A voir également:
- Antivirus plus supprimé mais google bloqué
- Google maps satellite - Guide
- Dns google - Guide
- Recuperer message whatsapp supprimé - Guide
- Google earth - Télécharger - 3D
- Google - Guide
4 réponses
Utilisateur anonyme
5 févr. 2010 à 20:35
5 févr. 2010 à 20:35
salut :tu peux remette le rapport de malwarebytes voir d'un peu plus pres ou on met les pieds ?
(onglet rapport/log le dernier en date)
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
(onglet rapport/log le dernier en date)
▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :
▶ Déconnecte toi et ferme toutes applications en cours !
▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .
▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .
▶ Au menu principal choisis l'option "L" et tape sur [entrée] .
▶ Laisse travailler l'outil et ne touche à rien ...
▶ Poste le rapport qui apparait à la fin , sur le forum ...
( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )
▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
Utilisateur anonyme
5 févr. 2010 à 22:03
5 févr. 2010 à 22:03
malwarebytes n est pas a jour et il me faudrait le rapport de la centaine de virus qu'il a detecté car suivant ce que c'est , il faudra passer plus gros
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3593
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
18/01/2010 20:53:14
mbam-log-2010-01-18 (20-53-14).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 194635
Temps écoulé: 1 hour(s), 23 minute(s), 11 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 39
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 52
Processus mémoire infecté(s):
C:\WINDOWS\msa.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Documents and Settings\Lucie Berneim\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll (Trojan.FakeAlert) -> Delete on reboot.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\awesomebestshoppingtipsprogram.awesomebestshoppingtipsprogram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dfd5a573-2937-ad0e-f3aa-fbad3c45e9d7} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dff64510-4059-8f01-9847-fcdba66b521c} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b0da396-2dee-e4c6-d02b-575ff7159670} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b0da396-2dee-e4c6-d02b-575ff7159670} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b0da396-2dee-e4c6-d02b-575ff7159670} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\awesomebestshoppingtipsprogram.awesomebestshoppingtipsprogram.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AwesomeBestShoppingTipsProgram.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ExcellentAdDisplay.dll (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AwesomeBestShoppingTipsProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ExcellentAdDisplay (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExcellentAdDisplay (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipuspdcdud7 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dealassistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Lucie Berneim\Application Data\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AwesomeBestShoppingTipsProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Program Files\AwesomeBestShoppingTipsProgram\AwesomeBestShoppingTipsProgram.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Bernheim\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0698C787-2F7E-4FDA-A967-472C26B53E0F}\RP242\A0186798.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0698C787-2F7E-4FDA-A967-472C26B53E0F}\RP242\A0186797.exe (Worm.Pavelo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0698C787-2F7E-4FDA-A967-472C26B53E0F}\RP246\A0188085.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0698C787-2F7E-4FDA-A967-472C26B53E0F}\RP246\A0188100.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Application Data\DealAssistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AwesomeBestShoppingTipsProgram\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Bureau\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CRYPT3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cryptui32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrsrv32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csseqchk32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csseqchk3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3drm32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3dxof32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\danim32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbgeng32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DBMSRPCN32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbnmpntw32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DCIMAN3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddeml32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deskadp32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DESKMON32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deskperf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgnet32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DHCPMON32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhcpsapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diskcopy32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMLOADER32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSERVER32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSYNTH32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmusic32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Version de la base de données: 3593
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
18/01/2010 20:53:14
mbam-log-2010-01-18 (20-53-14).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 194635
Temps écoulé: 1 hour(s), 23 minute(s), 11 second(s)
Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 39
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 52
Processus mémoire infecté(s):
C:\WINDOWS\msa.exe (Trojan.Agent) -> Unloaded process successfully.
