Sujet Précédent Sujet Suivant

Problème avec Internet Explorer / Virus

M4C -  
 Utilisateur anonyme -
Bonjour,
J'ai depuis quelques jours un problème avec Internet Explorer et Windows Live Messenger. Ja n'arrive pas a utiliser Internet explorer et Windows live messenger sur ma session, alors que je peux les utiliser correctement sur les autres sessions. J'ai fais une petite recherche sur google et je suis arrivé a la conclusion que j'avais des virus sur ma session qui bloquaient Internet explorer. J'ai pourtant fais plusieurs scan Malawares byte anti malware, Avira AntiVir et Sybot S&D et ils ne trouvent rien.

J'ai donc fait un rapport hijackthis mais je n'arrive pas a l'analyser (je suis plutot nul en informatique),
le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:24 PM, on 22/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 91.121.94.146 l2authd.lineage2.com
O1 - Hosts: 91.121.94.146 nProtect.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {17F35B1A-20BC-4A87-B471-75F0BA70682E} - (no file)
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9FD0F59E-548E-4C43-BDE0-28B216EB637D} - (no file)
O2 - BHO: (no name) - {ee689868-e0e5-4b0c-a97c-53e3361af9b8} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1229272821-1897051121-725345543-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Autres')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Alexandre\Local Settings\Temp\{A289D311-85E8-4EF5-A760-EE87825535D6}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Cape Typhoon Registration.lnk = C:\Documents and Settings\Alexandre\Local Settings\Temp\{44B4C19A-0899-4C2E-B4C0-3E643AE64C80}\{EA926717-CE5A-4CB4-AB21-9E6E9565A458}\ATR1.exe
O4 - Startup: RollerCoaster Tycoon 3_ Wild Registration.lnk = C:\Documents and Settings\Alexandre\Local Settings\Temp\{6512719E-B260-4A4D-8D07-8839EECB6A8B}\{45653847-497F-47BB-A878-46FBDE34A3E0}\ATR1.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - https://www.fileplanet.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayWMEWO - yayWMEWO.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HDD & SSD access service - Unknown owner - C:\Program Files\Common Files\BinarySense\disksvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallDriver Table Manager IDriverTEventSystem (IDriverTEventSystem) - Unknown owner - C:\WINDOWS\system32\1028d.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
A voir également:

19 réponses

Réponse 1 / 19
Utilisateur anonyme
 
salut :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

▶Poste le contenu du rapport qui s'ouvre

0
Réponse 2 / 19
Utilisateur anonyme
 
bonsoir,
je te conseille de reformater ton pc si tu veu l utiliser correctement.
0
Réponse 3 / 19
Utilisateur anonyme
 
n'importe quoi !
0
Réponse 4 / 19
Utilisateur anonyme
 
Mais si car si il a un virus son pc sera toujours affécter
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Utilisateur anonyme
 
n'importe quoi !
0
Réponse 6 / 19
M4C
 
Merci pour ton aide Gen-Hackman =)
Voici le rapport List & Kill'em

List'em by g3n-h@ckm@n 1.0.5.5

Thx to Chiquitine29.....

User : Alexandre (Administrators) # ALEXANDRE
Update on 21/11/2009 by g3n-h@ckm@n ::::: 20:13
Start at: 1:15:43 PM | 22/11/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) D CPU 3.00GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : AVG 7.5.560 7.5.560 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

