2006 11:56][--a------] C:\CONFIG.SYS
[08/09/2006 11:56][--a------] C:\hiberfil.sys
[08/09/2006 11:56][--a------] C:\IO.SYS
[08/09/2006 11:56][--a------] C:\MSDOS.SYS
[08/09/2006 11:56][--a------] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur fixe

+- Listing des fichiers présents :

--------------- [ Lecteur J ] ----------------

J: - Lecteur amovible

+- Listing des fichiers présents :

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="fr.msn.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
MsnMsgr="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
ehTray=C:\WINDOWS\ehome\ehtray.exe
LaunchApp=Alaunch
RTHDCPL=RTHDCPL.EXE
SkyTel=SkyTel.EXE
ntiMUI=c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
IMEKRMIG6.1=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
NvCplDaemon=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz=nwiz.exe /install
NvMediaCenter=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
Acer Empowering Technology Monitor=C:\WINDOWS\system32\SysMonitor.exe
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
WarReg_PopUp=C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
SmcService=C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
Adobe Reader Speed Launcher="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
CameraFixer=C:\WINDOWS\CameraFixer.exe
tsnpstd3=C:\WINDOWS\tsnpstd3.exe
snpstd3=C:\WINDOWS\vsnpstd3.exe
avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
NoChange=1
Installed=1
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
Installed=1
<NO NAME>=

--------------- [ Registre / Mountpoint2 ] ----------------

-> Recherche négative.

--------------- [ Nettoyage des disques ] ----------------

Et voici le raport rsit :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Buty at 2009-01-13 15:45:14
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 87 GB (75%) free of 116 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:45:18, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Documents and Settings\Buty\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Buty\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Buty\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Buty.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Buty\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O20 - AppInit_DLLs: egriaj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
0
Réponse 8 / 22
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
analyse ces 6 fichiers sur virus total et dis si infectés : https://www.virustotal.com/gui/

C:\rasj.exe
C:\946934425
C:\xuntnh.exe
C:\liek.exe
C:\ajfcj.exe
C:\img2-001.raw

je me mets ceci de coté:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="egriaj.dll"
0
Réponse 9 / 22
budoudou
 
Merci pour tout !! mais le comprend rien a ce site comment je vois si il sont infecté ?? merci
0
Réponse 10 / 22
budoudou
 
De plus pour certain fichier il me met ca : 0 bytes size received / Se ha recibido un archivo vacio
0
Réponse 11 / 22
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
(attention bien mettre :files)

:files
C:\rasj.exe
C:\946934425
C:\xuntnh.exe
C:\liek.exe
C:\ajfcj.exe
C:\img2-001.raw
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=-
:commands
[purity]
[emptytemp]
[start explorer]

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 12 / 22
budoudou
 
Je fait l'analyse en ligne et je poste le resultat mais en attendant Voici le raport otmovelt :

========== FILES ==========
C:\rasj.exe moved successfully.
C:\946934425 moved successfully.
C:\xuntnh.exe moved successfully.
C:\liek.exe moved successfully.
C:\ajfcj.exe moved successfully.
C:\img2-001.raw moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLS deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Buty\LOCALS~1\Temp\MessengerCache\OmoeXWax5OXIoC7zruBh9XeVt80= scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Buty\LOCALS~1\Temp\etilqs_TwzXMMzIh9HVbU6gSnyS scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Buty\LOCALS~1\Temp\~DFB45A.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6a4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Buty\Local Settings\Application Data\Mozilla\Firefox\Profiles\t9lsr4j9.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Buty\Local Settings\Application Data\Mozilla\Firefox\Profiles\t9lsr4j9.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Buty\Local Settings\Application Data\Mozilla\Firefox\Profiles\t9lsr4j9.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Buty\Local Settings\Application Data\Mozilla\Firefox\Profiles\t9lsr4j9.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Buty\Local Settings\Application Data\Mozilla\Firefox\Profiles\t9lsr4j9.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Buty\Local Settings\Application Data\Mozilla\Firefox\Profiles\t9lsr4j9.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_180734
0
Réponse 13 / 22
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
ok

colle le rapport d'un scan en ligne
avec un des suivants:

bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
0
Réponse 14 / 22
budoudou
 
