Pbme adware virtumonde.neo application

alfmov -
jlpjlp Messages postés 52399 Statut Contributeur sécurité - 3 avr. 2009 à 10:10

Bonjour,

Suite à une bétise de ma chérie, cette derniere ayant accepter un adware par l'intermédiaire de MSN messenger, je n'aarive pas à me débarasser de cet adware :adware virtumonde.neo application.

Il est bien détecté par NOD32, mais a chaque suppression, le problème réapparait.
J'ai bien entendu déja scanné l'ordianteur avec spybot, ad-aware, a-squared free . . .
Rien n'y fait.

Je vous colle le log de hi-jack-this :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:22 Alphée, on 02/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\NGists\NGists.exe
C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = avec ACTA MICRO Tél : 0821 020 018
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot

- Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows

Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: (no name) - {bd7d8713-2adf-4a9e-ac53-a93710ffdc0d} - C:\WINDOWS\system32\dikemude.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program

Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD

Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series

Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition

Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [paravitade] Rundll32.exe "C:\WINDOWS\system32\kofemube.dll",s
O4 - HKLM\..\Run: [700ac4ce] rundll32.exe "C:\WINDOWS\system32\bopomija.dll",b
O4 - HKLM\..\Run: [CPM7339f752] Rundll32.exe "c:\windows\system32\tojowebo.dll",a
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://www.update.microsoft.com/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) -

https://easydentic.visiomobile.eu/activex/AMC.cab
O20 - AppInit_DLLs: c:\windows\system32\ c:\windows\system32\hawupopa.dll

C:\WINDOWS\system32\metitalu.dll c:\windows\system32\tojowebo.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\tojowebo.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} -

c:\windows\system32\tojowebo.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared

Free\a2service.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32

Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program

Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program

Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program

Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard

Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers

communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Megatec\UPSilon

2000\RupsMon.exe
O23 - Service: USBMate - Mega Corp. - C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD -

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Afficher la suite

A voir également:

Pbme adware virtumonde.neo application
Adware cleaner - Télécharger - Antivirus & Antimalwares
Nommez une application d'appel vidéo ou de visioconférence - Guide
Desinstaller application windows - Guide
Application word et excel gratuit - Guide
Windows application démarrage - Guide

10 réponses

Réponse 1 / 10

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

slt,

scan avec malwarebyte , fais un scan minutieux et colle le rapport obtenu et vire ce qui est trouvé:

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

______________________

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Clique Continue à l'écran Disclaimer.

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

alfmov

RE,

comme demandé les logs :

log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alphée at 2009-04-02 19:07:21
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 181 GB (59%) free of 305 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07 Alphée, on 02/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\NGists\NGists.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Alphée\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alphée.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = avec ACTA MICRO Tél : 0821 020 018
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - https://easydentic.visiomobile.eu/activex/AMC.cab
O20 - AppInit_DLLs: c:\windows\system32\ c:\windows\system32\hawupopa.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
O23 - Service: USBMate - Mega Corp. - C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

alfmov

re

Dsl pr le log malwar, je te le colle :

Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1904
Windows 5.1.2600 Service Pack 3

02/04/2009 19:01:53 Alphée
mbam-log-2009-04-02 (19-01-53).txt

Type de recherche: Examen rapide
Eléments examinés: 63430
Temps écoulé: 2 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bopomija.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\metitalu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dikemude.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kofemube.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd7d8713-2adf-4a9e-ac53-a93710ffdc0d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd7d8713-2adf-4a9e-ac53-a93710ffdc0d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd7d8713-2adf-4a9e-ac53-a93710ffdc0d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\paravitade (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\700ac4ce (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm7339f752 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\metitalu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\metitalu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\metitalu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tojowebo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tojowebo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\kofemube.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bopomija.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dikemude.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\metitalu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fagometo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Réponse 2 / 10

alfmov

Re,

Les logs demandés :

log.txt :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alphée at 2009-04-02 19:07:21
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 181 GB (59%) free of 305 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:07 Alphée, on 02/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\NGists\NGists.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Alphée\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alphée.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = avec ACTA MICRO Tél : 0821 020 018
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - https://easydentic.visiomobile.eu/activex/AMC.cab
O20 - AppInit_DLLs: c:\windows\system32\ c:\windows\system32\hawupopa.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
O23 - Service: USBMate - Mega Corp. - C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok fais combofix car il reste des infections et branche toutes tes clés usb, disques externes

alfmov > jlpjlp Messages postés 52399 Statut Contributeur sécurité

le log de malware :

Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1904
Windows 5.1.2600 Service Pack 3

02/04/2009 19:01:53 Alphée
mbam-log-2009-04-02 (19-01-53).txt

Type de recherche: Examen rapide
Eléments examinés: 63430
Temps écoulé: 2 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 5
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 8
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\bopomija.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\metitalu.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dikemude.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\kofemube.dll (Trojan.Vundo.H) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd7d8713-2adf-4a9e-ac53-a93710ffdc0d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{bd7d8713-2adf-4a9e-ac53-a93710ffdc0d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{bd7d8713-2adf-4a9e-ac53-a93710ffdc0d} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\paravitade (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\700ac4ce (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpm7339f752 (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.Vundo.H) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\metitalu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\metitalu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\metitalu.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\tojowebo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\tojowebo.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\kofemube.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\bopomija.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\tojowebo.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\dikemude.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\metitalu.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\fagometo.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Réponse 3 / 10

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

et le rapport de malwarebyte???

puis

télécharge combofix (par sUBs) ici :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

et enregistre le sur le bureau.

déconnecte toi d'internet et ferme toutes tes applications.