C:\ -> Local Fixed Disk | 149 Go (53.37 Go free) | NTFS
D:\ -> CD-ROM Disc

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

C:\WINDOWS\System32\smss.exe 668
C:\WINDOWS\system32\csrss.exe 892
C:\WINDOWS\system32\winlogon.exe 924
C:\WINDOWS\system32\services.exe 968
C:\WINDOWS\system32\lsass.exe 980
C:\WINDOWS\system32\Ati2evxx.exe 1184
C:\WINDOWS\system32\svchost.exe 1200
C:\WINDOWS\system32\svchost.exe 1300
C:\WINDOWS\System32\svchost.exe 1340
C:\WINDOWS\system32\svchost.exe 1476
C:\WINDOWS\system32\svchost.exe 1528
C:\WINDOWS\system32\spoolsv.exe 1848
C:\Program Files\Avira\AntiVir Desktop\sched.exe 1900
C:\WINDOWS\system32\svchost.exe 1936
C:\Program Files\Avira\AntiVir Desktop\avguard.exe 1996
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2008
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe 168
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe 240
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe 280
C:\Program Files\Bonjour\mDNSResponder.exe 300
C:\WINDOWS\System32\svchost.exe 340
C:\WINDOWS\eHome\ehRecvr.exe 552
C:\WINDOWS\eHome\ehSched.exe 568
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 792
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE 1396
C:\WINDOWS\system32\PnkBstrA.exe 1492
C:\WINDOWS\system32\svchost.exe 1680
C:\WINDOWS\system32\svchost.exe 1712
C:\WINDOWS\system32\Tablet.exe 348
C:\WINDOWS\ehome\mcrdsvc.exe 508
C:\WINDOWS\system32\dllhost.exe 2228
C:\WINDOWS\System32\alg.exe 2340
C:\WINDOWS\Explorer.EXE 2980
C:\WINDOWS\system32\WTablet\TabUserW.exe 3012
C:\WINDOWS\system32\Tablet.exe 3052
C:\WINDOWS\stsystra.exe 3532
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE 3592
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 3600
C:\WINDOWS\ehome\ehtray.exe 3624
C:\Program Files\Dell\Media Experience\DMXLauncher.exe 3640
C:\WINDOWS\System32\DLA\DLACTRLW.EXE 3652
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe 3704
C:\WINDOWS\eHome\ehmsas.exe 3720
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe 3740
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 3760
C:\Program Files\QuickTime\QTTask.exe 3832
C:\Program Files\iTunes\iTunesHelper.exe 3864
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 3896
C:\WINDOWS\system32\ctfmon.exe 3912
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe 4072
C:\Program Files\iPod\bin\iPodService.exe 2120
C:\WINDOWS\System32\svchost.exe 3980
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe 2240
C:\Program Files\iTunes\iTunes.exe 3584
C:\Program Files\Windows Live\Messenger\msnmsgr.exe 3248
C:\Program Files\Windows Live\Contacts\wlcomm.exe 868
C:\WINDOWS\system32\csrss.exe 748
C:\WINDOWS\system32\winlogon.exe 1500
C:\WINDOWS\system32\WTablet\TabUserW.exe 2928
C:\WINDOWS\system32\Tablet.exe 3444
C:\WINDOWS\Explorer.EXE 728
C:\WINDOWS\stsystra.exe 1760
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE 3044
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 3184
C:\WINDOWS\ehome\ehtray.exe 1456
C:\Program Files\Dell\Media Experience\DMXLauncher.exe 2532
C:\WINDOWS\System32\DLA\DLACTRLW.EXE 3376
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe 1292
C:\WINDOWS\eHome\ehmsas.exe 844
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe 3692
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe 1324
C:\Program Files\QuickTime\QTTask.exe 3388
C:\Program Files\iTunes\iTunesHelper.exe 4004
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 2092
C:\WINDOWS\system32\ctfmon.exe 2716
C:\Program Files\Messenger\msmsgs.exe 2880
C:\Program Files\Internet Explorer\iexplore.exe 4680
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe 5268
C:\WINDOWS\system32\NOTEPAD.EXE 5120
C:\WINDOWS\system32\wbem\wmiprvse.exe 1140
C:\WINDOWS\system32\wuauclt.exe 5816
C:\Documents and Settings\Alexandre\Desktop\List_Killem\List_Kill'em.exe 1296
C:\WINDOWS\system32\cmd.exe 5644
C:\Documents and Settings\Alexandre\Local Settings\Temp\B.tmp\pv.exe 4896

======================
Cles de demarrage "Run"
======================

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
Skype REG_SZ "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SigmatelSysTrayApp REG_SZ stsystra.exe
LVCOMS REG_SZ C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
ISUSScheduler REG_SZ "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
ehTray REG_SZ C:\WINDOWS\ehome\ehtray.exe
DMXLauncher REG_SZ C:\Program Files\Dell\Media Experience\DMXLauncher.exe
DLA REG_SZ C:\WINDOWS\System32\DLA\DLACTRLW.EXE
AVG7_CC REG_SZ C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
Malwarebytes' Anti-Malware REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Malwarebytes Anti-Malware (reboot) REG_SZ "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
ISUSPM Startup REG_SZ c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
cles additionnelles
=====================

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
InstallVisualStyle REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme REG_EXPAND_SZ C:\WINDOWS\Resources\Themes\Royale.theme
===============
===============
BHO :
======

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17F35B1A-20BC-4A87-B471-75F0BA70682E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1FD79A59-37B1-459B-9097-09F9FAB8A523}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FD0F59E-548E-4C43-BDE0-28B216EB637D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee689868-e0e5-4b0c-a97c-53e3361af9b8}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x2
SharedAccess : 0x2
wuauserv : 0x2
=========

=========================
Environnement variables :
=========================

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Alexandre\Application Data
choix=1
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ALEXANDRE
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Alexandre
LOGONSERVER=\\ALEXANDRE
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\Common Files\GTK\2.0;C:\Program Files\Autodesk\Maya8.5\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\GTK\2.0\bin;C:\Program Files\Common Files\Adobe\AGL;;C:\Program Files\Smart Projects\IsoBuster
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0604
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SonicCentral=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp
USERDOMAIN=ALEXANDRE
USERNAME=Alexandre
USERPROFILE=C:\Documents and Settings\Alexandre
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
C:\WINDOWS\jautoexp.dat
C:\WINDOWS\kb913800.exe
C:\WINDOWS\System32\ACTSKN43.ocx
C:\WINDOWS\System32\drivers\etc\hosts.msn
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\System32\SET136.tmp
C:\WINDOWS\System32\SET138.tmp
C:\WINDOWS\System32\SET144.tmp
C:\WINDOWS\System32\SETE7.tmp
C:\WINDOWS\System32\SETE8.tmp
C:\WINDOWS\system32\WanPacket.dll
C:\WINDOWS\system32\wpcap.dll

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NPF
HKLM\SYSTEM\ControlSet001\Services\npf
HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_NPF
HKLM\SYSTEM\ControlSet003\Services\npf
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NPF
HKLM\SYSTEM\CurrentControlSet\Services\npf