Module(s) mémoire infecté(s):
C:\Documents and Settings\Lucie Berneim\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll (Trojan.FakeAlert) -> Delete on reboot.
c:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\awesomebestshoppingtipsprogram.awesomebestshoppingtipsprogram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dfd5a573-2937-ad0e-f3aa-fbad3c45e9d7} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{dff64510-4059-8f01-9847-fcdba66b521c} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6b0da396-2dee-e4c6-d02b-575ff7159670} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6b0da396-2dee-e4c6-d02b-575ff7159670} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b0da396-2dee-e4c6-d02b-575ff7159670} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\awesomebestshoppingtipsprogram.awesomebestshoppingtipsprogram.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\excellentaddisplay.excellentaddisplay.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\premiereadvertisingplatform.premiereadvertisingplatform.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2b5aab8-2183-4be7-81a6-f11493c45872} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{547395d9-934a-ced6-b851-f238c86079e5} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f31c8969-83e7-a513-2e11-cb6d1837c2cb} (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\WS9E3IQBKY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\AwesomeBestShoppingTipsProgram.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ExcellentAdDisplay.dll (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\PremiereAdvertisingPlatform.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AwesomeBestShoppingTipsProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ExcellentAdDisplay (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ExcellentAdDisplay (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\calc32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sfkg6wipuspdcdud7 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus plus (Rogue.AntivirusPlus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\net (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dealassistant (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\regedit32 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\Documents and Settings\Lucie Berneim\Application Data\DealAssistant (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AwesomeBestShoppingTipsProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PremiereAdvertisingPlatform (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\AntiVirus Plus (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Application Data\AntiVirus Plus (Rogue.AntiVirusPlus) -> Delete on reboot.
Fichier(s) infecté(s):
C:\Program Files\AwesomeBestShoppingTipsProgram\AwesomeBestShoppingTipsProgram.dll (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Bernheim\Application Data\AntiVirus Plus\AntiVirus Plus.70700.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0698C787-2F7E-4FDA-A967-472C26B53E0F}\RP242\A0186798.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0698C787-2F7E-4FDA-A967-472C26B53E0F}\RP242\A0186797.exe (Worm.Pavelo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0698C787-2F7E-4FDA-A967-472C26B53E0F}\RP246\A0188085.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{0698C787-2F7E-4FDA-A967-472C26B53E0F}\RP246\A0188100.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Application Data\DealAssistant\config.cfg (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\AwesomeBestShoppingTipsProgram\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PremiereAdvertisingPlatform\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\AntiVirus Plus\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\AntiVirus Plus\EULA.url (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Application Data\avp.ico (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Bureau\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Application Data\Microsoft\Internet Explorer\Quick Launch\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\Menu Démarrer\Programmes\Démarrage\AntiVirus Plus.lnk (Rogue.AntiVirusPlus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\CRYPT3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cryptui32.dll (Worm.P2P) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csrsrv32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csseqchk32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\csseqchk3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3drm32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\d3dxof32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\danim32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbgeng32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DBMSRPCN32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dbnmpntw32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DCIMAN3232.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ddeml32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deskadp32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DESKMON32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\deskperf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dgnet32.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DHCPMON32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dhcpsapi32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\diskcopy32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMLOADER32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSERVER32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\DMSYNTH32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dmusic32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\net.net (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Lucie Berneim\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\sshnas21.dll (Trojan.FakeAlert) -> Delete on reboot.
Utilisateur anonyme
5 févr. 2010 à 22:18
5 févr. 2010 à 22:18
/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\
▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe" avant qu'il soit enregistré sur ton disque dur
_______________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
======================================================
▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!
▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
>> Reviens sur le forum, et
▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
ComboFix 10-02-05.02 - Lucie Berneim 05/02/2010 23:52:56.1.2 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.619 [GMT 1:00]
Lancé depuis: c:\documents and settings\Lucie Berneim\Bureau\lucie.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.\documents\settings
c:\program files\ExcellentAdDisplay
c:\program files\ExcellentAdDisplay\uninstall.exe
c:\recycler\S-1-5-21-1012119198-3164399779-567860722-1003
c:\recycler\S-1-5-21-1146900292-2107863965-2184001931-1003
c:\recycler\S-1-5-21-1285452189-2897731831-869995530-1003
c:\recycler\S-1-5-21-1715567821-823518204-527237240-1003
c:\recycler\S-1-5-21-2197382014-3481631284-2562751692-1003
c:\recycler\S-1-5-21-2245493125-2027700850-2773855886-1003
c:\recycler\S-1-5-21-2510172619-2115415327-310082141-1003
c:\recycler\S-1-5-21-2603331843-2404986054-1169036203-1003
c:\recycler\S-1-5-21-2711207617-3665269759-3511543751-1003
c:\recycler\S-1-5-21-3346738352-1632741720-2677954562-1003
c:\recycler\S-1-5-21-375701286-520863373-3602185834-1003
c:\recycler\S-1-5-21-3881886158-3613839562-3649262194-1003
c:\recycler\S-1-5-21-3991674429-1502234657-2308447467-1003
c:\recycler\S-1-5-21-964652166-2484417911-145158100-1003
c:\windows\run.log
c:\windows\system32\Thumbs.db
c:\windows\system32\xa.tmp
Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-05 au 2010-02-05 ))))))))))))))))))))))))))))))))))))
.
2010-02-02 16:49 . 2010-01-16 15:22 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-02-02 16:49 . 2010-01-16 15:22 3530520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2010-01-31 16:46 . 2010-02-03 21:03 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\vlc
2010-01-31 16:41 . 2010-01-31 16:41 -------- d-----w- c:\program files\VideoLAN
2010-01-28 15:50 . 2010-01-28 15:51 -------- d-----w- c:\program files\QuickTime
2010-01-28 06:34 . 2006-05-24 12:36 110592 ----a-w- c:\documents and settings\Lucie Berneim\Application Data\U3\temp\cleanup.exe
2010-01-28 06:27 . 2010-01-28 06:34 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\U3
2010-01-20 19:02 . 2010-01-20 19:02 0 ----a-w- c:\windows\nsreg.dat
2010-01-20 19:02 . 2010-01-20 19:02 -------- d-----w- c:\documents and settings\Lucie Berneim\Local Settings\Application Data\Mozilla
2010-01-18 18:15 . 2010-01-18 18:15 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\Malwarebytes
2010-01-18 18:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-18 18:15 . 2010-01-18 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-18 18:15 . 2010-01-18 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 18:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-16 15:15 . 2010-01-16 15:15 -------- d-----w- c:\program files\Microsoft
2010-01-12 21:17 . 2010-01-12 21:17 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\DataCast
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 22:19 . 2009-07-28 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-04 17:58 . 2008-12-15 18:44 23000 ----a-w- c:\documents and settings\Lucie Berneim\Application Data\wklnhst.dat
2010-01-31 19:29 . 2009-07-28 14:54 1 ----a-w- c:\documents and settings\Lucie Berneim\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-28 15:48 . 2008-12-14 18:38 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-27 18:55 . 2008-12-12 00:21 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\Skype
2010-01-27 18:55 . 2009-06-21 08:38 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\skypePM
2010-01-22 21:11 . 2008-04-13 11:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-21 07:49 . 2009-07-28 12:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 19:17 . 2010-01-19 19:16 137 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat
2010-01-18 21:28 . 2009-03-08 11:28 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\LimeWire
2010-01-18 17:32 . 2008-08-07 14:12 86136 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-18 17:32 . 2008-08-07 14:12 513048 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-16 15:12 . 2009-10-25 17:52 -------- d-----w- c:\program files\Universalis
2010-01-12 21:17 . 2009-03-18 20:11 -------- d-----w- c:\program files\Samsung
2010-01-12 21:17 . 2008-08-07 13:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 20:57 . 2009-10-25 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\UniversalisV12
