Sujet Précédent Sujet Suivant

Virus inconnu

Fermé
WolfET Messages postés 7 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 16 juillet 2009 - 16 juil. 2009 à 19:34
WolfET Messages postés 7 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 16 juillet 2009 - 16 juil. 2009 à 20:51
Salut, j'ai un problème j'ai effectué un téléchargement et j'ai choppé un virus, alors j'ai exécute 2 patchs de réparation fixVundo et fixvundoB.

Petit problème, je suis sûr que le virus et là pourtant mon antivirus Avast ne le détecte pas de plus j'ai 2 lecteurs...Un lecteur Cd/DvD et un lecteur de disque. Mon lecteur ne lis plus les CDs, il n'execute plus en automatique et quand je met un cd et que je vais pour l'ouvrir par poste de travail j'ai un message d'erreur sur les 2 lecteurs.

Alors suite a des recherches a internet qui n'ont rien donnés j'ai installé HIJACKTHIS et voici le rapport :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:04, on 16/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\ffdtfmslwh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\sandrine\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\TEMP\ffdtfmslwh.exe
C:\Documents and Settings\sandrine\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: santa.bat
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: yztqip.dll
O23 - Service: Avertissement AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\ffdtfmslwh.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe

11 réponses

Réponse 1 / 11
Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
16 juil. 2009 à 19:35
Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre
1
Réponse 2 / 11
WolfET Messages postés 7 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 16 juillet 2009
16 juil. 2009 à 19:54
Voila :
Rapport GenProc 2.604 [1] - 16/07/2009 à 19:47:24
@ Windows XP Service Pack 3 - Mode normal
@ Mozilla Firefox (3.5) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt




~~~~ INFORMATION COMPLEMENTAIRE ~~~~


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:13, on 16/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\TEMP\ffdtfmslwh.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\DOCUME~1\sandrine\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\TEMP\ffdtfmslwh.exe
C:\WINDOWS\system32\cmd.exe
C:\GenProc\outil\sandrine_GenProc.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: santa.bat
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mappy.com
O15 - Trusted Zone: http://*.orange.fr
O15 - Trusted Zone: http://rw.search.ke.voila.fr
O15 - Trusted Zone: http://orange.weborama.fr
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O20 - AppInit_DLLs: yztqip.dll
O23 - Service: Avertissement AlerterALG (AlerterALG) - Unknown owner - C:\WINDOWS\TEMP\ffdtfmslwh.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
0
Réponse 3 / 11
Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
16 juil. 2009 à 19:58
[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
0
Réponse 4 / 11
WolfET Messages postés 7 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 16 juillet 2009
16 juil. 2009 à 20:18
Voila j'ai que ça, ca me parait bizarre :

c://windows/system32/drivers/hjgruikfdgcmjc.sys

c://windows/system32/hjgruitttuoyen.dll

c://windows/system32/hjgruijsevfyxx.dat

c://windows/system32/hjgruitqsnlmsg.dll

c://windows/system32/hjgruilkdsboyl.dat
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
16 juil. 2009 à 20:23
en mode sans echec lance combofix
0
Réponse 6 / 11
WolfET Messages postés 7 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 16 juillet 2009
16 juil. 2009 à 20:25
Et comment on se met en mode sans échec?