=====================
Verification Rootkits
=====================

¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

ADOBECOLLABSYNC.EXE-26E90E96.pf
AGENT.EXE-10B4BAEA.pf
AVCENTER.EXE-1A970FA0.pf
AVCONFIG.EXE-1ECA67AD.pf
AVGCC.EXE-062F63C6.pf
AVGINET.EXE-035BBB37.pf
AVGNT.EXE-200FEF40.pf
AVGW.EXE-2A7BF89D.pf
AVSCAN.EXE-07FC469C.pf
AVWSC.EXE-0283F9DD.pf
CLI.EXE-20D5A08B.pf
CMD.EXE-087B4001.pf
CONTROL.EXE-013DBFB5.pf
CSCRIPT.EXE-1C26180C.pf
CSRSS.EXE-12B63473.pf
CTFMON.EXE-0E17969B.pf
DEFRAG.EXE-273F131E.pf
DFRGNTFS.EXE-269967DF.pf
DLACTRLW.EXE-1A171366.pf
DMXLAUNCHER.EXE-080BE084.pf
EASYCLEA.EXE-1E6767AE.pf
EHREC.EXE-3B4F59C8.pf
EHTRAY.EXE-02EFC9BD.pf
EXPLORER.EXE-082F38A9.pf
FLASHUTIL10A.EXE-38EDA378.pf
HIJACKTHIS.EXE-34A0FC79.pf
HIJACKTHIS_HIJACKTHIS_2.02_AN-1194BA9A.pf
IEXPLORE.EXE-27122324.pf
IMAPI.EXE-0BF740A4.pf
IPCONFIG.EXE-2395F30B.pf
IPODSERVICE.EXE-3192DE38.pf
ISSCH.EXE-3ACEF8DC.pf
ISUSPM.EXE-09573F0F.pf
ITUNES.EXE-1A268432.pf
ITUNESHELPER.EXE-15823303.pf
Layout.ini
LIST_KILL'EM.EXE-002DEA65.pf
LOGONUI.EXE-0AF22957.pf
LVCOMS.EXE-2DC18031.pf
MBAM.EXE-0BEE0439.pf
MBAMGUI.EXE-1286D63B.pf
MODE.COM-31685BAE.pf
MSCONFIG.EXE-35E4DAE9.pf
MSNMSGR.EXE-030AB647.pf
NOTEPAD.EXE-336351A9.pf
NTOSBOOT-B00DFAAD.pf
PV.EXE-00E3DE7E.pf
QTTASK.EXE-342507FB.pf
READER_SL.EXE-1A438403.pf
REG.EXE-155AC972.pf
REGCLEANR.EXE-0851E407.pf
REGEDIT.EXE-1B606482.pf
REGSVR32.EXE-25EEFE2F.pf
RSVP.EXE-04E70CF3.pf
RUNDLL32.EXE-136B51B3.pf
RUNDLL32.EXE-1831A4F3.pf
RUNDLL32.EXE-1BC69D2D.pf
RUNDLL32.EXE-2341BBC5.pf
RUNDLL32.EXE-260B06D0.pf
RUNDLL32.EXE-311943EE.pf
RUNDLL32.EXE-34A7EF8A.pf
RUNDLL32.EXE-4451D788.pf
RUNDLL32.EXE-478066E2.pf
RUNDLL32.EXE-4AC0E713.pf
SKYPE.EXE-30AE1A60.pf
SKYPEPM.EXE-2BC7DD5C.pf
SNDVOL32.EXE-383480B7.pf
TABLET.EXE-2796F880.pf
TABUSERW.EXE-0585BB69.pf
TASKMGR.EXE-20256C55.pf
TEATIMER.EXE-1F57E47A.pf
UPDATE.EXE-2577D203.pf
USERINIT.EXE-30B18140.pf
VERCLSID.EXE-3667BD89.pf
WGATRAY.EXE-0ED38BED.pf
WINLOGON.EXE-32C57D49.pf
WINRAR.EXE-39C6DAD9.pf
WMIAPSRV.EXE-1E2270A5.pf
WMIPRVSE.EXE-28F301A9.pf
WORDPAD.EXE-24533991.pf
WSCNTFY.EXE-1B24F5EB.pf
WUAUCLT.EXE-399A8E72.pf
XPNETDIAG.EXE-1275668B.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 7 / 19
Utilisateur anonyme
 
REDEMARRE EN MODE SANS ECHEC , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil.

en fin de scan un rapport s'ouvre , ferme-le puis redemarre

▶ colle le contenu dans ta reponse apres avoir redemarré en mode normal :

C:\Kill'em.txt
0
Réponse 8 / 19
M4C
 
Merci encore ! =)
Voila le rapport :

Kill'em by g3n-h@ckm@n 1.0.5.5

User : Alexandre () # ALEXANDRE
Update on 21/11/2009 by g3n-h@ckm@n ::::: 20:13
Start at: 1:31:29 PM | 22/11/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Pentium(R) D CPU 3.00GHz
Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.11
Windows Firewall Status : Enabled
AV : AVG 7.5.560 7.5.560 [ (!) Disabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

C:\ -> Local Fixed Disk | 149 Go (53.44 Go free) | NTFS
D:\ -> CD-ROM Disc

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

C:\WINDOWS\System32\smss.exe 204
C:\WINDOWS\system32\csrss.exe 252
C:\WINDOWS\system32\winlogon.exe 276
C:\WINDOWS\system32\services.exe 320
C:\WINDOWS\system32\lsass.exe 332
C:\WINDOWS\system32\svchost.exe 492
C:\WINDOWS\system32\svchost.exe 536
C:\WINDOWS\system32\svchost.exe 612
C:\WINDOWS\Explorer.EXE 856
C:\Documents and Settings\Alexandre\Desktop\List_Killem\List_Kill'em.exe 1008
C:\WINDOWS\system32\cmd.exe 1020
C:\WINDOWS\system32\wbem\wmiprvse.exe 1064
C:\Documents and Settings\Alexandre\Local Settings\Temp\1.tmp\pv.exe 1164