2010-01-05 09:56 . 2008-08-07 14:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2008-08-07 14:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2008-08-07 14:12 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-22 18:10 . 2009-12-22 18:10 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\HpUpdate
2009-11-21 15:58 . 2008-08-07 14:12 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 21:06 . 2009-11-14 20:57 197032 -c--a-w- c:\windows\hppins12.dat
2009-11-14 19:42 . 2008-12-12 00:21 103912 -c--a-w- c:\documents and settings\Lucie Berneim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 19:27 . 2009-11-14 19:27 608 -csha-w- c:\windows\system32\winzvprt5.sys
2008-05-07 14:34 . 2008-08-07 13:55 15523560 ----a-w- c:\program files\U1 Setup.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"I.R.I.S. Desktop Search"="c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe" [2006-01-11 5193512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-22 204800]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-02 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-02 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-16 2043160]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-02 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Lucie Berneim\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\Lucie Berneim\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-8-1 143360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-17 311296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 09:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 01:06 40048 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 17:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-12 18:08 21898024 -c--a-r- c:\program files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/02/2009 21:41 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/02/2009 21:41 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/08/2009 09:11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/08/2009 09:11 297752]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [07/08/2008 14:20 625024]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [25/10/2009 10:49 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [25/10/2009 10:49 51968]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [14/11/2009 22:00 20504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lucie Berneim\Application Data\Mozilla\Firefox\Profiles\swi725ur.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
AddRemove-AwesomeBestShoppingTipsProgram - c:\program files\AwesomeBestShoppingTipsProgram\uninstall.exe
AddRemove-DealAssistant - c:\documents and settings\Lucie Berneim\Application Data\DealAssistant\DAUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 00:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\btmmhook.dll
c:\program files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\documents and settings\Lucie Berneim\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-02-06 00:09:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-05 23:09
Avant-CF: 28 182 048 768 octets libres
Après-CF: 28 214 874 112 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - 2E58D2B91B74A2545F0A2A87BD9FA230
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1015.619 [GMT 1:00]
Lancé depuis: c:\documents and settings\Lucie Berneim\Bureau\lucie.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users.\documents\settings
c:\program files\ExcellentAdDisplay
c:\program files\ExcellentAdDisplay\uninstall.exe
c:\recycler\S-1-5-21-1012119198-3164399779-567860722-1003
c:\recycler\S-1-5-21-1146900292-2107863965-2184001931-1003
c:\recycler\S-1-5-21-1285452189-2897731831-869995530-1003
c:\recycler\S-1-5-21-1715567821-823518204-527237240-1003
c:\recycler\S-1-5-21-2197382014-3481631284-2562751692-1003
c:\recycler\S-1-5-21-2245493125-2027700850-2773855886-1003
c:\recycler\S-1-5-21-2510172619-2115415327-310082141-1003
c:\recycler\S-1-5-21-2603331843-2404986054-1169036203-1003
c:\recycler\S-1-5-21-2711207617-3665269759-3511543751-1003
c:\recycler\S-1-5-21-3346738352-1632741720-2677954562-1003
c:\recycler\S-1-5-21-375701286-520863373-3602185834-1003
c:\recycler\S-1-5-21-3881886158-3613839562-3649262194-1003
c:\recycler\S-1-5-21-3991674429-1502234657-2308447467-1003
c:\recycler\S-1-5-21-964652166-2484417911-145158100-1003
c:\windows\run.log
c:\windows\system32\Thumbs.db
c:\windows\system32\xa.tmp
Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
((((((((((((((((((((((((((((( Fichiers créés du 2010-01-05 au 2010-02-05 ))))))))))))))))))))))))))))))))))))
.