Voici le raport de panda :

;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-01-13 19:05:44
PROTECTIONS: 2
MALWARE: 30
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
BitDefender Antivirus 12.0 No No
avast! antivirus 4.8.1296 [VPS 090113-0] 4.8.1296 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@doubleclick[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@atdmt[2].txt
00147814 Cookie/AspinallsOnlineCasino TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@pacificpoker[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@xiti[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@bs.serving-sys[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@advertising[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@bluestreak[1].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@bluestreak[2].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\Buty\Cookies\buty@adultfriendfinder[1].txt
00366244 Application/NirCmd.A HackTools No 0 Yes No C:\Program Files\UsbFix\Tools\nircmd.exe
00471742 Trj/Downloader.VCI Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE][ADPARA~1.EXE][ADPARA~1.EXE][LC_WR_~1.EXE][LC_WR_~1.EXE][WR-1-2~1.EXE][WR-1-2~1.EXE][WR-1-2~1.EXE]
00490761 Adware/RealAntivirus Adware No 0 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE][ADPARA~1.EXE][ADPARA~1.EXE][LC_WR_~1.EXE][LC_WR_~1.EXE][setup.exe]
00532691 Adware/Wmvmedialease Adware No 0 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0012736.dll
00534898 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP139\A0015208.dll
00534898 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP136\A0014963.dll
00535008 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP137\A0015032.dll
00535009 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP139\A0015177.dll
00535009 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP139\A0015212.dll
00535115 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP139\A0015176.dll
00535115 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP139\A0015175.dll
00535115 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP135\A0014925.dll
00535115 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP135\A0014923.dll
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP140\A0015364.EXE
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP140\A0015335.sys
04428924 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE][ADPARA~1.EXE][ADPARA~1.EXE][LC_WR_~1.EXE][LC_WR_~1.EXE][WR-1-2~1.EXE]
04430587 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 (Multilanguage).zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE][setup5.exe]
04430587 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 Crack.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE][setup5.exe]
04430587 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 No serial(crack).zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE][setup5.exe]
04433957 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE]
04434788 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 (Multilanguage).zip[Setup.exe][Setup.exe][FARMAN~1.EXE]
04434788 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 Crack.zip[Setup.exe][Setup.exe][FARMAN~1.EXE]
04434788 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 No serial(crack).zip[Setup.exe][Setup.exe][FARMAN~1.EXE]
04435045 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Program Files\eMule\Incoming\clé nero 9 (Multilanguage).zip[Setup.exe]
04463044 Generic Trojan Virus/Trojan No 0 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE][ADPARA~1.EXE][ADPARA~1.EXE][LC_WR_~1.EXE][LC_WR_~1.EXE][WR-1-2~1.EXE][WR-1-2~1.EXE][is172363.exe]
04550481 Adware/ProAntispyware2009 Adware No 0 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0013760.dll
04550481 Adware/ProAntispyware2009 Adware No 0 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0012922.dll
04550481 Adware/ProAntispyware2009 Adware No 0 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0013748.dll
04556640 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0013784.dll
04556640 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0012737.dll
04556640 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0013747.dll
04556640 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0013788.dll
04577734 Trj/Monder.AO Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP137\A0015031.dll
04577827 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP136\A0014961.dll
04577827 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP139\A0015209.dll
04590777 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0013746.dll
04590777 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0013787.dll
04590777 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0012735.dll
04590777 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0013782.dll
04590777 Spyware/Virtumonde Spyware No 1 Yes No C:\System Volume Information\_restore{54887473-E0E8-4E40-8CB4-34743021C726}\RP130\A0013750.dll
;===================================================================================================================================================================================
SUSPECTS
Sent Location 2
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 2
;===================================================================================================================================================================================
;===================================================================================================================================================================================
0
Réponse 15 / 22
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
vire ces cracks dans emule infectés:

00471742 Trj/Downloader.VCI Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE]­[ADPARA~1.EXE][ADPARA~1.EXE][LC_WR_~1.EXE][LC_WR_~1.EXE][WR-­1-2~1.EXE][WR-1-2~1.EXE][WR-1-2~1.EXE]
00490761 Adware/RealAntivirus Adware No 0 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE]­[ADPARA~1.EXE][ADPARA~1.EXE][LC_WR_~1.EXE][LC_WR_~1.EXE][set­up.exe]
04428924 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE]­[ADPARA~1.EXE][ADPARA~1.EXE][LC_WR_~1.EXE][LC_WR_~1.EXE][WR-­1-2~1.EXE]
04430587 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 (Multilanguage).zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARM­AN~1.EXE][setup5.exe]
04430587 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 Crack.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE][­setup5.exe]
04430587 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 No serial(crack).zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN­~1.EXE][setup5.exe]
04433957 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE]
04434788 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 (Multilanguage).zip[Setup.exe][Setup.exe][FARMAN~1.EXE]
04434788 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 Crack.zip[Setup.exe][Setup.exe][FARMAN~1.EXE]
04434788 Trj/Downloader.MDW Virus/Trojan No 1 No No C:\Program Files\eMule\Incoming\clé nero 9 No serial(crack).zip[Setup.exe][Setup.exe][FARMAN~1.EXE]
04435045 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\Program Files\eMule\Incoming\clé nero 9 (Multilanguage).zip[Setup.exe]
04463044 Generic Trojan Virus/Trojan No 0 No No C:\Program Files\eMule\Incoming\clé activation nero 9 Keygen.zip[Setup.exe][Setup.exe][FARMAN~1.EXE][FARMAN~1.EXE]­[ADPARA~1.EXE][ADPARA~1.EXE][LC_WR_~1.EXE][LC_WR_~1.EXE][WR-­1-2~1.EXE][WR-1-2~1.EXE][is172363.exe]

______________________

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/

__________________________

désactive ta restauration puis redémarre ton ordi puis réactive la pour virer les infections qui seraient dedans
https://www.informatruc.com

___________________________

Télécharges AD-Remover ( de Cyrildu17 / C_XX ) sur ton bureau :
http://sd-1.archive-host.com/membres/up/16506160323759868/AD-R.exe

/!\ Déconnectes toi et fermes toutes applications en cours

● Double clique sur le programme d'installation , et installe le dans son emplacement par défaut. ( C:\Program files )
● Double clique sur l'icône Ad-removersituée sur ton bureau
● Au menu principal choisi l'option "A"
● Postes le rapport qui apparait à la fin .

( le rapport est sauvegardé aussi sous C:\Ad-report(date).log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
0
Réponse 16 / 22
budoudou
 
Voici le raport :

*

------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------

# START AT: 20:06:29 | Mar 13/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Scan | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: BUDOUDOU | USER: Buty ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 59

+--------------------| Boonty/Boonty Games Elements found :

.
.

+--------------------| Eorezo Elements found :

.
.

+--------------------| Everest Casino/Everest Poker Elements found :