Fichiers analysés :
=================

¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
"C:\WINDOWS\jautoexp.dat"
"C:\WINDOWS\kb913800.exe"
"C:\WINDOWS\System32\ACTSKN43.ocx"
"C:\WINDOWS\System32\drivers\etc\hosts.msn"
"C:\WINDOWS\system32\drivers\npf.sys"
"C:\WINDOWS\system32\Packet.dll"
"C:\WINDOWS\system32\pthreadVC.dll"
C:\WINDOWS\System32\SET136.tmp
C:\WINDOWS\System32\SET138.tmp
C:\WINDOWS\System32\SET144.tmp
C:\WINDOWS\System32\SETE7.tmp
C:\WINDOWS\System32\SETE8.tmp
"C:\WINDOWS\system32\WanPacket.dll"
"C:\WINDOWS\system32\wpcap.dll"

¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

Quarantaine :

actskn43.ocx.Kill'em
hosts.msn.Kill'em
jautoexp.dat.Kill'em
kb913800.exe.Kill'em
npf.sys.Kill'em
Packet.dll.Kill'em
pthreadVC.dll.Kill'em
QTSBandwidthCache.Kill'em
SET136.tmp.Kill'em
SET138.tmp.Kill'em
SET144.tmp.Kill'em
SETE7.tmp.Kill'em
SETE8.tmp.Kill'em
WanPacket.dll.Kill'em
wpcap.dll.Kill'em

====================
Fichiers hosts nettoyés
====================
¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch

Layout.ini
NTOSBOOT-B00DFAAD.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 9 / 19
Utilisateur anonyme
 

/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe"

_______________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
======================================================

▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

>> Reviens sur le forum, et

▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

0
Réponse 10 / 19
M4C
 
Ca a marché !! Mon internet marche maintenant sur ma session ! =)
Merci Gen Hackman ;)

Mais bon, au cas ou il y aurait une autre etape, voici le rapport :

ComboFix 09-11-21.03 - Alexandre 22/11/2009 14:19.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2046.1447 [GMT -5:00]
Running from: c:\documents and settings\Alexandre\Desktop\Alexandre.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG 7.5.560 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alexandre\Local Settings\Application Data\yuprdx
c:\documents and settings\Alexandre\Local Settings\Application Data\yuprdx\dsbrsysguard.exe
c:\program files\INSTALL.LOG
c:\windows\system32\1546396633.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IDRIVERTEVENTSYSTEM
-------\Legacy_NPF
-------\Service_IDriverTEventSystem
-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-22 18:31 . 2009-11-22 18:32 -------- d-----w- C:\Kill'em
2009-11-22 17:52 . 2009-11-22 17:52 -------- d-----w- c:\program files\Trend Micro
2009-11-22 17:43 . 2009-11-22 17:43 -------- d-----w- c:\documents and settings\Autres\Application Data\Malwarebytes
2009-11-22 04:15 . 2009-08-29 07:36 78336 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-11-22 04:15 . 2009-08-29 07:36 78336 ------w- c:\windows\system32\ieencode.dll
2009-11-12 01:07 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-12 01:07 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-12 01:07 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-12 01:07 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 19:30 . 2008-02-16 02:58 -------- d-----w- c:\documents and settings\Alexandre\Application Data\Skype
2009-11-22 19:26 . 2007-12-25 16:59 -------- d-----w- c:\documents and settings\Alexandre\Application Data\WTablet
2009-11-22 19:26 . 2007-12-26 17:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2009-11-22 19:05 . 2008-04-18 20:10 -------- d-----w- c:\documents and settings\Autres\Application Data\WTablet
2009-11-22 18:44 . 2006-12-30 00:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-22 17:44 . 2008-08-27 16:14 -------- d-----w- c:\documents and settings\Autres\Application Data\AVG7
2009-11-22 16:06 . 2008-05-17 18:30 -------- d-----w- c:\documents and settings\Alexandre\Application Data\AVG7
2009-11-22 16:06 . 2007-12-16 18:47 -------- d-----w- c:\documents and settings\Alexandre\Application Data\skypePM
2009-11-22 04:50 . 2009-02-07 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-21 00:10 . 2009-07-22 03:50 -------- d-----w- c:\program files\green peach V2
2009-11-19 21:08 . 2007-01-07 22:48 -------- d-----w- c:\program files\FlashGet
2009-11-19 01:59 . 2008-05-21 21:15 -------- d-----w- c:\documents and settings\Alexandre\Application Data\uTorrent
2009-11-12 01:07 . 2007-01-03 00:35 -------- d-----w- c:\documents and settings\Alexandre\Application Data\Apple Computer
2009-11-12 01:07 . 2009-06-20 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-09 20:14 . 2009-02-07 17:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-03 02:40 . 2007-09-23 22:17 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-13 03:04 . 2009-10-13 03:04 -------- d-----w- c:\program files\Dragon UnPACKer 5
2009-10-08 23:20 . 2008-01-12 05:29 -------- d-----w- c:\program files\WarRock
2009-09-16 01:25 . 2006-12-29 20:50 46512 ----a-w- c:\documents and settings\Alexandre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 17:00 . 2009-05-20 01:52 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 21:35 . 2008-12-11 20:41 45928 ----a-w- c:\documents and settings\Autres\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 18:54 . 2009-02-09 15:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-02-09 15:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2006-04-09 13:00 . 2007-07-04 02:10 102400 ----a-w- c:\program files\GRF.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-05-17 219136]

c:\documents and settings\Alexandre\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Documents and Settings\\Alexandre\\Desktop\\eAthena_Stable_9640\\map-server.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6900:TCP"= 6900:TCP:ragnarok
"5121:TCP"= 5121:TCP:ragnarok
"6121:TCP"= 6121:TCP:ragnarok