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)

double-clique sur combofix.exe et suis les instructions

à la fin, il va produire un rapport C:\ComboFix.txt

réactive ton parefeu, ton antivirus, la garde de ton antispyware

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.

Tu as un tutoriel complet ici :

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

C:\htur.exe

Réponse 4 / 10

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

Ok fais combofix car il reste des infections et branche toutes tes clés usb, disques externes

alfmov

log combofix :

.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-CmPCIaudio - CMICNFG3.cpl
MSConfigStartUp-WD Drive Manager - c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Alphée\Application Data\Mozilla\Firefox\Profiles\i9blrfd7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 19:57:25
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-796845957-1284227242-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:54,49,4b,35,98,a8,89,ee,ed,94,e3,3e,13,b0,69,e6,c1,f7,fb,f2,de,
54,51,61,7c,05,ce,66,40,62,76,ea,6a,db,e6,8f,13,e6,14,1d,3d,4c,0d,c3,91,b5,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\program files\a-squared Free\a2service.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Megatec\UPSilon 2000\RupsMon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\NGists\NGists.exe
c:\program files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-04-02 19:59:39 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-04-02 17:59:37

Avant-CF: 189 175 967 744 octets libres
Après-CF: 189,117,349,888 octets libres

239

voila pr le combofix

alfmov

par contre je n'ai pas la console de récupération widows, et ayant coupé la connexion internet , j'ai préféré ne pas essayer de l'installer via combofix.

Ai-je merdé?

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 10

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

il manque les 9/10eme du rapport :(

alfmov

il faut donc que j'installe la console et que je recommence l'opération?

Et dsl d'avoir fait le boulet...

merci de ta patience

alfmov

j'ai quand même installer la console de recup et répété l'opération ::

log.txt :

ComboFix 09-04-01.01 - Alphée 2009-04-02 20:24:44.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1540 [GMT 2:00]
Lancé depuis: c:\documents and settings\Alphée\Bureau\Logiciels ANTI-VIRUS\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Alphée\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-02 au 2009-04-02 ))))))))))))))))))))))))))))))))))))
.

2009-04-02 19:07 . 2009-04-02 19:07 <REP> d-------- C:\rsit
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\documents and settings\Alphée\Application Data\Malwarebytes
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 18:56 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 18:56 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 18:22 . 2009-04-02 18:22 <REP> d-------- c:\program files\Trend Micro
2009-04-02 05:16 . 2009-04-02 05:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-04-02 05:07 . 2009-04-02 05:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-04-02 05:05 . 2009-04-02 05:05 <REP> d-------- c:\program files\Lavasoft
2009-04-02 05:05 . 2009-04-02 05:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-02 05:05 . 2009-04-02 05:05 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-02 05:00 . 2009-04-02 05:00 153 --a------ c:\windows\wininit.ini
2009-04-01 17:24 . 2009-04-01 18:48 108,032 --a------ C:\htur.exe
2009-03-10 19:11 . 2009-03-10 19:11 268 --ah----- C:\sqmdata12.sqm
2009-03-10 19:11 . 2009-03-10 19:11 244 --ah----- C:\sqmnoopt12.sqm
2009-03-10 00:22 . 2008-10-29 15:31 7,700,480 --a------ c:\windows\system\CMICNFG3.cpl
2009-03-10 00:22 . 2008-09-10 19:58 270,336 --a------ c:\windows\system32\CMRMDRV3.exe
2009-03-10 00:22 . 2009-03-18 19:00 550 --a------ c:\windows\system\Cmicnfg3.ini
2009-03-10 00:22 . 2009-03-10 00:22 66 --a------ c:\windows\Cmicnfg3.ini.cfl
2009-03-10 00:21 . 2009-03-10 00:21 <REP> d-------- c:\program files\C-Media PCI Audio Device
2009-03-10 00:21 . 2008-09-11 12:10 278,528 --a------ c:\windows\CmiPCIUninstall.exe
2009-03-10 00:21 . 2009-01-09 14:58 2,532 --a------ c:\windows\cmudax3.ini
2009-03-10 00:21 . 2008-10-02 12:00 1,480 --a------ c:\windows\Cmicnfg3.ini.cfg
2009-03-08 15:55 . 2008-12-03 15:32 1,519,424 --a------ c:\windows\system32\drivers\cmudax3.sys
2009-03-08 15:55 . 2007-02-26 21:30 36,864 --a------ c:\windows\system32\cmudax3.DLL
2009-03-06 14:20 . 2009-03-06 14:20 <REP> d-------- c:\program files\QuickTime
2009-03-06 14:20 . 2009-03-06 14:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 17:57 --------- d-----w c:\program files\Steam
2009-04-02 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-02 05:44 --------- d-----w c:\program files\a-squared Free
2009-04-01 22:37 --------- d-----w c:\documents and settings\Alphée\Application Data\mIRC
2009-04-01 21:11 --------- d-----w c:\program files\mIRC
2009-04-01 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-01 05:39 5,443,480 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-04-01 00:35 --------- d-----w c:\program files\Zoom Player
2009-03-31 21:46 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-29 21:19 --------- d-----w c:\program files\Mumble
2009-03-29 15:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-19 10:44 --------- d-----w c:\documents and settings\Alphée\Application Data\U3
2009-03-07 12:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-07 12:42 --------- d-----w c:\program files\AGEIA Technologies
2009-03-05 12:28 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-27 18:06 304,160 ----a-w C:\PA207.DAT
2009-02-23 14:55 --------- d-----w c:\program files\Google
2009-02-17 22:43 --------- d-----w c:\documents and settings\Alphée\Application Data\OpenOffice.org
2009-02-17 22:40 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-15 22:10 1,221,512 ----a-w c:\windows\system32\zpeng25.dll
2009-02-15 14:30 --------- d-----w c:\program files\EA GAMES
2009-02-15 14:23 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-11 21:15 --------- d-----w c:\documents and settings\Alphée\Application Data\FileZilla
2009-02-10 16:17 --------- d-----w c:\program files\Microsoft Bootvis
2009-02-09 19:12 --------- d-----w c:\program files\Microsoft Games
2009-02-07 22:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 12:51 --------- d-----w c:\program files\Western Digital
2009-02-07 06:09 --------- d-----w c:\program files\CCleaner
2009-02-07 06:06 1,594,541 ----a-w c:\windows\WANEUninstaller.exe
2009-02-07 06:02 --------- d-----w c:\program files\Elaborate Bytes
2009-02-07 05:53 --------- d-----w c:\program files\Alcohol Soft
2009-02-07 05:48 --------- d-----w c:\program files\Java
2009-02-07 05:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-02 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-02 515416]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-03-16 434176]
Rupsmon Daemon.lnk - c:\program files\Megatec\UPSilon 2000\Monw32.exe [2008-03-16 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 11:21 153136 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 14:08 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-02-15 19:37 65536 c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-22 06:19 306088 c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2007-07-10 15:41 1454080 c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\condition zero\\hl.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\ricochet\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grid\\grid.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=
"c:\\Program Files\\a-squared Free\\a2service.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=
"c:\\Program Files\\Megatec\\UPSilon 2000\\RupsMon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-02 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-01-26 2831232]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-03-13 176128]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-03-01 507264]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-06-14 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-06-14 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-06-14 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-06-14 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-06-14 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-06-14 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-06-14 97704]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8dfc60-d363-11dd-853b-0015af0d987d}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8dfc61-d363-11dd-853b-0015af0d987d}]
\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9f831bb-dda7-11dd-854d-0015af0d987d}]
\Shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86c44c2-f0ee-11dc-8a3c-806d6172696f}]
\Shell\AutoRun\command - d:\bin\Assetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-04-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-04-02 05:06]