0
Réponse 7 / 11
WolfET Messages postés 7 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 16 juillet 2009
16 juil. 2009 à 20:29
Voila: ComboFix 09-07-14.08 - sandrine 16/07/2009 20:15.1.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.2038.1538 [GMT 2:00]
Running from: c:\documents and settings\sandrine\Bureau\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090716-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sandrine\Application Data\.#
c:\recycler\S-1-5-21-5197265904-8161721512-917034306-3014
c:\windows\Cursors\lsass.exe
c:\windows\Installer\171c6.msi
c:\windows\Installer\18dba91.msi
c:\windows\RunUpdater.exe
c:\windows\system32\_004496_.tmp.dll
c:\windows\system32\_004497_.tmp.dll
c:\windows\system32\_004498_.tmp.dll
c:\windows\system32\_004499_.tmp.dll
c:\windows\system32\_004505_.tmp.dll
c:\windows\system32\_004506_.tmp.dll
c:\windows\system32\_004507_.tmp.dll
c:\windows\system32\_004508_.tmp.dll
c:\windows\system32\_004509_.tmp.dll
c:\windows\system32\_004510_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004512_.tmp.dll
c:\windows\system32\_004513_.tmp.dll
c:\windows\system32\_004514_.tmp.dll
c:\windows\system32\_004515_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004519_.tmp.dll
c:\windows\system32\_004520_.tmp.dll
c:\windows\system32\_004522_.tmp.dll
c:\windows\system32\_004523_.tmp.dll
c:\windows\system32\_004524_.tmp.dll
c:\windows\system32\_004525_.tmp.dll
c:\windows\system32\_004526_.tmp.dll
c:\windows\system32\_004530_.tmp.dll
c:\windows\system32\_004531_.tmp.dll
c:\windows\system32\_004532_.tmp.dll
c:\windows\system32\_004533_.tmp.dll
c:\windows\system32\_004534_.tmp.dll
c:\windows\system32\_004535_.tmp.dll
c:\windows\system32\_004536_.tmp.dll
c:\windows\system32\_004538_.tmp.dll
c:\windows\system32\_004539_.tmp.dll
c:\windows\system32\_004540_.tmp.dll
c:\windows\system32\_004541_.tmp.dll
c:\windows\system32\_004542_.tmp.dll
c:\windows\system32\_004543_.tmp.dll
c:\windows\system32\_004544_.tmp.dll
c:\windows\system32\_004545_.tmp.dll
c:\windows\system32\_004546_.tmp.dll
c:\windows\system32\_004547_.tmp.dll
c:\windows\system32\_004548_.tmp.dll
c:\windows\system32\_004549_.tmp.dll
c:\windows\system32\_004552_.tmp.dll
c:\windows\system32\_004553_.tmp.dll
c:\windows\system32\_004554_.tmp.dll
c:\windows\system32\_004556_.tmp.dll
c:\windows\system32\_004558_.tmp.dll
c:\windows\system32\_004559_.tmp.dll
c:\windows\system32\_004561_.tmp.dll
c:\windows\system32\_004563_.tmp.dll
c:\windows\system32\_004564_.tmp.dll
c:\windows\system32\_004565_.tmp.dll
c:\windows\system32\_004570_.tmp.dll
c:\windows\system32\_004572_.tmp.dll
c:\windows\system32\_004574_.tmp.dll
c:\windows\system32\_004575_.tmp.dll
c:\windows\system32\_004577_.tmp.dll
c:\windows\system32\_004578_.tmp.dll
c:\windows\system32\_004579_.tmp.dll
c:\windows\system32\_004580_.tmp.dll
c:\windows\system32\_004583_.tmp.dll
c:\windows\system32\_004584_.tmp.dll
c:\windows\system32\_004585_.tmp.dll
c:\windows\system32\_004586_.tmp.dll
c:\windows\system32\_004587_.tmp.dll
c:\windows\system32\_004592_.tmp.dll
c:\windows\system32\_004594_.tmp.dll
c:\windows\system32\drivers\hjgruikfdgcmjc.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hjgruijsevfyxx.dat
c:\windows\system32\hjgruilkdsboyl.dat
c:\windows\system32\hjgruitqsnlmsg.dll
c:\windows\system32\hjgruitttuoyen.dll
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\wr71135.dll
c:\windows\system32\xa2542343.exe
c:\windows\system32\xa2542515.exe
c:\windows\system32\xa2560531.exe
c:\windows\system32\xa2560718.exe
c:\windows\system32\xa2584828.exe
c:\windows\system32\xa2585015.exe
c:\windows\system32\xwr71135.dll
c:\windows\YahooUpdater.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruiutoyvxfa
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.

