Sujet Précédent Sujet Suivant

Plusieurs chevaux de troie

Morano -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,

mon pc est rempli de virus je ne m'en sort plus, si quelqu'un peut me donner un coup de main, ce ne serait pas de refus...
A voir également:

41 réponses

Précédent
Réponse 21 / 41
MOrano
 
Oui mon anti virus "ESET Nod32"
0
Réponse 22 / 41
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ok, retélécharge ComboFix et refais cette manip' :
https://forums.commentcamarche.net/forum/affich-13791897-plusieurs-chevaux-de-troie#4
0
Réponse 23 / 41
Morano
 
ComboFix 09-08-22.06 - Administrateur 23/08/2009 20:09.4.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.563 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\vhhm.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ecqudbx

((((((((((((((((((((((((( Files Created from 2009-07-23 to 2009-08-23 )))))))))))))))))))))))))))))))
.

2009-08-23 17:50 . 2009-08-23 17:50 -------- d-----w- C:\_OTM
2009-08-21 19:40 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 19:40 . 2009-08-21 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 19:40 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 09:10 . 2009-08-23 17:59 -------- d-----w- c:\program files\trend micro
2009-08-09 09:10 . 2009-08-09 09:10 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-23 17:53 . 2004-08-03 23:15 625952 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-23 16:36 . 2008-12-06 00:40 -------- d-----w- c:\program files\Steam
2009-07-14 18:02 . 2007-05-29 17:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
2009-07-11 22:08 . 2007-06-19 18:29 -------- d-----w- c:\program files\eMule
2009-07-11 09:56 . 2008-08-23 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-11 09:50 . 2009-07-11 09:50 -------- d-----w- c:\program files\ESET
2009-07-11 09:46 . 2009-07-11 09:44 31146496 ----a-w- C:\anti virus en ce moment.msi
2009-07-03 15:27 . 2008-09-18 19:22 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
2007-04-10 01:33 . 2007-04-10 01:29 68128 --sha-w- c:\windows\fidbox.dat
2007-03-31 15:30 . 2007-03-31 15:30 5 --sha-w- c:\windows\system32\ecfadabe_s.dll
2007-03-06 20:42 . 2007-03-06 20:19 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2004-08-03 21:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2009-08-23 18:15 625952 BA1698486EEFDB1B88225DDB465C8F7B c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-28 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Barre d'‚tat systŠme d'ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoSMConfigurePrograms"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"DisableMyPicturesDirChange"= 0 (0x0)
"DisableMyMusicDirChange"= 0 (0x0)
"DisableFavoritesDirChange"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoFileUrl"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EPSON Stylus DX6000 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "c:\windows\TEMP\E_S93.tmp" /EF "HKLM"
"LogitechImageStudioTray"=c:\program files\Logitech\ImageStudio\LogiTray.exe
"LogitechGalleryRepair"=c:\program files\Logitech\ImageStudio\ISStart.exe
"LVCOMS"=c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
"ISUSPM Startup"=c:\progra~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task"="c:\windows\system32\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\drag0n83\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/05/2009 15:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15:47 731840]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [30/09/2006 21:49 220079]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\Office10\EXCEL.EXE/3000
TCP: {148C4B8C-B0BC-4C7C-84C4-DCA874A1C8F8} = 212.27.53.252,212.27.54.252
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b0rjt700.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-23 20:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5512)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-23 20:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-23 18:16
ComboFix2.txt 2009-08-09 09:33

Pre-Run: 10 940 456 960 octets libres
Post-Run: 10 845 814 784 octets libres

202
0
Réponse 24 / 41
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
--> Fais analyser ce fichier : c:\windows\sys­tem32\drivers\ntfs.sys

--> Sur VirusTotal et poste le lien de l'analyse.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 41
Morano
 