2010-02-02 16:49 . 2010-01-16 15:22 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2010-02-02 16:49 . 2010-01-16 15:22 3530520 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2010-01-31 16:46 . 2010-02-03 21:03 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\vlc
2010-01-31 16:41 . 2010-01-31 16:41 -------- d-----w- c:\program files\VideoLAN
2010-01-28 15:50 . 2010-01-28 15:51 -------- d-----w- c:\program files\QuickTime
2010-01-28 06:34 . 2006-05-24 12:36 110592 ----a-w- c:\documents and settings\Lucie Berneim\Application Data\U3\temp\cleanup.exe
2010-01-28 06:27 . 2010-01-28 06:34 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\U3
2010-01-20 19:02 . 2010-01-20 19:02 0 ----a-w- c:\windows\nsreg.dat
2010-01-20 19:02 . 2010-01-20 19:02 -------- d-----w- c:\documents and settings\Lucie Berneim\Local Settings\Application Data\Mozilla
2010-01-18 18:15 . 2010-01-18 18:15 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\Malwarebytes
2010-01-18 18:15 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-18 18:15 . 2010-01-18 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-18 18:15 . 2010-01-18 19:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 18:15 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-16 15:16 . 2010-01-16 15:16 -------- d-----w- c:\windows\system32\wbem\Repository
2010-01-16 15:15 . 2010-01-16 15:15 -------- d-----w- c:\program files\Microsoft
2010-01-12 21:17 . 2010-01-12 21:17 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\DataCast
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 22:19 . 2009-07-28 22:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-02-04 17:58 . 2008-12-15 18:44 23000 ----a-w- c:\documents and settings\Lucie Berneim\Application Data\wklnhst.dat
2010-01-31 19:29 . 2009-07-28 14:54 1 ----a-w- c:\documents and settings\Lucie Berneim\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-28 15:48 . 2008-12-14 18:38 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-01-27 18:55 . 2008-12-12 00:21 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\Skype
2010-01-27 18:55 . 2009-06-21 08:38 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\skypePM
2010-01-22 21:11 . 2008-04-13 11:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-21 07:49 . 2009-07-28 12:00 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 19:17 . 2010-01-19 19:16 137 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\fusioncache.dat
2010-01-18 21:28 . 2009-03-08 11:28 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\LimeWire
2010-01-18 17:32 . 2008-08-07 14:12 86136 ----a-w- c:\windows\system32\perfc00C.dat
2010-01-18 17:32 . 2008-08-07 14:12 513048 ----a-w- c:\windows\system32\perfh00C.dat
2010-01-16 15:12 . 2009-10-25 17:52 -------- d-----w- c:\program files\Universalis
2010-01-12 21:17 . 2009-03-18 20:11 -------- d-----w- c:\program files\Samsung
2010-01-12 21:17 . 2008-08-07 13:18 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-07 20:57 . 2009-10-25 17:55 -------- d-----w- c:\documents and settings\All Users\Application Data\UniversalisV12
2010-01-05 09:56 . 2008-08-07 14:12 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 09:56 . 2008-08-07 14:12 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 09:56 . 2008-08-07 14:12 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-22 18:10 . 2009-12-22 18:10 -------- d-----w- c:\documents and settings\Lucie Berneim\Application Data\HpUpdate
2009-11-21 15:58 . 2008-08-07 14:12 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 21:06 . 2009-11-14 20:57 197032 -c--a-w- c:\windows\hppins12.dat
2009-11-14 19:42 . 2008-12-12 00:21 103912 -c--a-w- c:\documents and settings\Lucie Berneim\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-14 19:27 . 2009-11-14 19:27 608 -csha-w- c:\windows\system32\winzvprt5.sys
2008-05-07 14:34 . 2008-08-07 13:55 15523560 ----a-w- c:\program files\U1 Setup.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 07:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"I.R.I.S. Desktop Search"="c:\program files\IRIS Desktop Search\IRISDesktopSearch.exe" [2006-01-11 5193512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2008-09-03 335872]
"ETDWareDetect"="c:\program files\Elantech\ETDDect.exe" [2008-08-22 204800]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-09-02 106496]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-09-02 593920]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-01-16 2043160]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-02 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Lucie Berneim\Menu D‚marrer\Programmes\D‚marrage\
Outil de notification Live Search.lnk - c:\documents and settings\Lucie Berneim\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-8-1 143360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-9-2 604776]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2008-9-17 311296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 09:02 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 01:06 40048 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-02-06 17:51 3885408 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-02-12 18:08 21898024 -c--a-r- c:\program files\Skype\Phone\Skype.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/02/2009 21:41 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/02/2009 21:41 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/08/2009 09:11 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/08/2009 09:11 297752]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [07/08/2008 14:20 625024]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [25/10/2009 10:49 95744]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [25/10/2009 10:49 51968]
S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [14/11/2009 22:00 20504]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contenu du dossier 'Tâches planifiées'
2010-01-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Examen supplémentaire -------
.