2009-07-16 17:47 . 2009-07-16 17:47 -------- d-----w- C:\GenProc
2009-07-15 08:20 . 2009-01-20 07:19 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-14 19:42 . 2009-07-14 19:42 -------- d-----w- c:\documents and settings\sandrine\Application Data\YoudaGames
2009-07-13 21:48 . 2009-07-13 21:49 -------- d-----w- c:\documents and settings\sandrine\Local Settings\Application Data\Google
2009-07-13 21:48 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\sandrine\Application Data\Mozilla\Firefox\Profiles\odxea58n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll
2009-07-13 21:48 . 2009-03-24 12:43 43008 ----a-w- c:\documents and settings\sandrine\Application Data\Mozilla\Firefox\Profiles\odxea58n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-07-13 21:48 . 2009-03-24 12:43 235520 ----a-w- c:\documents and settings\sandrine\Application Data\Mozilla\Firefox\Profiles\odxea58n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff2.dll
2009-07-13 21:48 . 2009-03-24 12:43 338432 ----a-w- c:\documents and settings\sandrine\Application Data\Mozilla\Firefox\Profiles\odxea58n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-07-13 21:48 . 2009-03-24 12:42 235008 ----a-w- c:\documents and settings\sandrine\Application Data\Mozilla\Firefox\Profiles\odxea58n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\metrics-ff3.dll
2009-07-13 21:48 . 2009-03-24 12:42 345088 ----a-w- c:\documents and settings\sandrine\Application Data\Mozilla\Firefox\Profiles\odxea58n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-07-13 14:59 . 2009-07-13 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Aliasworlds
2009-07-12 16:35 . 2009-07-12 16:35 -------- d-----w- c:\documents and settings\sandrine\Application Data\UClick
2009-07-12 16:35 . 2009-07-12 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\UClick
2009-07-09 13:54 . 2008-04-14 02:33 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-07-07 17:28 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-07 17:28 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-07 17:28 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-07 17:28 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-07 17:28 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-07 17:28 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-07 17:28 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-07 17:28 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-07 17:28 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-07 17:28 . 2009-07-07 17:28 -------- d-----w- c:\program files\Alwil Software
2009-07-05 21:07 . 2009-07-05 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Candy Factory
2009-07-05 19:50 . 2009-07-05 19:50 -------- d-----w- c:\documents and settings\sandrine\PetPlayground
2009-07-02 20:06 . 2009-07-02 20:06 -------- d-----w- c:\program files\Conduit
2009-07-02 20:06 . 2009-07-02 20:06 -------- d-----w- c:\documents and settings\sandrine\Local Settings\Application Data\Conduit
2009-06-30 18:36 . 2009-06-30 18:37 -------- d-----w- c:\documents and settings\sandrine\Application Data\Microsoft Games
2009-06-30 18:36 . 2009-06-30 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Games
2009-06-30 18:27 . 2009-06-30 18:27 -------- d-----w- c:\program files\Microsoft Games
2009-06-25 16:37 . 2009-06-25 16:37 -------- d-----w- c:\documents and settings\sandrine\Application Data\Total Eclipse
2009-06-24 16:59 . 2009-06-24 16:59 -------- d-----w- c:\program files\Securitoo
2009-06-24 16:58 . 2006-03-01 16:53 94208 ----a-w- c:\windows\system32\w32n50.dll
2009-06-24 16:58 . 2006-03-01 16:53 32128 ----a-w- c:\windows\system32\pcandis5.sys
2009-06-24 16:58 . 2003-09-23 08:38 34688 ----a-w- c:\windows\system32\pcampr5.sys
2009-06-24 16:57 . 2009-06-24 16:57 -------- d-----w- c:\program files\Fichiers communs\France Telecom
2009-06-22 18:02 . 2009-06-22 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Black Blob Studios
2009-06-22 17:48 . 2009-06-22 17:48 -------- d-----w- c:\windows\Lovely Kitchen
2009-06-22 17:26 . 2009-06-22 17:26 -------- d-----w- c:\windows\7 Wonders Treasures of Seven
2009-06-22 17:20 . 2009-06-22 17:20 -------- d-----w- c:\documents and settings\sandrine\Application Data\Camel101
2009-06-21 07:32 . 2009-07-07 18:27 -------- d-----w- c:\program files\Puzzle Hero
2009-06-20 19:03 . 2009-06-20 19:03 -------- d-----w- c:\program files\Infogrames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 17:38 . 2008-12-13 18:50 -------- d-----w- c:\documents and settings\sandrine\Application Data\uTorrent