a-squared 4.5.0.24 2009.08.23 Virus.Win32.Protector!IK
AhnLab-V3 5.0.0.2 2009.08.23 -
AntiVir 7.9.1.3 2009.08.21 -
Antiy-AVL 2.0.3.7 2009.08.21 -
Authentium 5.1.2.4 2009.08.22 -
Avast 4.8.1335.0 2009.08.23 -
AVG 8.5.0.406 2009.08.23 -
BitDefender 7.2 2009.08.23 Rootkit.Kobcka.Patched.Gen
CAT-QuickHeal 10.00 2009.08.22 W32.Protector.C
ClamAV 0.94.1 2009.08.23 -
Comodo 2072 2009.08.23 -
DrWeb 5.0.0.12182 2009.08.23 BackDoor.Bulknet.404
eSafe 7.0.17.0 2009.08.23 -
eTrust-Vet 31.6.6694 2009.08.21 -
F-Prot 4.4.4.56 2009.08.22 -
F-Secure 8.0.14470.0 2009.08.23 Virus.Win32.Protector.c
Fortinet 3.120.0.0 2009.08.23 -
GData 19 2009.08.23 Rootkit.Kobcka.Patched.Gen
Ikarus T3.1.1.68.0 2009.08.23 Virus.Win32.Protector
Jiangmin 11.0.800 2009.08.23 -
K7AntiVirus 7.10.825 2009.08.22 -
Kaspersky 7.0.0.125 2009.08.23 Virus.Win32.Protector.c
McAfee 5718 2009.08.23 -
McAfee+Artemis 5718 2009.08.23 -
McAfee-GW-Edition 6.8.5 2009.08.23 -
Microsoft 1.4903 2009.08.23 Virus:Win32/Cutwail.G
NOD32 4361 2009.08.23 a variant of Win32/Kryptik.ABX
Norman 6.01.09 2009.08.21 -
nProtect 2009.1.8.0 2009.08.23 -
Panda 10.0.0.14 2009.08.23 -
PCTools 4.4.2.0 2009.08.23 -
Prevx 3.0 2009.08.23 -
Rising 21.43.50.00 2009.08.22 -
Sophos 4.44.0 2009.08.23 Troj/NTFSKit-B
Sunbelt 3.2.1858.2 2009.08.22 -
Symantec 1.4.4.12 2009.08.23 -
TheHacker 6.3.4.3.386 2009.08.22 -
TrendMicro 8.950.0.1094 2009.08.22 -
VBA32 3.12.10.9 2009.08.23 -
ViRobot 2009.8.22.1897 2009.08.22 -
VirusBuster 4.6.5.0 2009.08.23 -
Information additionnelle
File size: 625952 bytes
MD5...: ba1698486eefdb1b88225ddb465c8f7b
SHA1..: d34dcd2021a2b4951482818b9a2f73fb4e6bd3d7
SHA256: a0e9164ba7dfb43004a0ab9595a9fd949c4d41f9af1aeadff61e10070f91a07a
ssdeep: 12288:XmQOC9vxVLSXWX5MDE9PmqmfeYaIOHsYqBKPN0LM8hwEG9LNzNTG:XIWX5
EE9PmqUeYaIOMtM82EG9tNT
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.5%)
DOS Executable Generic (49.5%)
VXD Driver (0.7%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xdba
timedatestamp.....: 0x4a8d3a9e (Thu Aug 20 11:59:26 2009)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x220 0xc38 0xc40 5.84 921620a4de5111f92d05865c5bc57dc8
.data 0xe60 0x19 0x20 2.17 09023b0586a11b5dd790a88206791533
.reloc 0xe80 0x97ea0 0x97ea0 6.64 ea8eccec4a26f8e27e94f489bce27087

( 0 imports )

( 0 exports )
PDFiD.: -
RDS...: NSRL Reference Data Set
-
0
Réponse 26 / 41
Morano
 
également ceci en haut du rapport :

Fichier ntfs.sys reçu le 2009.08.23 18:38:07 (UTC)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE
Résultat: 11/41 (26.83%)
0
Réponse 27 / 41
Morano
 
Je doit malheureusement filer pour une semaine de boulot...
je reviens vendredi prochain
j'espère que tu va les avoirs !
bonne soirée à toi
0
Réponse 28 / 41
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
--> Télécharge le fichier suivant et déplace-le sur ComboFix :
http://www.microsoft.com/downloads/details.aspx?FamilyId=535D248D-5E10-49B5-B80C-0A0205368124&displaylang=fr
0
Réponse 29 / 41
Morano
 
Salut, j'ai téléchargé le fichier et l'ai fait glisser sur ComboFix, voici le LOG :

ComboFix 09-08-28.01 - Administrateur 28/08/2009 23:51.5.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1023.552 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
Command switches used :: c:\documents and settings\Administrateur\Mes documents\Téléchargements\WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntfs.sys

.
((((((((((((((((((((((((( Files Created from 2009-07-28 to 2009-08-28 )))))))))))))))))))))))))))))))
.