.
.
C:\log_lobby_dumper.txt
C:\log_lobby.txt
C:\Program Files\Everest Poker
C:\Program Files\Everest Poker\data
C:\Program Files\Everest Poker\history
C:\Program Files\Everest Poker\data\fonts
C:\Program Files\Everest Poker\data\mp-lobby
C:\Program Files\Everest Poker\data\mp-poker
C:\Program Files\Everest Poker\data\shared
C:\Program Files\Everest Poker\data\startup
C:\Program Files\Everest Poker\data\fonts\kgp-en.ttf
C:\Program Files\Everest Poker\data\mp-lobby\fr.gvt
C:\Program Files\Everest Poker\data\mp-lobby\shared.gvt
C:\Program Files\Everest Poker\data\mp-poker\background
C:\Program Files\Everest Poker\data\mp-poker\fr
C:\Program Files\Everest Poker\data\mp-poker\shared.gvt
C:\Program Files\Everest Poker\data\mp-poker\background\default.gvt
C:\Program Files\Everest Poker\data\mp-poker\fr\bitmaps.gvt
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_strings.txt
C:\Program Files\Everest Poker\data\mp-poker\fr\mp-poker_tutorial.txt
C:\Program Files\Everest Poker\data\shared\fr
C:\Program Files\Everest Poker\data\shared\shared
C:\Program Files\Everest Poker\data\shared\fr\country.txt
C:\Program Files\Everest Poker\data\shared\fr\language.txt
C:\Program Files\Everest Poker\data\shared\fr\ordinal.txt
C:\Program Files\Everest Poker\data\shared\shared\bitmaps
C:\Program Files\Everest Poker\data\shared\shared\sounds
C:\Program Files\Everest Poker\data\shared\shared\bitmaps\check.art
C:\Program Files\Everest Poker\data\startup\en
C:\Program Files\Everest Poker\data\startup\fr
C:\Program Files\Everest Poker\data\startup\shared
C:\Program Files\Everest Poker\data\startup\en\startup_strings.txt
C:\Program Files\Everest Poker\data\startup\fr\cstart.txt
C:\Program Files\Everest Poker\data\startup\fr\startup_strings.txt
C:\Program Files\Everest Poker\data\startup\shared\bitmaps
C:\Program Files\Everest Poker\data\startup\shared\icons
C:\Program Files\Everest Poker\data\startup\shared\sounds
C:\Program Files\Everest Poker\data\startup\shared\bitmaps\splash_poker.art
C:\Program Files\Everest Poker\history\1.txt
C:\Program Files\Everest Poker\history\17.txt
C:\Program Files\Everest Poker\history\18.txt
C:\Program Files\Everest Poker\history\23.txt
C:\Program Files\Everest Poker\history\24.txt
C:\Program Files\Everest Poker\history\25.txt
C:\Program Files\Everest Poker\history\26.txt
C:\Program Files\Everest Poker\history\28.txt
C:\Program Files\Everest Poker\history\29.txt
C:\Program Files\Everest Poker\history\31.txt
C:\Program Files\Everest Poker\history\32.txt
C:\Program Files\Everest Poker\history\34.txt
C:\Program Files\Everest Poker\history\35.txt
C:\Program Files\Everest Poker\history\36.txt
C:\Program Files\Everest Poker\history\38.txt
C:\Program Files\Everest Poker\history\39.txt
C:\Program Files\Everest Poker\history\41.txt
C:\Program Files\Everest Poker\history\42.txt
C:\Program Files\Everest Poker\history\43.txt
C:\Program Files\Everest Poker\history\46.txt
C:\Program Files\Everest Poker\history\47.txt
C:\Program Files\Everest Poker\history\48.txt
C:\Program Files\Everest Poker\history\49.txt

+--------------------| FunWebProducts/MyWay/MyWebSearch/MyGlobalSearch Elements found :

.
.

+--------------------| It's TV Elements found :

.

+--------------------| Sweetim Elements found :

.
.

+--------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\t9lsr4j9.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "Search the web"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
* Browser Startup HomePage: "https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:official&gws_rd=ssl"

.

+---------------------------------------------------------------------------+

~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://go.microsoft.com/fwlink/?LinkId=69157

+---------------------------------------------------------------------------+

[~4935 bytes] - "C:\AD-report-Scan-13.01.2009.log"

# END at: 20:07:27 | 13/01/2009 - Time elapsed: 57.8 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 105 lines ]
+---------------------------------------------------------------------------+
0
Réponse 17 / 22
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
/!\ Déconnecte-toi et ferme toutes applications en cours /!\

Double-clique sur AD-Remover pour le lancer : au menu principal, choisis l'option B.

Coche à l'écran de sélection :
http://sd-1.archive-host.com/membres/up/16506160323759868/Ca­pturer-ADR.JPG

Suppression Everest Poker

Puis choisis S, le programme va travailler.

Poste le rapport qui apparaît à la fin.

(Le rapport est sauvegardé aussi sous C:\Ad-report.log)

/!\ Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide) /!\

Note :

"Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...)
0
Réponse 18 / 22
budoudou
 
Voici le raport

------- Logfile of AD-Remover 1.0.8.9 by C_XX | ONLY XP/VISTA -------

*** Limited to ***

Everest Casino/Everest Poker

******************

# START AT: 22:09:30 | Mar 13/01/2009 | Microsoft® Windows XP™ SP3 (v5.1.2600)
# BOOT MODE: Normal
# OPTION: Clean | EXECUTED FROM: C:\Program Files\Ad-remover\AD-Remover.bat
# PC: BUDOUDOU | USER: Buty ( Current user is an administrator)
# DRIVE(S):
- C:\ (File System: NTFS)
- D:\ (File System: NTFS)
# System Drive: C:\
# Windows Directory: C:\WINDOWS\
# System Directory: C:\WINDOWS\system32\

--- RUNNING PROCESSES: 59

(!) ---- IE start pages reset

+--------------------| Everest Casino/Everest Poker Elements Deleted :

.
.
C:\log_lobby_dumper.txt
C:\log_lobby.txt
C:\Program Files\Everest Poker

(!) ---- Temp files deleted.
(!) ---- Recycle bin emptied in all drives.