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 01:26]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Alphée\Application Data\Mozilla\Firefox\Profiles\i9blrfd7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 20:25:20
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-796845957-1284227242-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:54,49,4b,35,98,a8,89,ee,ed,94,e3,3e,13,b0,69,e6,c1,f7,fb,f2,de,
54,51,61,7c,05,ce,66,40,62,76,ea,6a,db,e6,8f,13,e6,14,1d,3d,4c,0d,c3,91,b5,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Heure de fin: 2009-04-02 20:26:02
ComboFix-quarantined-files.txt 2009-04-02 18:25:58
ComboFix2.txt 2009-04-02 17:59:40

Avant-CF: 189 070 049 280 octets libres
Après-CF: 189,059,506,176 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

230

le C:\combofix.txt :

ComboFix 09-04-01.01 - Alphée 2009-04-02 20:24:44.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1540 [GMT 2:00]
Lancé depuis: c:\documents and settings\Alphée\Bureau\Logiciels ANTI-VIRUS\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Alphée\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-02 au 2009-04-02 ))))))))))))))))))))))))))))))))))))
.

2009-04-02 19:07 . 2009-04-02 19:07 <REP> d-------- C:\rsit
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\documents and settings\Alphée\Application Data\Malwarebytes
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 18:56 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 18:56 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 18:22 . 2009-04-02 18:22 <REP> d-------- c:\program files\Trend Micro
2009-04-02 05:16 . 2009-04-02 05:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-04-02 05:07 . 2009-04-02 05:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-04-02 05:05 . 2009-04-02 05:05 <REP> d-------- c:\program files\Lavasoft
2009-04-02 05:05 . 2009-04-02 05:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-02 05:05 . 2009-04-02 05:05 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-02 05:00 . 2009-04-02 05:00 153 --a------ c:\windows\wininit.ini
2009-04-01 17:24 . 2009-04-01 18:48 108,032 --a------ C:\htur.exe
2009-03-10 19:11 . 2009-03-10 19:11 268 --ah----- C:\sqmdata12.sqm
2009-03-10 19:11 . 2009-03-10 19:11 244 --ah----- C:\sqmnoopt12.sqm
2009-03-10 00:22 . 2008-10-29 15:31 7,700,480 --a------ c:\windows\system\CMICNFG3.cpl
2009-03-10 00:22 . 2008-09-10 19:58 270,336 --a------ c:\windows\system32\CMRMDRV3.exe
2009-03-10 00:22 . 2009-03-18 19:00 550 --a------ c:\windows\system\Cmicnfg3.ini
2009-03-10 00:22 . 2009-03-10 00:22 66 --a------ c:\windows\Cmicnfg3.ini.cfl
2009-03-10 00:21 . 2009-03-10 00:21 <REP> d-------- c:\program files\C-Media PCI Audio Device
2009-03-10 00:21 . 2008-09-11 12:10 278,528 --a------ c:\windows\CmiPCIUninstall.exe
2009-03-10 00:21 . 2009-01-09 14:58 2,532 --a------ c:\windows\cmudax3.ini
2009-03-10 00:21 . 2008-10-02 12:00 1,480 --a------ c:\windows\Cmicnfg3.ini.cfg
2009-03-08 15:55 . 2008-12-03 15:32 1,519,424 --a------ c:\windows\system32\drivers\cmudax3.sys
2009-03-08 15:55 . 2007-02-26 21:30 36,864 --a------ c:\windows\system32\cmudax3.DLL
2009-03-06 14:20 . 2009-03-06 14:20 <REP> d-------- c:\program files\QuickTime
2009-03-06 14:20 . 2009-03-06 14:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 17:57 --------- d-----w c:\program files\Steam
2009-04-02 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-02 05:44 --------- d-----w c:\program files\a-squared Free
2009-04-01 22:37 --------- d-----w c:\documents and settings\Alphée\Application Data\mIRC
2009-04-01 21:11 --------- d-----w c:\program files\mIRC
2009-04-01 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-01 05:39 5,443,480 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-04-01 00:35 --------- d-----w c:\program files\Zoom Player
2009-03-31 21:46 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-29 21:19 --------- d-----w c:\program files\Mumble
2009-03-29 15:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-19 10:44 --------- d-----w c:\documents and settings\Alphée\Application Data\U3
2009-03-07 12:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-07 12:42 --------- d-----w c:\program files\AGEIA Technologies
2009-03-05 12:28 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-27 18:06 304,160 ----a-w C:\PA207.DAT
2009-02-23 14:55 --------- d-----w c:\program files\Google
2009-02-17 22:43 --------- d-----w c:\documents and settings\Alphée\Application Data\OpenOffice.org
2009-02-17 22:40 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-15 22:10 1,221,512 ----a-w c:\windows\system32\zpeng25.dll
2009-02-15 14:30 --------- d-----w c:\program files\EA GAMES
2009-02-15 14:23 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-11 21:15 --------- d-----w c:\documents and settings\Alphée\Application Data\FileZilla
2009-02-10 16:17 --------- d-----w c:\program files\Microsoft Bootvis
2009-02-09 19:12 --------- d-----w c:\program files\Microsoft Games
2009-02-07 22:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 12:51 --------- d-----w c:\program files\Western Digital
2009-02-07 06:09 --------- d-----w c:\program files\CCleaner
2009-02-07 06:06 1,594,541 ----a-w c:\windows\WANEUninstaller.exe
2009-02-07 06:02 --------- d-----w c:\program files\Elaborate Bytes
2009-02-07 05:53 --------- d-----w c:\program files\Alcohol Soft
2009-02-07 05:48 --------- d-----w c:\program files\Java
2009-02-07 05:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-02 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-02 515416]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-03-16 434176]
Rupsmon Daemon.lnk - c:\program files\Megatec\UPSilon 2000\Monw32.exe [2008-03-16 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 11:21 153136 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 14:08 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-02-15 19:37 65536 c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-22 06:19 306088 c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2007-07-10 15:41 1454080 c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\condition zero\\hl.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\ricochet\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grid\\grid.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=
"c:\\Program Files\\a-squared Free\\a2service.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=
"c:\\Program Files\\Megatec\\UPSilon 2000\\RupsMon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-02 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-01-26 2831232]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-03-13 176128]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-03-01 507264]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-06-14 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-06-14 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-06-14 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-06-14 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-06-14 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-06-14 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-06-14 97704]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8dfc60-d363-11dd-853b-0015af0d987d}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8dfc61-d363-11dd-853b-0015af0d987d}]
\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9f831bb-dda7-11dd-854d-0015af0d987d}]
\Shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86c44c2-f0ee-11dc-8a3c-806d6172696f}]
\Shell\AutoRun\command - d:\bin\Assetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-04-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-04-02 05:06]

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 01:26]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Alphée\Application Data\Mozilla\Firefox\Profiles\i9blrfd7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 20:25:20
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-796845957-1284227242-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:54,49,4b,35,98,a8,89,ee,ed,94,e3,3e,13,b0,69,e6,c1,f7,fb,f2,de,
54,51,61,7c,05,ce,66,40,62,76,ea,6a,db,e6,8f,13,e6,14,1d,3d,4c,0d,c3,91,b5,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Heure de fin: 2009-04-02 20:26:02
ComboFix-quarantined-files.txt 2009-04-02 18:25:58
ComboFix2.txt 2009-04-02 17:59:40

Avant-CF: 189 070 049 280 octets libres
Après-CF: 189,059,506,176 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

230

ça doit être bon.