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/05/2008 8:47 AM 717296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/05/2009 3:44 PM 108289]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/02/2009 10:10 AM 269648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/02/2009 10:10 AM 19160]
S0 goexholf;goexholf;c:\windows\system32\drivers\nnzkjlge.sys --> c:\windows\system32\drivers\nnzkjlge.sys [?]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-22 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Alexandre.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-09 18:53]

2009-11-22 c:\windows\Tasks\Malwarebytes' Scheduled Update for Alexandre.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-09 18:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

BHO-{17F35B1A-20BC-4A87-B471-75F0BA70682E} - (no file)
BHO-{1FD79A59-37B1-459B-9097-09F9FAB8A523} - (no file)
BHO-{9FD0F59E-548E-4C43-BDE0-28B216EB637D} - (no file)
BHO-{ee689868-e0e5-4b0c-a97c-53e3361af9b8} - (no file)
Notify-yayWMEWO - yayWMEWO.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 14:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spuk.sys hal.dll >>UNKNOWN [0x8A6DB938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\iaStor -> iaStor.sys @ 0xba58c5d0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

iaStor.sys @ 0x0 0x0 bytes

\Driver\iaStor [ IRP_MJ_CREATE ] 0x4FC2 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_CLOSE ] 0x4FC2 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_DEVICE_CONTROL ] 0x8CB6 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x8F78 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_POWER ] 0xDD12 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_SYSTEM_CONTROL ] 0xDE72 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor IRP hooks detected !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(360)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\Tablet.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-11-22 14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-22 19:35

Pre-Run: 57,151,668,224 bytes free
Post-Run: 57,136,971,776 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - B56F1A7ED842B6277BFBC97C7FFE0CC5
0
Réponse 11 / 19
Utilisateur anonyme
 
tu connnais ca : ragnarok ?

ensuite :


__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
File::
c:\program files\GRF.dll
c:\documents and settings\Alexandre\Start Menu\Programs\Startup\Adobe Gamma.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
c:\windows\system32\drivers\nnzkjlge.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"iTunesHelper"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"=-

Service::
goexholf
------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix)

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt

0
Réponse 12 / 19
M4C
 
Ouais je connais Ragnarok Online :)
J'imagine que tu vois tout mes programmes dans les logs ? x) On peut rien cacher a un informaticien ! =P

Alors voila j'ai effectuer le scan mais je ne suis pas sur que ca a marcher correctement (le scan s'est dérouler de la meme facon que le precedent meme si j'ai glisser le fichier texte sur ComboFix)...

Bref, voila le rapport :

ComboFix 09-11-21.03 - Alexandre 22/11/2009 15:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2046.1555 [GMT -5:00]
Running from: c:\documents and settings\Alexandre\Desktop\Alexandre.exe
Command switches used :: c:\documents and settings\Alexandre\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG 7.5.560 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}

FILE ::
"c:\documents and settings\Alexandre\Start Menu\Programs\Startup\Adobe Gamma.lnk"
"c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk"
"c:\program files\GRF.dll"
"c:\windows\system32\drivers\nnzkjlge.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Alexandre\Start Menu\Programs\Startup\Adobe Gamma.lnk
c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
c:\program files\GRF.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-22 18:31 . 2009-11-22 18:32 -------- d-----w- C:\Kill'em
2009-11-22 17:52 . 2009-11-22 17:52 -------- d-----w- c:\program files\Trend Micro
2009-11-22 17:43 . 2009-11-22 17:43 -------- d-----w- c:\documents and settings\Autres\Application Data\Malwarebytes
2009-11-22 04:15 . 2009-08-29 07:36 78336 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-11-22 04:15 . 2009-08-29 07:36 78336 ------w- c:\windows\system32\ieencode.dll
2009-11-12 01:07 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-12 01:07 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-12 01:07 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-12 01:07 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 20:10 . 2007-12-25 16:59 -------- d-----w- c:\documents and settings\Alexandre\Application Data\WTablet
2009-11-22 19:36 . 2008-02-16 02:58 -------- d-----w- c:\documents and settings\Alexandre\Application Data\Skype
2009-11-22 19:26 . 2007-12-26 17:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2009-11-22 19:05 . 2008-04-18 20:10 -------- d-----w- c:\documents and settings\Autres\Application Data\WTablet
2009-11-22 18:44 . 2006-12-30 00:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-22 17:44 . 2008-08-27 16:14 -------- d-----w- c:\documents and settings\Autres\Application Data\AVG7
2009-11-22 16:06 . 2008-05-17 18:30 -------- d-----w- c:\documents and settings\Alexandre\Application Data\AVG7
2009-11-22 16:06 . 2007-12-16 18:47 -------- d-----w- c:\documents and settings\Alexandre\Application Data\skypePM
2009-11-22 04:50 . 2009-02-07 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-21 00:10 . 2009-07-22 03:50 -------- d-----w- c:\program files\green peach V2
2009-11-19 21:08 . 2007-01-07 22:48 -------- d-----w- c:\program files\FlashGet
2009-11-19 01:59 . 2008-05-21 21:15 -------- d-----w- c:\documents and settings\Alexandre\Application Data\uTorrent
2009-11-12 01:07 . 2007-01-03 00:35 -------- d-----w- c:\documents and settings\Alexandre\Application Data\Apple Computer
2009-11-12 01:07 . 2009-06-20 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-09 20:14 . 2009-02-07 17:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-03 02:40 . 2007-09-23 22:17 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-13 03:04 . 2009-10-13 03:04 -------- d-----w- c:\program files\Dragon UnPACKer 5
2009-10-08 23:20 . 2008-01-12 05:29 -------- d-----w- c:\program files\WarRock
2009-09-16 01:25 . 2006-12-29 20:50 46512 ----a-w- c:\documents and settings\Alexandre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 17:00 . 2009-05-20 01:52 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 21:35 . 2008-12-11 20:41 45928 ----a-w- c:\documents and settings\Autres\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 18:54 . 2009-02-09 15:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-02-09 15:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Documents and Settings\\Alexandre\\Desktop\\eAthena_Stable_9640\\map-server.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6900:TCP"= 6900:TCP:ragnarok
"5121:TCP"= 5121:TCP:ragnarok
"6121:TCP"= 6121:TCP:ragnarok