2009-08-23 17:50 . 2009-08-23 17:50 -------- d-----w- C:\_OTM
2009-08-21 19:40 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 19:40 . 2009-08-21 19:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 19:40 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-09 09:10 . 2009-08-23 17:59 -------- d-----w- c:\program files\trend micro
2009-08-09 09:10 . 2009-08-09 09:10 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-28 16:19 . 2006-09-26 14:05 94016 ----a-w- c:\windows\system32\drivers\agp440.sys
2009-08-23 16:36 . 2008-12-06 00:40 -------- d-----w- c:\program files\Steam
2009-07-14 18:02 . 2007-05-29 17:04 -------- d-----w- c:\documents and settings\Administrateur\Application Data\uTorrent
2009-07-11 22:08 . 2007-06-19 18:29 -------- d-----w- c:\program files\eMule
2009-07-11 09:56 . 2008-08-23 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-11 09:50 . 2009-07-11 09:50 -------- d-----w- c:\program files\ESET
2009-07-11 09:46 . 2009-07-11 09:44 31146496 ----a-w- C:\anti virus en ce moment.msi
2009-07-03 15:27 . 2008-09-18 19:22 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Winamp
2007-04-10 01:33 . 2007-04-10 01:29 68128 --sha-w- c:\windows\fidbox.dat
2007-03-31 15:30 . 2007-03-31 15:30 5 --sha-w- c:\windows\system32\ecfadabe_s.dll
2007-03-06 20:42 . 2007-03-06 20:19 4182 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-23_18.14.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-03 23:15 . 2004-08-03 21:15 574592 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-06-28 32768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-11-15 77824]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Barre d'‚tat systŠme d'ATI CATALYST.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2005-6-29 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoSMConfigurePrograms"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"DisableMyPicturesDirChange"= 0 (0x0)
"DisableMyMusicDirChange"= 0 (0x0)
"DisableFavoritesDirChange"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 1 (0x1)
"NoStrCmpLogical"= 1 (0x1)
"NoFileUrl"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"EPSON Stylus DX6000 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "c:\windows\TEMP\E_S93.tmp" /EF "HKLM"
"LogitechImageStudioTray"=c:\program files\Logitech\ImageStudio\LogiTray.exe
"LogitechGalleryRepair"=c:\program files\Logitech\ImageStudio\ISStart.exe
"LVCOMS"=c:\program files\Fichiers communs\Logitech\QCDriver3\LVCOMS.EXE
"ISUSPM Startup"=c:\progra~1\FICHIE~1\InstallShield\UpdateService\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
"QuickTime Task"="c:\windows\system32\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\drag0n83\\counter-strike\\hl.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14/05/2009 15:47 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14/05/2009 15:49 94360]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [14/05/2009 15:47 731840]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);c:\windows\system32\drivers\LV551AV.sys [30/09/2006 21:49 220079]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xporter vers Microsoft Excel - c:\progra~1\Microsoft Office\Office10\EXCEL.EXE/3000
TCP: {148C4B8C-B0BC-4C7C-84C4-DCA874A1C8F8} = 212.27.53.252,212.27.54.252
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\b0rjt700.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: nglayout.initialpaint.delay - 600
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-28 23:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3120)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\ati2evxx.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-28 23:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-28 21:58
ComboFix2.txt 2009-08-23 18:17
ComboFix3.txt 2009-08-09 09:33

Pre-Run: 10 834 898 944 octets libres
Post-Run: 10 783 862 784 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /fastdetect /NoExecute=OptIn

209
0
Réponse 30 / 41
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
--> Menu Démarrer > Exécuter > Tape combofix /u et valide.