mSearch Bar = hxxp://www.mirarsearch.com/?useie5=1&q=
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Lucie Berneim\Application Data\Mozilla\Firefox\Profiles\swi725ur.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-ISUSPM Startup - c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe
AddRemove-AwesomeBestShoppingTipsProgram - c:\program files\AwesomeBestShoppingTipsProgram\uninstall.exe
AddRemove-DealAssistant - c:\documents and settings\Lucie Berneim\Application Data\DealAssistant\DAUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 00:04
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
- - - - - - - > 'explorer.exe'(3008)
c:\windows\system32\btmmhook.dll
c:\program files\IRIS Desktop Search\IRISDesktopSearchIntegration910.dll
c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
c:\program files\eee storage\xpclient.dll
c:\program files\eee storage\logicnp.eznamespaceextensions.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\eappprxy.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
c:\windows\RTHDCPL.EXE
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\documents and settings\Lucie Berneim\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Heure de fin: 2010-02-06 00:09:10 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-02-05 23:09
Avant-CF: 28 182 048 768 octets libres
Après-CF: 28 214 874 112 octets libres
WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect
- - End Of File - - 2E58D2B91B74A2545F0A2A87BD9FA230
Utilisateur anonyme
6 févr. 2010 à 00:34
6 févr. 2010 à 00:34
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
c:\windows\system32\winzvprt5.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
Collect::[4]
c:\program files\U1 Setup.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"ISUSScheduler"=-
"RTHDCPL"=-
"iTunesHelper"=-
"QuickTime Task"=-
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix que tu n'as renommé !
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)
▶ clique sur Appliquer, puis OK.
N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important
Fais analyser le(s) fichier(s) suivants sur Virustotal :
Virus Total
* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :
c:\windows\system32\winzvprt5.sys
* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.
Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
ensuite :
__________________________________________________________
=>/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement cet ordinateur,<=
=>il est fort déconseillé de le transposer sur un autre ordinateur !<=====|
---------------------------------------------------------------
Toujours avec toutes les protections désactivées, fais ceci :
▶ Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
▶ Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :
----------------------------------------------------------
KillAll::
Collect::[4]
c:\program files\U1 Setup.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=-
"ISUSScheduler"=-
"RTHDCPL"=-
"iTunesHelper"=-
"QuickTime Task"=-
------------------------------------------------------------------
▶ Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
▶ Quitte le Bloc Notes
▶ Fais un glisser/déposer de ce fichier CFScript sur le fichier combofix que tu n'as renommé !
▶ Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
▶ Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
▶ Si le fichier ne s'ouvre pas, il se trouve ici => C:\ComboFix.txt
5 févr. 2010 à 22:00
mon rapport:
Malwarebytes' Anti-Malware 1.44
Version de la base de données: 3599
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
05/02/2010 21:49:28
mbam-log-2010-02-05 (21-49-28).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 218859
Temps écoulé: 1 hour(s), 34 minute(s), 10 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\Sysvxd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.