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/05/2009 3:44 PM 108289]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/02/2009 10:10 AM 269648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/02/2009 10:10 AM 19160]
S0 goexholf;goexholf;c:\windows\system32\drivers\nnzkjlge.sys --> c:\windows\system32\drivers\nnzkjlge.sys [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/05/2008 8:47 AM 717296]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-22 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Alexandre.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-09 18:53]

2009-11-22 c:\windows\Tasks\Malwarebytes' Scheduled Update for Alexandre.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-09 18:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 15:22
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-22 15:25
ComboFix-quarantined-files.txt 2009-11-22 20:25
ComboFix2.txt 2009-11-22 19:35

Pre-Run: 57,135,349,760 bytes free
Post-Run: 57,101,574,144 bytes free

- - End Of File - - C48769239A83635EA685C9FE9A5D2FD5

Encore merci de donner un peu de ton temps pour m'aider ! =)
0
Réponse 13 / 19
Utilisateur anonyme
 

__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------

Toujours avec toutes les protections désactivées, fais ceci :

▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

----------------------------------------------------------
Driver::
goexholf
------------------------------------------------------------------

▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes

▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) Comme ceci

▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
0
Réponse 14 / 19
M4C
 
Merci encore :D
Voila le log :

ComboFix 09-11-21.03 - Alexandre 22/11/2009 15:51.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.2.1033.18.2046.1457 [GMT -5:00]
Running from: c:\documents and settings\Alexandre\Desktop\Alexandre.exe
Command switches used :: c:\documents and settings\Alexandre\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AVG 7.5.560 *On-access scanning disabled* (Outdated) {41564737-3200-1071-989B-0000E87B4FB1}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_goexholf

((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
.

2009-11-22 20:08 . 2009-11-22 20:25 -------- d-----w- C:\Alexandre
2009-11-22 18:31 . 2009-11-22 18:32 -------- d-----w- C:\Kill'em
2009-11-22 17:52 . 2009-11-22 17:52 -------- d-----w- c:\program files\Trend Micro
2009-11-22 17:43 . 2009-11-22 17:43 -------- d-----w- c:\documents and settings\Autres\Application Data\Malwarebytes
2009-11-22 04:15 . 2009-08-29 07:36 78336 -c----w- c:\windows\system32\dllcache\ieencode.dll
2009-11-22 04:15 . 2009-08-29 07:36 78336 ------w- c:\windows\system32\ieencode.dll
2009-11-12 01:07 . 2001-08-18 03:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-11-12 01:07 . 2008-04-13 19:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-12 01:07 . 2008-04-13 19:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-12 01:07 . 2008-04-14 01:12 159232 ----a-w- c:\windows\system32\ptpusd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-22 21:02 . 2008-02-16 02:58 -------- d-----w- c:\documents and settings\Alexandre\Application Data\Skype
2009-11-22 21:01 . 2007-12-16 18:47 -------- d-----w- c:\documents and settings\Alexandre\Application Data\skypePM
2009-11-22 20:58 . 2007-12-25 16:59 -------- d-----w- c:\documents and settings\Alexandre\Application Data\WTablet
2009-11-22 19:26 . 2007-12-26 17:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2009-11-22 19:05 . 2008-04-18 20:10 -------- d-----w- c:\documents and settings\Autres\Application Data\WTablet
2009-11-22 18:44 . 2006-12-30 00:58 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-22 17:44 . 2008-08-27 16:14 -------- d-----w- c:\documents and settings\Autres\Application Data\AVG7
2009-11-22 16:06 . 2008-05-17 18:30 -------- d-----w- c:\documents and settings\Alexandre\Application Data\AVG7
2009-11-22 04:50 . 2009-02-07 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-21 00:10 . 2009-07-22 03:50 -------- d-----w- c:\program files\green peach V2
2009-11-19 21:08 . 2007-01-07 22:48 -------- d-----w- c:\program files\FlashGet
2009-11-19 01:59 . 2008-05-21 21:15 -------- d-----w- c:\documents and settings\Alexandre\Application Data\uTorrent
2009-11-12 01:07 . 2007-01-03 00:35 -------- d-----w- c:\documents and settings\Alexandre\Application Data\Apple Computer
2009-11-12 01:07 . 2009-06-20 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-09 20:14 . 2009-02-07 17:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-03 02:40 . 2007-09-23 22:17 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-13 03:04 . 2009-10-13 03:04 -------- d-----w- c:\program files\Dragon UnPACKer 5
2009-10-08 23:20 . 2008-01-12 05:29 -------- d-----w- c:\program files\WarRock
2009-09-16 01:25 . 2006-12-29 20:50 46512 ----a-w- c:\documents and settings\Alexandre\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-12 17:00 . 2009-05-20 01:52 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-11 14:18 . 2004-08-10 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 21:35 . 2008-12-11 20:41 45928 ----a-w- c:\documents and settings\Autres\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-10 18:54 . 2009-02-09 15:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-02-09 15:10 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2004-08-10 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-03-04 03:33 832512 ------w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-10 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-10 11:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-07-16 25604904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2004-07-27 221184]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-20 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\PocketSoft\\RTPatch\\AutoRTP\\artpschd.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\FlashGet\\FlashGet.exe"=
"c:\\Documents and Settings\\Alexandre\\Desktop\\eAthena_Stable_9640\\map-server.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3x.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\age3y.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6900:TCP"= 6900:TCP:ragnarok
"5121:TCP"= 5121:TCP:ragnarok
"6121:TCP"= 6121:TCP:ragnarok