--> Poste le rapport info situé dans C:\rsit.
0
Réponse 31 / 41
Morano
 
info.txt logfile of random's system information tool 1.06 2009-08-09 11:10:49

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACE Mega CoDecS Pack-->"C:\Program Files\ACE Mega CoDecS Pack\unins000.exe"
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASUS USB2.0 Webcam-->Rundll32.exe BisonRem.dll,WinMainRmv
ATI - Utilitaire de désinstallation du logiciel-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->MsiExec.exe /I{6539AC4E-1146-479C-9774-A8949B1ECEF3}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
Audacity 1.2.6-->"C:\Program Files\Audacity\unins000.exe"
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
CamStudio 2.0 Fr-->"C:\Program Files\CamStudio\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240
Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5}
Decal Converter-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5BB207D6-0E1E-11D5-9B6A-00C04F7EC248}\Setup.exe"
DVD and CD Cover Print-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\INSTALL.LOG
DVD Shrink 3.1.7-->"C:\Program Files\DVD Shrink\unins000.exe"
eMule-->"C:\Program Files\eMule\Uninstall.exe"
EPSON Attach To Email-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON File Manager-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E86BC406-944E-41F6-ADE6-2C136734C96B}\Setup.exe" -l0x40c UNINST
EPSON Logiciel imprimante-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
ESDX6000_CX5900 Guide util.-->C:\Program Files\EPSON\TPMANUAL\ESDX6000_CX5900\USE_G\DOCUNINS.EXE
Free iPod Video Converter 1.34-->"C:\Program Files\Free iPod Video Converter\unins000.exe"
GrabPro - Toolbar-->regsvr32 /u /s "C:\Program Files\Orbitdownloader\GrabPro.dll"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}
Java 2 Runtime Environment, SE v1.4.2_05-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142050}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Logitech ImageStudio-->MsiExec.exe /I{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}
Logitech Print Service-->C:\PROGRA~1\Logitech\Print Service\UNWISE.EXE C:\PROGRA~1\Logitech\Print Service\INSTALL.LOG
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional avec FrontPage-->MsiExec.exe /I{9028040C-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.5-->MsiExec.exe /I{BAFD3C1E-03EC-11DA-BFBD-00065BBDC0B5}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MUSK Codec Pack v6.0-->"C:\Program Files\MUSK Codec Pack v6\unins000.exe"
Nero 6 Demo-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvunrm.exe UninstallGUI
Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
PIF DESIGNER-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B90450DF-E781-46FD-B1F1-0C86DA40E443}\SETUP.EXE" -l0x40c anything
QuickTime-->MsiExec.exe /I{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}
Real Alternative 1.7.5-->"C:\Program Files\Real Alternative\unins000.exe"
RealPlayer 7 Basic-->C:\Program Files\Fichiers communs\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\Professional\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c
Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"
Samsung USB Driver (MCCI 4.24)-->C:\Program Files\Fichiers communs\InstallShield\Driver\8\Intel 32\IDriver.exe /M{77F09242-A107-4CB6-A295-D8656C2C3795}
SamsungMediaStudio-->RunDll32 C:\PROGRA~1\FICHIE~1\InstallShield\engine\6\Intel 32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{289CA3B4-9525-4B31-B58F-D76B2B52EA5A}\Setup.exe" -l0x40c
Skype™ 3.2-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam-->C:\PROGRA~1\Steam\UNWISE.EXE C:\PROGRA~1\Steam\INSTALL.LOG
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
THE Rename 2.1.6-->"C:\Program Files\THE Rename\unins000.exe"
VideoLAN VLC media player 0.8.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
WinAce Archiver-->"C:\Program Files\WinAce\SXUNINST.EXE" "C:\Program Files\WinAce\SXUNINST.INI"
Winamax Poker (remove only)-->"C:\Program Files\WinamaxPoker\uninst.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live Messenger-->MsiExec.exe /I{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"

======Security center information======

AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: DRAGON
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service de l'iPod.

Record Number: 102595
Source Name: Service Control Manager
Time Written: 20090609092026.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: DRAGON
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Service COM de gravage de CD IMAPI.

Record Number: 102594
Source Name: Service Control Manager
Time Written: 20090609092026.000000+120
Event Type: Informations
User: AUTORITE NT\SYSTEM

Computer Name: DRAGON
Event Code: 7036
Message: Le service Gestionnaire de connexions d'accès distant est entré dans l'état : en cours d'exécution.

Record Number: 102593
Source Name: Service Control Manager
Time Written: 20090609092025.000000+120
Event Type: Informations
User:

Computer Name: DRAGON
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Gestionnaire de connexions d'accès distant.

Record Number: 102592
Source Name: Service Control Manager
Time Written: 20090609092024.000000+120
Event Type: Informations
User: DRAGON\Administrateur

Computer Name: DRAGON
Event Code: 7036
Message: Le service Téléphonie est entré dans l'état : en cours d'exécution.

Record Number: 102591
Source Name: Service Control Manager
Time Written: 20090609092024.000000+120
Event Type: Informations
User:

=====Application event log=====

Computer Name: DRAGON
Event Code: 101
Message: msnmsgr (3664) Le moteur de base de données est arrêté.

Record Number: 1759
Source Name: ESENT
Time Written: 20090216121721.000000+060
Event Type: Informations
User:

Computer Name: DRAGON
Event Code: 103
Message: msnmsgr (3664) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\dragon_-_noir@hotmail.com\SharingMetadata\Working\database_CA88_66BF_8866_A9A1\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 1758
Source Name: ESENT
Time Written: 20090216121721.000000+060
Event Type: Informations
User:

Computer Name: DRAGON
Event Code: 101
Message: msnmsgr (1892) Le moteur de base de données est arrêté.