Enfin j'espère.

merci

Réponse 6 / 10

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

non le rapport est ici

poste de travail puis

copie/colle le rapport C:\ComboFix.txt

alfmov

ComboFix 09-04-01.01 - Alphée 2009-04-02 20:24:44.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1540 [GMT 2:00]
Lancé depuis: c:\documents and settings\Alphée\Bureau\Logiciels ANTI-VIRUS\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Alphée\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-02 au 2009-04-02 ))))))))))))))))))))))))))))))))))))
.

2009-04-02 19:07 . 2009-04-02 19:07 <REP> d-------- C:\rsit
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\documents and settings\Alphée\Application Data\Malwarebytes
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 18:56 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 18:56 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 18:22 . 2009-04-02 18:22 <REP> d-------- c:\program files\Trend Micro
2009-04-02 05:16 . 2009-04-02 05:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-04-02 05:07 . 2009-04-02 05:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-04-02 05:05 . 2009-04-02 05:05 <REP> d-------- c:\program files\Lavasoft
2009-04-02 05:05 . 2009-04-02 05:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-02 05:05 . 2009-04-02 05:05 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-02 05:00 . 2009-04-02 05:00 153 --a------ c:\windows\wininit.ini
2009-04-01 17:24 . 2009-04-01 18:48 108,032 --a------ C:\htur.exe
2009-03-10 19:11 . 2009-03-10 19:11 268 --ah----- C:\sqmdata12.sqm
2009-03-10 19:11 . 2009-03-10 19:11 244 --ah----- C:\sqmnoopt12.sqm
2009-03-10 00:22 . 2008-10-29 15:31 7,700,480 --a------ c:\windows\system\CMICNFG3.cpl
2009-03-10 00:22 . 2008-09-10 19:58 270,336 --a------ c:\windows\system32\CMRMDRV3.exe
2009-03-10 00:22 . 2009-03-18 19:00 550 --a------ c:\windows\system\Cmicnfg3.ini
2009-03-10 00:22 . 2009-03-10 00:22 66 --a------ c:\windows\Cmicnfg3.ini.cfl
2009-03-10 00:21 . 2009-03-10 00:21 <REP> d-------- c:\program files\C-Media PCI Audio Device
2009-03-10 00:21 . 2008-09-11 12:10 278,528 --a------ c:\windows\CmiPCIUninstall.exe
2009-03-10 00:21 . 2009-01-09 14:58 2,532 --a------ c:\windows\cmudax3.ini
2009-03-10 00:21 . 2008-10-02 12:00 1,480 --a------ c:\windows\Cmicnfg3.ini.cfg
2009-03-08 15:55 . 2008-12-03 15:32 1,519,424 --a------ c:\windows\system32\drivers\cmudax3.sys
2009-03-08 15:55 . 2007-02-26 21:30 36,864 --a------ c:\windows\system32\cmudax3.DLL
2009-03-06 14:20 . 2009-03-06 14:20 <REP> d-------- c:\program files\QuickTime
2009-03-06 14:20 . 2009-03-06 14:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 17:57 --------- d-----w c:\program files\Steam
2009-04-02 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-02 05:44 --------- d-----w c:\program files\a-squared Free
2009-04-01 22:37 --------- d-----w c:\documents and settings\Alphée\Application Data\mIRC
2009-04-01 21:11 --------- d-----w c:\program files\mIRC
2009-04-01 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-01 05:39 5,443,480 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-04-01 00:35 --------- d-----w c:\program files\Zoom Player
2009-03-31 21:46 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-29 21:19 --------- d-----w c:\program files\Mumble
2009-03-29 15:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-19 10:44 --------- d-----w c:\documents and settings\Alphée\Application Data\U3
2009-03-07 12:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-07 12:42 --------- d-----w c:\program files\AGEIA Technologies
2009-03-05 12:28 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-27 18:06 304,160 ----a-w C:\PA207.DAT
2009-02-23 14:55 --------- d-----w c:\program files\Google
2009-02-17 22:43 --------- d-----w c:\documents and settings\Alphée\Application Data\OpenOffice.org
2009-02-17 22:40 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-15 22:10 1,221,512 ----a-w c:\windows\system32\zpeng25.dll
2009-02-15 14:30 --------- d-----w c:\program files\EA GAMES
2009-02-15 14:23 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-11 21:15 --------- d-----w c:\documents and settings\Alphée\Application Data\FileZilla
2009-02-10 16:17 --------- d-----w c:\program files\Microsoft Bootvis
2009-02-09 19:12 --------- d-----w c:\program files\Microsoft Games
2009-02-07 22:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 12:51 --------- d-----w c:\program files\Western Digital
2009-02-07 06:09 --------- d-----w c:\program files\CCleaner
2009-02-07 06:06 1,594,541 ----a-w c:\windows\WANEUninstaller.exe
2009-02-07 06:02 --------- d-----w c:\program files\Elaborate Bytes
2009-02-07 05:53 --------- d-----w c:\program files\Alcohol Soft
2009-02-07 05:48 --------- d-----w c:\program files\Java
2009-02-07 05:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-02 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-02 515416]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-03-16 434176]
Rupsmon Daemon.lnk - c:\program files\Megatec\UPSilon 2000\Monw32.exe [2008-03-16 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 11:21 153136 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 14:08 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-02-15 19:37 65536 c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-22 06:19 306088 c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2007-07-10 15:41 1454080 c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\condition zero\\hl.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\ricochet\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grid\\grid.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=
"c:\\Program Files\\a-squared Free\\a2service.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=
"c:\\Program Files\\Megatec\\UPSilon 2000\\RupsMon.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-04-02 64160]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [2006-07-05 63352]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-02-20 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-01-26 2831232]
R3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2008-03-13 176128]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951632]
S3 PAC207;PC Camer@;c:\windows\system32\drivers\PFC027.SYS [2007-03-01 507264]
S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [2008-06-14 81832]
S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [2008-06-14 13864]
S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [2008-06-14 107304]
S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [2008-06-14 99112]
S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [2008-06-14 21928]
S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [2008-06-14 97320]
S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [2008-06-14 97704]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys --> c:\windows\system32\DRIVERS\wdcsam.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8dfc60-d363-11dd-853b-0015af0d987d}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8dfc61-d363-11dd-853b-0015af0d987d}]
\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9f831bb-dda7-11dd-854d-0015af0d987d}]
\Shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86c44c2-f0ee-11dc-8a3c-806d6172696f}]
\Shell\AutoRun\command - d:\bin\Assetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-04-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-04-02 05:06]

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 01:26]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Alphée\Application Data\Mozilla\Firefox\Profiles\i9blrfd7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 20:25:20
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-796845957-1284227242-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:54,49,4b,35,98,a8,89,ee,ed,94,e3,3e,13,b0,69,e6,c1,f7,fb,f2,de,
54,51,61,7c,05,ce,66,40,62,76,ea,6a,db,e6,8f,13,e6,14,1d,3d,4c,0d,c3,91,b5,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
Heure de fin: 2009-04-02 20:26:02
ComboFix-quarantined-files.txt 2009-04-02 18:25:58
ComboFix2.txt 2009-04-02 17:59:40

Avant-CF: 189 070 049 280 octets libres
Après-CF: 189,059,506,176 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]

SI là ce n'est pas le bon, je suis paumé.
il était bien dans mon C:

Dis moi si je dois refaire un combofix.

merci

Réponse 7 / 10

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok

vire ce qui est en qaurantaine dans malwarebyte puis

branche tous tes disques externes (clés usb ...)

Pour fusionner:

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

_______________

telecharge combofix:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

_________________

Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

Collect::
C:\htur.exe
c:\windows\system32\hawupopa.dll

Enregistre ce fichier sous le nom CFscript

Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

____________________

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------
remets un rapport RSIT

et dis tes soucis actuels

alfmov

3 messages d'erreurs durant le scan de combofix.
Pour finir par le rapport affiché, suivi d'un écran bleu "hard error unknown"

grosse frayeur; reset et rebbot.

pas e soucis jusqu'à maintenant.

le log :

ComboFix 09-04-01.01 - Alphée 2009-04-02 20:56:02.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.2047.1539 [GMT 2:00]
Lancé depuis: c:\documents and settings\Alphée\Bureau\Logiciels ANTI-VIRUS\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Alphée\Bureau\CFscript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\htur.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-03-02 au 2009-04-02 ))))))))))))))))))))))))))))))))))))
.