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/05/2008 8:47 AM 717296]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20/05/2009 3:44 PM 108289]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [09/02/2009 10:10 AM 269648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [09/02/2009 10:10 AM 19160]
S2 HDD & SSD access service;HDD & SSD access service;"c:\program files\Common Files\BinarySense\disksvc.exe" --> c:\program files\Common Files\BinarySense\disksvc.exe [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - CLASSPNP_2
.
Contents of the 'Scheduled Tasks' folder

2009-08-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-11-22 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Alexandre.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-09 18:53]

2009-11-22 c:\windows\Tasks\Malwarebytes' Scheduled Update for Alexandre.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-02-09 18:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 15:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys spmb.sys hal.dll >>UNKNOWN [0x8A6DB938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\iaStor -> iaStor.sys @ 0xba58c5d0
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

iaStor.sys @ 0x0 0x0 bytes

\Driver\iaStor [ IRP_MJ_CREATE ] 0x4FC2 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_CLOSE ] 0x4FC2 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_DEVICE_CONTROL ] 0x8CB6 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x8F78 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_POWER ] 0xDD12 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor [ IRP_MJ_SYSTEM_CONTROL ] 0xDE72 != 0xBA58C5D0 iaStor.sys
\Driver\iaStor IRP hooks detected !

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2796)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\Tablet.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\WTablet\TabUserW.exe
c:\windows\system32\Tablet.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-11-22 16:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-22 21:07
ComboFix2.txt 2009-11-22 20:25
ComboFix3.txt 2009-11-22 19:35

Pre-Run: 57,104,625,664 bytes free
Post-Run: 57,074,581,504 bytes free

- - End Of File - - ED8ACBD3C84D8392B908762F747D7BDB
0
Réponse 15 / 19
Utilisateur anonyme
 
Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt".
0
Réponse 16 / 19
M4C
 
OTL.txt :
http://www.cijoint.fr/cjlink.php?file=cj200911/cij4bYNcJS.txt

Extras.txt :
http://www.cijoint.fr/cjlink.php?file=cj200911/cijlVajvSg.txt

MErCi encore ! :P
0
Réponse 17 / 19
Utilisateur anonyme
 
pour commencer sers-toi de cette page pour desinstaller correctement AVG :

Désinstallation Antivirus , Parefeu , Antispyware

ensuite :

▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.

▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.

▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe

▶- Coche la case devant :sites de confiance

▶- Ne coche aucune autre case

▶-Clique sur Restaurer

▶-Redémarre ton PC

ensuite :

▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\WINDOWS\MBR.exe

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

▶ Double clic sur OTL.exe pour le lancer.

▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
IE - HKU\S-1-5-21-1229272821-1897051121-725345543-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab (Java Plug-in 1.5.0_08)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5

:Files
C:\WINDOWS\softy.ini
C:\WINDOWS\_delis32.ini

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.

▶ Poste le rapport.
0
Réponse 18 / 19
M4C
 
Rapport Virus Total :

Fichier MBR.exe reçu le 2009.11.22 23:06:06 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.22 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.72 2009.11.22 -
Antiy-AVL 2.0.3.7 2009.11.20 -
Authentium 5.2.0.5 2009.11.22 -
Avast 4.8.1351.0 2009.11.22 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.22 -
CAT-QuickHeal 10.00 2009.11.21 -
ClamAV 0.94.1 2009.11.22 -
Comodo 3002 2009.11.22 -
DrWeb 5.0.0.12182 2009.11.22 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7133 2009.11.20 -
F-Prot 4.5.1.85 2009.11.22 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.22 -
GData 19 2009.11.22 -
Ikarus T3.1.1.74.0 2009.11.22 -
Jiangmin 11.0.800 2009.11.22 -
K7AntiVirus 7.10.901 2009.11.20 -
Kaspersky 7.0.0.125 2009.11.22 -
McAfee 5810 2009.11.22 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.22 -
Microsoft 1.5302 2009.11.23 -
NOD32 4628 2009.11.22 -
Norman 6.03.02 2009.11.21 -
nProtect 2009.1.8.0 2009.11.22 -
Panda 10.0.2.2 2009.11.22 -
PCTools 7.0.3.5 2009.11.22 -
Prevx 3.0 2009.11.23 -
Rising 22.22.06.04 2009.11.22 -
Sophos 4.47.0 2009.11.22 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.22 -
TheHacker 6.5.0.2.075 2009.11.20 -
TrendMicro 9.0.0.1003 2009.11.22 PAK_Generic.001
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.20.2047 2009.11.20 -
VirusBuster 5.0.21.0 2009.11.22 -