+--------------------| ADDED SCAN :

+---------- Scanning prefs.js ... ( # Mozilla User Preferences )

..\t9lsr4j9.default\prefs.js :

~~~~ Mozilla FireFox version 3.0.5 ~~~~

* Browser Search Default Engine: "Search the web"
* Browser Search Selected Engine: "Live Search"
* Browser Search Default Url: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
* Browser Startup HomePage: "https://www.google.fr/?client=firefox-a&rls=org.mozilla:fr:official&gws_rd=ssl"

.

+---------------------------------------------------------------------------+

~~~~ Internet Explorer version 7.0.5730.13 ~~~~

+--[HKEY_CURRENT_USER\..\Internet Explorer\MAIN]

Start Page : hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

+--[HKEY_LOCAL_MACHINE\..\Internet Explorer\MAIN]

Start Page : hxxp://fr.msn.com/

+---------------------------------------------------------------------------+

[~1799 bytes] - "C:\AD-report-Clean-13.01.2009.log"
[~5270 bytes] - "C:\AD-report-Scan-13.01.2009.log"

# END at: 22:11:08 | 13/01/2009 - Time elapsed: 98.5 seconds

+---------------------------------------------------------------------------+
+------------------------------- [ E.O.F - 40 lines ]
+---------------------------------------------------------------------------+
0
Réponse 19 / 22
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

____________________

comment se comporte ton pc? encore des soucis?

____________________

remets un rapport RSIT
0
Réponse 20 / 22
budoudou
 
Voici le raport tool cleaner !! a parament l'ordinateur se comporte meiu !! plus rapide et plus de fenetre intenpestive !!
[ Rapport ToolsCleaner version 2.3.0 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\UsbFix.txt: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Buty\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Buty\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Buty\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\Buty\Bureau\UsbFix.exe: trouvé !
C:\Documents and Settings\Buty\Bureau\UsbFix.lnk: trouvé !
C:\Documents and Settings\Buty\Bureau\OTMoveIt3.exe: trouvé !
C:\Documents and Settings\Buty\Bureau\Rsit.exe: trouvé !
C:\Documents and Settings\Buty\Menu Démarrer\Programmes\UsbFix: trouvé !
C:\Documents and Settings\Buty\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: trouvé !
C:\Program Files\UsbFix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Buty\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Buty\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Buty\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\UsbFix.txt: supprimé !
C:\Documents and Settings\Buty\Bureau\UsbFix.exe: supprimé !
C:\Documents and Settings\Buty\Bureau\UsbFix.lnk: supprimé !
C:\Documents and Settings\Buty\Bureau\OTMoveIt3.exe: supprimé !
C:\Documents and Settings\Buty\Bureau\Rsit.exe: supprimé !
C:\Documents and Settings\Buty\Menu Démarrer\Programmes\UsbFix\UsbFix.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Buty\Menu Démarrer\Programmes\UsbFix: supprimé !
C:\Program Files\UsbFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Voici le raport rsit :

Logfile of random's system information tool 1.05 (written by random/random)
Run by Buty at 2009-01-13 22:22:24
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 90 GB (77%) free of 116 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:34, on 13/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\CameraFixer.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Documents and Settings\Buty\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Buty\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Buty\Bureau\RSIT.exe
C:\Program Files\trend micro\Buty.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.acer.com/worldwide/selection.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /idle
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Buty\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Win64 malware gen
jules555 -
bazfile -

1 réponse
Mon antivirus detecte un Trojan Gen.2
Utilisateur anonyme -
Fish66 -

25 réponses
Que fait le virus LPI Win32 Pup-Gen
Tristan Chrome -
Tristan Chrome -

2 réponses
Win64:Malware-gen
ptb35 -
MisteryBean -

3 réponses