2009-04-02 19:07 . 2009-04-02 19:07 <REP> d-------- C:\rsit
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\documents and settings\Alphée\Application Data\Malwarebytes
2009-04-02 18:56 . 2009-04-02 18:56 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-02 18:56 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-02 18:56 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-02 18:22 . 2009-04-02 18:22 <REP> d-------- c:\program files\Trend Micro
2009-04-02 05:16 . 2009-04-02 05:06 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-04-02 05:07 . 2009-04-02 05:06 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-04-02 05:05 . 2009-04-02 05:05 <REP> d-------- c:\program files\Lavasoft
2009-04-02 05:05 . 2009-04-02 05:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-02 05:05 . 2009-04-02 05:05 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-04-02 05:00 . 2009-04-02 05:00 153 --a------ c:\windows\wininit.ini
2009-03-10 19:11 . 2009-03-10 19:11 268 --ah----- C:\sqmdata12.sqm
2009-03-10 19:11 . 2009-03-10 19:11 244 --ah----- C:\sqmnoopt12.sqm
2009-03-10 00:22 . 2008-10-29 15:31 7,700,480 --a------ c:\windows\system\CMICNFG3.cpl
2009-03-10 00:22 . 2008-09-10 19:58 270,336 --a------ c:\windows\system32\CMRMDRV3.exe
2009-03-10 00:22 . 2009-03-18 19:00 550 --a------ c:\windows\system\Cmicnfg3.ini
2009-03-10 00:22 . 2009-03-10 00:22 66 --a------ c:\windows\Cmicnfg3.ini.cfl
2009-03-10 00:21 . 2009-03-10 00:21 <REP> d-------- c:\program files\C-Media PCI Audio Device
2009-03-10 00:21 . 2008-09-11 12:10 278,528 --a------ c:\windows\CmiPCIUninstall.exe
2009-03-10 00:21 . 2009-01-09 14:58 2,532 --a------ c:\windows\cmudax3.ini
2009-03-10 00:21 . 2008-10-02 12:00 1,480 --a------ c:\windows\Cmicnfg3.ini.cfg
2009-03-08 15:55 . 2008-12-03 15:32 1,519,424 --a------ c:\windows\system32\drivers\cmudax3.sys
2009-03-08 15:55 . 2007-02-26 21:30 36,864 --a------ c:\windows\system32\cmudax3.DLL
2009-03-06 14:20 . 2009-03-06 14:20 <REP> d-------- c:\program files\QuickTime
2009-03-06 14:20 . 2009-03-06 14:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-02 17:57 --------- d-----w c:\program files\Steam
2009-04-02 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-02 05:44 --------- d-----w c:\program files\a-squared Free
2009-04-01 22:37 --------- d-----w c:\documents and settings\Alphée\Application Data\mIRC
2009-04-01 21:11 --------- d-----w c:\program files\mIRC
2009-04-01 20:03 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-01 05:39 5,443,480 ----a-w c:\windows\Internet Logs\tvDebug.Zip
2009-04-01 00:35 --------- d-----w c:\program files\Zoom Player
2009-03-31 21:46 --------- d-----w c:\program files\Mozilla Thunderbird
2009-03-29 21:19 --------- d-----w c:\program files\Mumble
2009-03-29 15:27 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-19 10:44 --------- d-----w c:\documents and settings\Alphée\Application Data\U3
2009-03-07 12:43 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-03-07 12:42 --------- d-----w c:\program files\AGEIA Technologies
2009-03-05 12:28 --------- d-----w c:\program files\Windows Live Safety Center
2009-02-27 18:06 304,160 ----a-w C:\PA207.DAT
2009-02-23 14:55 --------- d-----w c:\program files\Google
2009-02-17 22:43 --------- d-----w c:\documents and settings\Alphée\Application Data\OpenOffice.org
2009-02-17 22:40 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-15 22:10 1,221,512 ----a-w c:\windows\system32\zpeng25.dll
2009-02-15 14:30 --------- d-----w c:\program files\EA GAMES
2009-02-15 14:23 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-11 21:15 --------- d-----w c:\documents and settings\Alphée\Application Data\FileZilla
2009-02-10 16:17 --------- d-----w c:\program files\Microsoft Bootvis
2009-02-09 19:12 --------- d-----w c:\program files\Microsoft Games
2009-02-07 22:10 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 12:51 --------- d-----w c:\program files\Western Digital
2009-02-07 06:09 --------- d-----w c:\program files\CCleaner
2009-02-07 06:06 1,594,541 ----a-w c:\windows\WANEUninstaller.exe
2009-02-07 06:02 --------- d-----w c:\program files\Elaborate Bytes
2009-02-07 05:53 --------- d-----w c:\program files\Alcohol Soft
2009-02-07 05:48 --------- d-----w c:\program files\Java
2009-02-07 05:39 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-16 17:24 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2008-12-02 1410296]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-03-15 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\system32\JMRaidSetup.exe" [2006-11-16 1953792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 63712]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-02 515416]
"nwiz"="nwiz.exe" [2009-02-18 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-17 c:\windows\RTHDCPL.exe]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-03-16 434176]
Rupsmon Daemon.lnk - c:\program files\Megatec\UPSilon 2000\Monw32.exe [2008-03-16 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.xvid"= xvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-16 11:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-06-01 11:21 153136 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a------ 2005-12-06 14:08 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-13 20:34 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 17:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2007-02-15 19:37 65536 c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC]
--a------ 2008-12-22 06:19 306088 c:\program files\Steam\steamapps\common\grand theft auto iv\RGSC\RGSCLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-11-10 06:43 136600 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
--a------ 2008-06-30 00:01 52168 c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2007-07-10 15:41 1454080 c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Steam\\steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\condition zero\\hl.exe"=
"c:\\Program Files\\HLSW\\hlsw.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\synergy\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\alphee\\ricochet\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\trackmania nations forever\\TmForeverLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grid\\grid.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv\\RGSC\\RGSCLauncher.exe"=
"c:\\Program Files\\a-squared Free\\a2service.exe"=
"c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\ekrn.exe"=
"c:\\Program Files\\Megatec\\UPSilon 2000\\RupsMon.exe"=

R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-02 951632]
R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2007-03-01 507264]
R3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\DRIVERS\s816bus.sys [2007-06-19 81832]
R3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s816mdfl.sys [2007-06-19 13864]
R3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s816mdm.sys [2007-06-19 107304]
R3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s816mgmt.sys [2007-06-19 99112]
R3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\DRIVERS\s816nd5.sys [2007-06-19 21928]
R3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s816obex.sys [2007-06-19 97320]
R3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\DRIVERS\s816unic.sys [2007-06-19 97704]
R3 WDC_SAM;WD SCSI Pass Thru driver; [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-02 64160]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-02-20 33800]
S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-02-20 472320]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2008-03-13 2831232]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2006-09-05 176128]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - a2free
*Deregistered* - AFD
*Deregistered* - ALG
*Deregistered* - Arp1394
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BITS
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - Dnscache
*Deregistered* - eamon
*Deregistered* - easdrv
*Deregistered* - ekrn
*Deregistered* - ElbyCDIO
*Deregistered* - epfwtdir
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - gusvc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - ImapiService
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - Kbdclass
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - Lbd
*Deregistered* - LightScribeService
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - NVSvc
*Deregistered* - PartMgr
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - RpcSs
*Deregistered* - Rupsmon
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01a
*Deregistered* - sfhlp02
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srescan
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - Tcpip
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - Update
*Deregistered* - USBMate
*Deregistered* - VClone
*Deregistered* - VgaSave
*Deregistered* - VolSnap
*Deregistered* - vsdatant
*Deregistered* - vsmon
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8dfc60-d363-11dd-853b-0015af0d987d}]
\Shell\AutoRun\command - K:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a8dfc61-d363-11dd-853b-0015af0d987d}]
\Shell\AutoRun\command - L:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9f831bb-dda7-11dd-854d-0015af0d987d}]
\Shell\AutoRun\command - h:\wd_windows_tools\WDSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86c44c2-f0ee-11dc-8a3c-806d6172696f}]
\Shell\AutoRun\command - d:\bin\Assetup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Tâches planifiées'

2009-04-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-04-02 05:06]

2009-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 01:26]
.
- - - - ORPHELINS SUPPRIMES - - - -

SafeBoot-procexp90.Sys

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Alphée\Application Data\Mozilla\Firefox\Profiles\i9blrfd7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-02 20:57:29
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2009-04-02 20:59:04
ComboFix-quarantined-files.txt 2009-04-02 18:59:03
ComboFix2.txt 2009-04-02 18:26:03
ComboFix3.txt 2009-04-02 17:59:40

Avant-CF: 189 042 376 704 octets libres
Après-CF: 189,030,248,448 octets libres

336

Dois -je me faire du soucis?

Réponse 8 / 10

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
(dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/
-----------------------
remets un rapport RSIT

et dis tes soucis actuels

alfmov

Voila le dernier log :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Alphée at 2009-04-02 22:36:08
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 180 GB (59%) free of 305 GB
Total RAM: 2047 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36 Alphée, on 02/04/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\NGists\NGists.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Megatec\UPSilon 2000\Monw32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Alphée\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Alphée.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Rupsmon Daemon.lnk = ?
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - https://easydentic.visiomobile.eu/activex/AMC.cab
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Rupsmon - Mega System Technologies, Inc. - C:\Program Files\Megatec\UPSilon 2000\RupsMon.exe
O23 - Service: USBMate - Mega Corp. - C:\Program Files\Megatec\UPSilon 2000\USBMate.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Réponse 9 / 10

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

ok cela a l'air ok

________________

Désactive ta restauration systeme puis redemarre ton ordi puis réactive là comme ceci:
https://www.informatruc.com

_________________

mettre a jour internet explorer avec la version 8
pour XP
http://download.microsoft.com/...

__________________

mettre à jour adobe reader puis supprimer les anciennes version via le panneau de configuration
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

______________

Mettre a jour java:
https://javara.fr.malavida.com/

Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
Double-clique sur le répertoire JavaRa obtenu.
Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
Clique sur Search For Updates.
Sélectionne Update Using jucheck.exe puis clique sur Search.
Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
(c:\JavaRa.log)
Ferme l'application.

si cela ne fonctionne pas

https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

tu peux désinstaller les vieilles versions.

_______________________

pour virer ce qui a été utilisé:
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

______________________
garde malwarebyte et ccleaner en complement de nod 32

_________________________

tu peux verifier avec nod 32 que rien n'est trouvé

si c'est ok avec nod 32 c'est bon pour toi!!!

alfmov

Re,

Enfin terminé.

Le dernier log de javara :

JavaRa 1.13 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Apr 03 00:03:31 2009

Found and removed: C:\Program Files\Java\jre1.6.0_05

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: SOFTWARE\Classes\Installer\Features\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Classes\JavaPlugin.160_05

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_05

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610005

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160050}

Found and removed: Software\Classes\JavaPlugin.160_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_05

Found and removed: Software\JavaSoft\Java2D\1.6.0_05

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_05

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_05\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

------------------------------------

Finished reporting.

Merci de tous tes conseils, de ta patience, et de tes explications.

Heureusement qu'il y a encore de bons samaritains comme toi pr sauver les noobs comme moi :)

Merci encore

alfmov

j' oubliais le log de toolscleaner :

[ Rapport ToolsCleaner version 2.3.3 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Combofix.txt: trouvé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Alphée\Bureau\Logiciels ANTI-VIRUS\HijackThis.lnk: trouvé !
C:\Documents and Settings\Alphée\Bureau\Logiciels ANTI-VIRUS\ComboFix.exe: trouvé !
C:\Documents and Settings\Alphée\Bureau\Logiciels ANTI-VIRUS\Rsit.exe: trouvé !
C:\Documents and Settings\Alphée\Mes documents\Liens, tuto,\pbm virus\hijackthis.log: trouvé !
C:\Documents and Settings\Alphée\Mes documents\Téléchargement\HJTInstall.exe: trouvé !
C:\Program Files\Microsoft Games\Age of Mythology\history\units\avenger.txt: trouvé !
C:\Program Files\Microsoft Games\Age of Mythology\history2\units\avenger.txt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

Et encore merci

Réponse 10 / 10

jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040

tool cleaner a tout viré?

tu peux verifier avec nod 32 que rien n'est trouvé

si c'est ok avec nod 32 c'est bon pour toi!!!

Discussions similaires

logiciel bonjour

Pbme adware virtumonde.neo application

10 réponses

Votre réponse

Discussions similaires

Newsletters