Information additionnelle
File size: 77312 bytes
MD5...: c5ec72a20b4c98db5314e6c46765b148
SHA1..: e51e0b26d3a8fb28e0e4dcf78b6e4df2da879ff4
SHA256: 42855149b90c059b62ebc4027188361860fb6ffd9e4a2aa074c665181a2b9326
ssdeep: 1536:NVAHk0dbcNRrBamAh83imalysWPvRhzjJNJDs0YpvcgHHHM6:8Hk0dbcfrB<BR>amAh8fIWPLzJI0YpvcgHnp<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x30510<BR>timedatestamp.....: 0x4add81e3 (Tue Oct 20 09:24:51 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x1d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x1e000 0x13000 0x12800 7.89 b382e0bad5749bcf197d12b291ced9c1<BR>.rsrc 0x31000 0x1000 0x200 2.48 976be2cc34adbef1cc44f46191c5ea77<BR><BR>( 2 imports ) <BR>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess<BR>> ADVAPI32.dll: RegCloseKey<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)<BR>Win32 EXE Yoda's Crypter (34.3%)<BR>Win32 Executable Generic (11.0%)<BR>Win32 Dynamic Link Library (generic) (9.8%)<BR>Generic Win/DOS Executable (2.5%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch
packers (F-Prot): UPX

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.22 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.72 2009.11.22 -
Antiy-AVL 2.0.3.7 2009.11.20 -
Authentium 5.2.0.5 2009.11.22 -
Avast 4.8.1351.0 2009.11.22 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.22 -
CAT-QuickHeal 10.00 2009.11.21 -
ClamAV 0.94.1 2009.11.22 -
Comodo 3002 2009.11.22 -
DrWeb 5.0.0.12182 2009.11.22 -
eSafe 7.0.17.0 2009.11.19 -
eTrust-Vet 35.1.7133 2009.11.20 -
F-Prot 4.5.1.85 2009.11.22 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.22 -
GData 19 2009.11.22 -
Ikarus T3.1.1.74.0 2009.11.22 -
Jiangmin 11.0.800 2009.11.22 -
K7AntiVirus 7.10.901 2009.11.20 -
Kaspersky 7.0.0.125 2009.11.22 -
McAfee 5810 2009.11.22 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.22 -
Microsoft 1.5302 2009.11.23 -
NOD32 4628 2009.11.22 -
Norman 6.03.02 2009.11.21 -
nProtect 2009.1.8.0 2009.11.22 -
Panda 10.0.2.2 2009.11.22 -
PCTools 7.0.3.5 2009.11.22 -
Prevx 3.0 2009.11.23 -
Rising 22.22.06.04 2009.11.22 -
Sophos 4.47.0 2009.11.22 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.22 -
TheHacker 6.5.0.2.075 2009.11.20 -
TrendMicro 9.0.0.1003 2009.11.22 PAK_Generic.001
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.20.2047 2009.11.20 -
VirusBuster 5.0.21.0 2009.11.22 -

Information additionnelle
File size: 77312 bytes
MD5...: c5ec72a20b4c98db5314e6c46765b148
SHA1..: e51e0b26d3a8fb28e0e4dcf78b6e4df2da879ff4
SHA256: 42855149b90c059b62ebc4027188361860fb6ffd9e4a2aa074c665181a2b9326
ssdeep: 1536:NVAHk0dbcNRrBamAh83imalysWPvRhzjJNJDs0YpvcgHHHM6:8Hk0dbcfrB<BR>amAh8fIWPLzJI0YpvcgHnp<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x30510<BR>timedatestamp.....: 0x4add81e3 (Tue Oct 20 09:24:51 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 3 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>UPX0 0x1000 0x1d000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>UPX1 0x1e000 0x13000 0x12800 7.89 b382e0bad5749bcf197d12b291ced9c1<BR>.rsrc 0x31000 0x1000 0x200 2.48 976be2cc34adbef1cc44f46191c5ea77<BR><BR>( 2 imports ) <BR>> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, ExitProcess<BR>> ADVAPI32.dll: RegCloseKey<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)<BR>Win32 EXE Yoda's Crypter (34.3%)<BR>Win32 Executable Generic (11.0%)<BR>Win32 Dynamic Link Library (generic) (9.8%)<BR>Generic Win/DOS Executable (2.5%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch
packers (F-Prot): UPX

Rapport OTL :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
Process iexplore.exe killed successfully!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1229272821-1897051121-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0E899AB-F487-11D5-8D29-0050BA6940E3}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
File oft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5 deleted successfully.
========== FILES ==========
C:\WINDOWS\softy.ini moved successfully.
C:\WINDOWS\_delis32.ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Alexandre
->Temp folder emptied: 191946 bytes
->Temporary Internet Files folder emptied: 4237095 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2873627 bytes

User: All Users

User: Autres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->Java cache emptied: 11416 bytes

User: Carole

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: HelpAssistant
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 111826 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1258425 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 219000 bytes

Total Files Cleaned = 8.71 mb

OTL by OldTimer - Version 3.1.7.0 log created on 11222009_181047

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
0
Réponse 19 / 19
Utilisateur anonyme
 
Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :

( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0

Discussions similaires

App explorer Sa sert a quoi ?
Mada_alpha -
SATS_fr -

1 réponse