Record Number: 1757
Source Name: ESENT
Time Written: 20090216110601.000000+060
Event Type: Informations
User:

Computer Name: DRAGON
Event Code: 103
Message: msnmsgr (1892) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\michael_arene@hotmail.com\SharingMetadata\Working\database_CA88_66BF_8866_A9A1\dfsr.db: Le moteur de base de données a arrêté une instance (0).

Record Number: 1756
Source Name: ESENT
Time Written: 20090216110601.000000+060
Event Type: Informations
User:

Computer Name: DRAGON
Event Code: 102
Message: msnmsgr (1892) \\.\C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Messenger\michael_arene@hotmail.com\SharingMetadata\Working\database_CA88_66BF_8866_A9A1\dfsr.db: Le moteur de base de données a démarré une nouvelle instance (0).

Record Number: 1755
Source Name: ESENT
Time Written: 20090216110556.000000+060
Event Type: Informations
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 39 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=2701
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"DEVMGR_SHOW_DETAILS"=1
"DEVMGR_SHOW_NONPRESENT_DEVICES"=0
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------
0
Réponse 32 / 41
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
--> Désinstalle Java 2 Runtime Environment, SE v1.4.2_05 et Java SE Runtime Environment 6 Update 1.

--> Mets à jour Java.

--> Mets à jour Adobe Reader.

--> Mets à jour Internet Explorer.

--> Refais un scan RSIT et poste le rapport log.
0
Réponse 33 / 41
Morano
 
J'ai fait ce que j'ai pu impossible de désinstaller j2re1.4.2_05 et un soucis d'installation de la mise à jour IE
sur le bureau nouvel icone : "Internet Explorer - résolution de problèmes"
quand je clique dessus il se passe rien de spécial, juste une page IE qui s'ouvre
rapport RIST :

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrateur at 2009-08-29 21:22:41
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 10 GB (13%) free of 80 GB
Total RAM: 1023 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22, on 29/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\RSIT.exe
C:\Program Files\trend micro\Administrateur.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - Global Startup: Barre d'état système d'ATI CATALYST.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{148C4B8C-B0BC-4C7C-84C4-DCA874A1C8F8}: NameServer = 212.27.53.252,212.27.54.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{148C4B8C-B0BC-4C7C-84C4-DCA874A1C8F8}: NameServer = 212.27.53.252,212.27.54.252
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
0
Réponse 34 / 41
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
http://download.microsoft.com/...
0
Réponse 35 / 41
Morano
 
C'est bon j'ai réussi la mise à jour d'IE
Suis-je arrivé à la fin de mon cauchemar maître ?
0
Réponse 36 / 41
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Plus de souci ?
0
Réponse 37 / 41
Morano
 
Et bien je dirais que non, je n'ai plus les msg de mon antivirus en tout cas, je vais faire un scan pour confirmer
et je te remercie mille fois de ton aide
0
Réponse 38 / 41
Morano
 
Tout est clean c'est super !
J'en profite puisque je parle à un boss de l'informatique...
Que conseil tu comme antivirus gratuit et quel logiciel de nettoyage ?
Par exemple moi j'ai "ccleaner" bon pas bon ?
0
Réponse 39 / 41
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
1/

---> Désinstalle HijackThis.

---> Télécharge ToolsCleaner2 sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe pour le lancer.
* Clique sur Recherche et laisse le scan agir.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options Facultatives.
* Clique sur Quitter pour obtenir le rapport.
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

2/

---> Télécharge et installe CCleaner Slim.
* Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
* Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.

3/

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.

==Prévention==

Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.

Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).

Par rapport au P2P : Lien

Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien

Sois plus vigilant(e) sur Internet ;)
0
Réponse 40 / 41
Morano
 
[ Rapport ToolsCleaner version 2.3.10 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\Program Files\trend micro\HijackThis.exe: trouvé !
C:\Program Files\trend micro\hijackthis.log: trouvé !
C:\WINDOWS\msnfix.txt: trouvé !

---------------------------------
--> Suppression:

C:\Program Files\trend micro\HijackThis.exe: supprimé !
C:\Program Files\trend micro\hijackthis.log: supprimé !
C:\WINDOWS\msnfix.txt: supprimé !

Fichiers temporaires nettoyés !
Corbeille vidée!

Et du coup je supprime mon "ccleaner" normal puisque j'ai la version slim ?
0

Discussions similaires

jeux de chevaux virtuel gratuit 3d en ligne
x-doudou-x -
luka -

50 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses
virus: comment supprimer ccxprocess (virus cheval de troie)
grrlesang -
bazfile -

1 réponse
comment se debarasser d un cheval de troie
jennyfer1 -
MrMaDGaME -

66 réponses
Troie Le film
keurdange -
keurdange -

3 réponses