2009-07-15 17:23 . 2009-05-18 20:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 10:30 . 2009-04-15 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-15 07:53 . 2008-03-22 19:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-15 07:48 . 2009-02-22 14:44 -------- d-----w- c:\documents and settings\sandrine\Application Data\TeamViewer
2009-07-14 21:03 . 2009-01-27 17:42 -------- d-----w- c:\program files\Games
2009-07-13 15:05 . 2008-11-03 18:09 -------- d-----w- c:\documents and settings\sandrine\Application Data\Meridian93
2009-07-13 14:58 . 2009-04-15 08:55 -------- d-----w- c:\program files\Oberon Media
2009-07-07 21:14 . 2008-09-11 12:05 -------- d-----w- c:\program files\Launch Manager
2009-07-07 18:30 . 2008-03-22 20:03 100560 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 12:51 . 2008-09-20 11:23 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-07-02 20:06 . 2008-09-29 13:30 -------- d-----w- c:\documents and settings\sandrine\Application Data\PlayFirst
2009-07-02 20:06 . 2008-09-29 13:30 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-29 12:13 . 2009-02-13 13:47 1 ----a-w- c:\documents and settings\sandrine\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-06-26 15:01 . 2008-09-23 18:13 -------- d-----w- c:\program files\CCleaner
2009-06-22 17:26 . 2008-10-08 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\MumboJumbo
2009-06-16 14:40 . 2004-08-05 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 17:55 . 2009-06-15 17:55 -------- d-----w- c:\documents and settings\sandrine\Application Data\SerpentOfIsis
2009-06-14 15:45 . 2009-06-14 13:20 -------- d-----w- c:\documents and settings\sandrine\Application Data\Faerie Solitaire
2009-06-06 18:26 . 2009-06-06 18:22 -------- d-----w- c:\program files\BlackHawkWarez
2009-06-04 20:58 . 2009-06-04 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\cupcakecafe
2009-06-04 09:01 . 2009-05-08 13:22 -------- d-----w- c:\program files\PopCap Games
2009-06-03 19:10 . 2007-10-29 22:43 1297408 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 20:58 . 2009-04-24 19:57 -------- d-----w- c:\documents and settings\sandrine\Application Data\Artogon
2009-06-01 10:03 . 2009-04-01 17:15 152576 ----a-w- c:\documents and settings\sandrine\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-31 22:03 . 2009-05-31 22:03 -------- d-----w- c:\documents and settings\sandrine\Application Data\HuruBeachParty
2009-05-29 05:07 . 2009-05-29 05:07 -------- d-----w- c:\documents and settings\sandrine\Application Data\Mean Hamster
2009-05-29 05:07 . 2009-05-29 05:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Mean Hamster
2009-05-27 12:53 . 2009-01-25 14:27 -------- d-----w- c:\program files\Evolution de la Terre et du vivant en images
2009-05-27 09:03 . 2009-05-27 09:02 -------- d-----w- c:\documents and settings\sandrine\Application Data\Bigfish 3 Days Zoo Mystery
2009-05-18 13:03 . 2009-05-18 13:03 -------- d-----w- c:\documents and settings\sandrine\Application Data\Pi Eye Games
2009-05-18 12:01 . 2009-05-18 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\XLab
2009-05-17 19:14 . 2009-05-17 19:14 -------- d-----w- c:\documents and settings\sandrine\Application Data\HiT-MM
2009-05-17 19:08 . 2009-05-17 19:08 -------- d-----w- c:\documents and settings\sandrine\Application Data\TikGames
2009-05-17 19:08 . 2009-05-17 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\TikGames
2009-05-17 18:36 . 2008-09-13 15:42 -------- d-----w- c:\documents and settings\sandrine\Application Data\blg
2009-05-17 18:36 . 2008-09-13 15:42 -------- d-----w- c:\documents and settings\All Users\Application Data\blg
2009-05-17 18:28 . 2009-05-17 18:28 -------- d-----w- c:\documents and settings\sandrine\Application Data\Namco
2009-05-17 18:28 . 2009-05-17 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Namco
2009-05-08 13:22 . 2009-05-08 13:22 0 ----a-w- c:\windows\popcreg.dat
2009-05-08 13:22 . 2009-05-08 13:22 0 ----a-w- c:\windows\popcinfot.dat
2009-05-07 15:33 . 2008-10-01 06:55 348672 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:34 . 2007-12-07 01:07 670720 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:34 . 2004-08-05 04:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 10:28 . 2008-03-22 22:33 94200 ----a-w- c:\windows\system32\perfc00C.dat
2009-04-23 10:28 . 2008-03-22 22:33 549984 ----a-w- c:\windows\system32\perfh00C.dat
2009-04-19 19:50 . 2008-10-01 06:55 1847296 ----a-w- c:\windows\system32\win32k.sys
2009-07-13 21:48 . 2008-09-17 07:38 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-08-22 1234160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2007-04-20 20480]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-07 102400]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 53248]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-13 138008]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"Boot"="c:\acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-05-28 342528]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2007-07-11 421888]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-10-17 858632]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-13 136600]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Acer ePresentation HPD"="c:\acer\Empowering Technology\ePresentation\ePresentation.exe" [2007-03-02 208896]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-28 16132608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\sandrine\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]
santa.bat [2009-7-5 178]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-9-11 45056]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-11-5 122880]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\sandrine\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [07/07/2009 19:28 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [07/07/2009 19:28 20560]
S2 AlerterALG;Avertissement AlerterALG;c:\windows\TEMP\ffdtfmslwh.exe service --> c:\windows\TEMP\ffdtfmslwh.exe service [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1F3A02A4-719E-81DD-0205-080506080303}]
c:\windows\system32\Winkernal.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mStart Page = hxxp://fr.fr.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: mappy.com
Trusted Zone: orange.fr
Trusted Zone: voila.fr\rw.search.ke
Trusted Zone: weborama.fr\orange
FF - ProfilePath - c:\documents and settings\sandrine\Application Data\Mozilla\Firefox\Profiles\odxea58n.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2330164&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2330164&SearchSource=2&q=
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-16 20:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1912)
c:\windows\system32\MSNCHATHOOK.DLL
c:\windows\system32\sysenv.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\MFC71U.DLL
c:\windows\system32\eappprxy.dll
c:\program files\Epson Software\Easy Photo Print\EPTBL.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Microsoft Office\Office10\msohev.dll
c:\program files\Fichiers communs\Nero\SMC\NeroDigitalExt.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\system32\igfxext.exe
c:\docume~1\sandrine\LOCALS~1\temp\RtkBtMnt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Fichiers communs\LightScribe\LSSrvc.exe
c:\program files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2009-07-16 20:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 18:27

Pre-Run: 37 462 732 800 octets libres
Post-Run: 37 336 145 920 octets libres

Current=4 Default=4 Failed=3 LastKnownGood=1 Sets=1,2,3,4
378 --- E O F --- 2009-07-15 12:08
0
Réponse 8 / 11
Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
16 juil. 2009 à 20:44
Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
- C:\Program Files\EsetOnlineScanner\log.txt
0
Réponse 9 / 11
WolfET Messages postés 7 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 16 juillet 2009
16 juil. 2009 à 20:46
Écoutez, tout est rentré dans l'ordre alors que je n'ai rien fais ....allez y comprendre quelque chose -_-'


Bon l'important c'est que ce soit réglé.

Merci :)
0
Réponse 10 / 11
Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
16 juil. 2009 à 20:49
tout est rentré dans l'ordre alors que je n'ai rien fais ....allez comprendre quelque chose -_-'

c'est pour rire ?
0
Réponse 11 / 11
WolfET Messages postés 7 Date d'inscription jeudi 16 juillet 2009 Statut Membre Dernière intervention 16 juillet 2009
16 juil. 2009 à 20:51
Non -_-' je comprend pas ce qui s'est passé...après avoir fait combofix berh mon ordinateur s'est reboot et voila tout est rentré dans l'ordre, j'ai plus qu'un lecteur, il marche correctement, il regrave et tout ...


Incompréhensible.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
MMS d'un numéro inconnu
Akiss72899 -
Akiss72899 -

4 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses