Trojan-GameThief.Win32 et Trojan-Spy.JS.Agent

Question

Bonjour, 

La scan de Kaspersky m'a trouvé des virus : Trojan-GameThief.Win32 et Trojan-Spy.JS.Agent, des adwares et des exploits. Apparemment, je ne suis pas très prudente sur internet ou avec les jeux.
Comment pui-je m'en débarasser ? kaspersky les a trouvé mais n propose pas de les supprimer ?
Merci pour votre aide.



Configuration: Windows Vista / Internet Explorer 7.0

jlpjlp · Answer

slt

colle nous le rapport de kaspersky

puis


Télécharge OTL de OLDTimer ici : 

http://www.geekstogo.com/forum/files/file/398-otl-oldtimers-list-it/ 

et enregistre le sur ton Bureau. 

Double clic sur OTL.exe pour le lancer. 

Coche les 2 cases Lop et Purity 

Coche la case devant "scan all users" 

Clic sur Run Scan. 

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt). 

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt) 


Pour me le transmettre clique sur ce lien : 

http://www.cijoint.fr/ 

Clique sur Parcourir et cherche le fichier ci-dessus. 

Clique sur Ouvrir. 

Clique sur "Cliquez ici pour déposer le fichier". 

Un lien de cette forme : 

http://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt 

est ajouté dans la page. 

Copie ce lien dans ta réponse.

Lilice · Answer

Operating system: Microsoft Windows Vista Home Basic Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, September 23, 2010 03:56:13
Records in database: 4237666
 
 
Scan settings 
scan using the following database extended 
Scan archives yes 
Scan e-mail databases yes 
 
Scan area My Computer 
C:\
D:\
E:\  
 
Scan statistics 
Objects scanned 224238 
Threats found 5 
Infected objects found 15 
Suspicious objects found 0 
Scan duration 04:10:32 

File name Threat Threats count 
C:\Program Files\BarDiscover\bardiscover.dll/C:\Program Files\BarDiscover\bardiscover.dll Infected: not-a-virus:AdWare.Win32.Zwangi.bom 9  
 
C:\Program Files\BarDiscover\bardiscover.dll Infected: not-a-virus:AdWare.Win32.Zwangi.bom 1  
 
C:\Users\Alice\AppData\Local\Temp\jar_cache1998025128338300236.tmp Infected: Exploit.Java.Agent.f 1  
 
C:\Users\Alice\AppData\Local\Temp\jar_cache2875772469728598879.tmp Infected: Exploit.Java.Agent.a 1  
 
C:\Users\Alice\AppData\Local\Temp\jar_cache2875772469728598879.tmp Infected: Exploit.Java.Agent.f 1  
 
C:\Users\Alice\AppData\Local\VirtualStore\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul Infected: Trojan-Spy.JS.Agent.a 1  
 
C:\Users\Alice\AppData\Roaming\39A3BA6DE6C61016C78C5D96C7316690\upd_debug.exe Infected: Trojan-GameThief.Win32.Tibia.guk 1  
 
Selected area has been scanned.

jlpjlp · Answer

ok colle l'autre rapport demandé

Lilice · Answer

Bonjour et merci pour la prise en charge. Voici le fichier OTL :

http://www.cijoint.fr/cjlink.php?file=cj201009/cijH8FMKjR.txt

jlpjlp · Answer

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

- Va dans démarrer puis panneau de configuration 
- Double Clique sur l'icône "Comptes d'utilisateurs" 
- Clique ensuite sur désactiver et valide. 


télécharge combofix (par sUBs) ici : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

et enregistre le sur le bureau. 

déconnecte toi d'internet et ferme toutes tes applications. 

désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware) 


double-clique sur combofix.exe et suis les instructions 

à la fin, il va produire un rapport C:\ComboFix.txt 

réactive ton parefeu, ton antivirus, la garde de ton antispyware 

copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse. 

Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi. 

Tu as un tutoriel complet ici : 

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

lilice · Answer

ComboFix 10-09-23.01 - Alice 24/09/2010   7:03.1.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Basique   6.0.6002.2.1252.33.1036.18.2972.1790 [GMT 2:00]
Lancé depuis: c:\users\Alice\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\BarDiscover
c:\program files\BarDiscover\bardiscover.dll
c:\program files\BarDiscover\bardiscover.exe
c:\program files\BarDiscover\uninstall.exe
c:\programdata\BarDiscover
c:\programdata\BarDiscover\bardiscover149.exe
c:\users\Alice\AppData\Roaming\.#
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk
c:\users\Alice\AppData\Roaming\SystemProc

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-08-24 au 2010-09-24  ))))))))))))))))))))))))))))))))))))
.

2010-09-24 05:45 . 2010-09-24 05:45	--------	d-----w-	c:\users\Default\AppData\Local	emp
2010-09-24 04:56 . 2010-09-24 04:56	--------	d-----w-	c:\program files\Common Files\Java
2010-09-24 04:56 . 2010-07-17 03:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-23 17:46 . 2010-09-23 17:46	--------	d-----w-	C:	mp
2010-09-23 10:21 . 2010-09-23 10:21	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb9DD4.tmp.exe
2010-09-22 16:05 . 2010-09-22 16:05	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEBA1.tmp.exe
2010-09-21 17:25 . 2010-09-21 17:25	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEFF.tmp.exe
2010-09-15 17:39 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 17:39 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 17:39 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:26 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-15 17:13 . 2010-09-15 17:12	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb2B12.tmp.exe
2010-09-14 11:04 . 2010-09-14 11:04	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbBD6E.tmp.exe
2010-09-14 05:07 . 2010-09-14 05:07	--------	d-----w-	c:\windows\system32\x64
2010-09-14 05:03 . 2010-09-14 05:10	--------	d-----w-	c:\program files\Windows Live Safety Center
2010-09-13 20:06 . 2010-09-13 20:06	--------	d-----w-	c:\users\Alice\AppData\Roaming\xm1
2010-09-13 20:05 . 2010-09-13 20:05	--------	d-----w-	c:\program files\Algobox
2010-09-13 19:54 . 2010-09-13 19:56	--------	d-----w-	c:\program files\xcas
2010-09-13 17:39 . 2010-09-13 17:39	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb55BF.tmp.exe
2010-09-08 09:55 . 2010-09-08 09:55	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbED40.tmp.exe
2010-09-07 07:01 . 2010-09-07 07:01	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb2953.tmp.exe
2010-09-07 01:01 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2010-09-07 01:01 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2010-09-07 01:01 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-09-06 16:22 . 2010-09-06 16:22	--------	d-----w-	c:\program files\Windows Portable Devices
2010-09-06 16:02 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-09-06 15:58 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-09-06 15:58 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-09-06 15:58 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-09-06 15:49 . 2010-09-06 15:49	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb4A1B.tmp.exe
2010-09-04 21:16 . 2010-09-04 21:17	--------	d-----w-	c:\windows\system32\ca-ES
2010-09-04 21:16 . 2010-09-04 21:17	--------	d-----w-	c:\windows\system32\eu-ES
2010-09-04 21:16 . 2010-09-04 21:17	--------	d-----w-	c:\windows\system32\vi-VN
2010-09-04 19:26 . 2010-08-24 12:57	9344	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2010-09-04 19:25 . 2010-08-24 12:57	84264	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2010-09-04 19:25 . 2010-08-24 12:57	64304	----a-w-	c:\windows\system32\drivers\mfenlfk.sys
2010-09-04 19:25 . 2010-08-24 12:57	164808	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2010-09-04 19:25 . 2010-08-24 12:57	95600	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2010-09-04 19:25 . 2010-08-24 12:57	52104	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2010-09-04 19:25 . 2010-08-24 12:57	386712	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2010-09-04 19:25 . 2010-08-24 12:57	312904	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2010-09-04 19:25 . 2010-08-24 12:57	152992	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2010-09-04 19:25 . 2010-08-24 12:57	55840	----a-w-	c:\windows\system32\drivers\cfwids.sys
2010-09-01 09:45 . 2010-09-01 09:45	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb3D7E.tmp.exe
2010-08-31 12:16 . 2010-08-31 12:16	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEC76.tmp.exe
2010-08-30 18:43 . 2010-08-30 18:43	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbD517.tmp.exe
2010-08-25 10:21 . 2010-08-25 10:21	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbC8AD.tmp.exe

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 04:56 . 2009-09-04 05:19	--------	d-----w-	c:\program files\Java
2010-09-24 04:53 . 2009-08-27 18:56	--------	d-----w-	c:\program files\Messenger Plus! Live
2010-09-23 17:56 . 2009-02-04 00:00	679042	----a-w-	c:\windows\system32\perfh00C.dat
2010-09-23 17:56 . 2009-02-04 00:00	126626	----a-w-	c:\windows\system32\perfc00C.dat
2010-09-23 10:13 . 2010-05-16 19:17	--------	d-----w-	c:\users\Alice\AppData\Roaming\vlc
2010-09-19 19:30 . 2010-07-02 13:35	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-09-16 15:39 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-16 15:34 . 2009-02-03 16:22	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-14 05:03 . 2009-11-24 17:54	--------	d-----w-	c:\program files\Microsoft
2010-09-11 10:38 . 2009-11-24 17:59	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-10 20:06 . 2010-06-26 22:41	--------	d-----w-	c:\users\Alice\AppData\Roaming\dvdcss
2010-09-07 14:52 . 2009-09-04 05:34	824	----a-w-	c:\users\Alice\AppData\Roaming\wklnhst.dat
2010-09-06 16:22 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-09-06 16:22 . 2010-09-06 16:22	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-06 16:21 . 2010-09-06 16:21	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-04 21:21 . 2009-02-03 15:54	--------	d-----w-	c:\program files\McAfee.com
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Sidebar
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Collaboration
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Calendar
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Defender
2010-09-04 20:26 . 2009-11-25 07:57	1356	----a-w-	c:\users\Alice\AppData\Local\d3d9caps.dat
2010-09-04 20:24 . 2009-02-03 15:54	--------	d-----w-	c:\program files\McAfee
2010-09-04 20:23 . 2009-02-03 15:55	--------	d-----w-	c:\program files\Common Files\McAfee
2010-08-24 11:22 . 2010-08-24 11:22	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb3415.tmp.exe
2010-08-24 10:18 . 2010-08-24 10:18	--------	d-----w-	c:\programdata\Friends Games
2010-08-23 15:10 . 2010-08-23 15:10	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb6BDE.tmp.exe
2010-08-14 08:36 . 2010-08-14 08:36	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb6932.tmp.exe
2010-08-13 16:08 . 2010-08-13 16:08	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbED9B.tmp.exe
2010-08-12 21:09 . 2010-08-12 21:09	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbD598.tmp.exe
2010-08-02 22:23 . 2010-07-25 21:00	--------	d-----w-	c:\users\Alice\AppData\Roaming\39A3BA6DE6C61016C78C5D96C7316690
2010-08-02 20:07 . 2010-08-02 20:07	--------	d-----w-	c:\programdata\TERMINAL Studio
2010-08-01 09:43 . 2010-08-01 09:43	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb2CAC.tmp.exe
2010-07-31 15:51 . 2010-07-31 15:51	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbF6D4.tmp.exe
2010-07-30 10:25 . 2010-07-30 10:25	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb80B5.tmp.exe
2010-07-29 16:28 . 2010-07-29 16:28	153088	----a-w-	c:\users\Alice\AppData\Roaming\39A3BA6DE6C61016C78C5D96C7316690\upd_debug.exe
2010-07-25 09:29 . 2010-07-25 09:29	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb406B.tmp.exe
2010-07-24 09:31 . 2010-07-24 09:31	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb365D.tmp.exe
2010-07-23 10:23 . 2010-07-23 10:23	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb6FA5.tmp.exe
2010-07-20 14:17 . 2010-07-20 14:17	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb512B.tmp.exe
2010-07-14 11:16 . 2010-07-14 11:16	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb81AF.tmp.exe
2010-07-13 18:38 . 2010-07-13 18:38	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb6F00.tmp.exe
2010-07-08 18:07 . 2010-07-08 18:07	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbCAC6.tmp.exe
2010-07-07 09:45 . 2010-07-07 09:45	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEB6B.tmp.exe
2010-07-06 17:36 . 2010-07-06 17:36	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbAA63.tmp.exe
2010-07-03 22:46 . 2010-07-03 22:46	257257	----a-w-	c:\users\Alice\AppData\Roaming\OpenCandy\OpenCandy_7B1CBF5A3FB34C6A9EC21EE601684E10\DLMgr3WrapperUniBlue.exe
2010-07-01 12:00 . 2010-07-01 12:00	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbB237.tmp.exe
2010-06-30 10:29 . 2010-06-30 10:29	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbCC7C.tmp.exe
2010-06-29 11:32 . 2010-06-29 11:32	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb2972.tmp.exe
2010-06-26 14:12 . 2009-09-04 05:47	1	----a-w-	c:\users\Alice\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-26 06:05 . 2010-08-12 21:24	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-12 21:24	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-12 21:24	71680	----a-w-	c:\windows\system32\iesetup.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23	1385864	----a-w-	c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-09 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*upd_debug.exe"="c:\users\Alice\AppData\Roaming\39A3BA6DE6C61016C78C5D96C7316690\upd_debug.exe" [2010-07-29 153088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover149.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-06-26 212992]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-09 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-04-16 93320]
S2 McMPFSvc;Service McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-09-23 c:\windows\Tasks\Norton Security Scan for Alice.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-23 07:48]

2010-09-24 c:\windows\Tasks\User_Feed_Synchronization-{5D30FB2C-FC0A-4CEC-81C6-A734FDB396AE}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vb32&d=0209&m=aspire_5735
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{DB38E21A-0133-419d-92AD-ECDFD5244D6D} - {3E2DFD6A-4E20-4d4c-AA8B-E1F9DBEF3C80} - c:\program files\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll
IE: {{EB620C54-E229-4942-87CE-E717109FC8C6} - {714E0876-FCEE-49ce-A429-B9AD8AEFCB56} - c:\program files\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.
- - - - ORPHELINS SUPPRIMES - - - -

Toolbar-{66886C4D-B307-4ECA-A228-52CA9B9851A4} - (no file)
HKCU-Run-setupupdate70700.exe - c:\users\Alice\AppData\Roaming\39A3BA6DE6C61016C78C5D96C7316690\setupupdate70700.exe
HKCU-Run-opmhstai - c:\users\Alice\AppData\Local\vxxifiels\uspdjvqtssd.exe
HKLM-Run-eRecoveryService - (no file)
AddRemove-BarDiscover - c:\program files\BarDiscover\uninstall.exe
AddRemove-Moovida - c:\program files\Moovida\uninstall-1.0.6.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 07:45
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Heure de fin: 2010-09-24  07:50:12
ComboFix-quarantined-files.txt  2010-09-24 05:50

Avant-CF: 85 005 193 216 octets libres
Après-CF: 85 452 664 832 octets libres

- - End Of File - - 4048E976E0B4089C548EEE627B772BE0

jlpjlp · Answer

BarDiscover 


Ferme tous tes navigateurs (donc copie ou imprime les instructions avant) 

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes : 



Driver:: 
BarDiscover 
File:: 
C:\Users\Alice\AppData\Local\Temp\jar_cache1998025128338300236.tmp
C:\Users\Alice\AppData\Local\Temp\jar_cache2875772469728598879.tmp
C:\Users\Alice\AppData\Local\Temp\jar_cache2875772469728598879.tmp
C:\Users\Alice\AppData\Local\VirtualStore\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul 
C:\Users\Alice\AppData\Roaming\39A3BA6DE6C61016C78C5D96C7316690\upd_debug.exe  
c:\programdata\BarDiscover\bardiscover149.exe 
c:\program files\Ask.com\GenericAskToolbar.dll 
c:\program files\Ask.com 
c:\programdata\BarDiscover 
Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] 
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] 
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=- 
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] 
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] 



Enregistre ce fichier sous le nom CFscript 


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe 

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer. 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Une fois le scan achevé, un rapport va s'afficher: poste son contenu. 



Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

lilice · Answer

Bonjour, voici le rapport de combofix :


ComboFix 10-09-24.05 - Alice 25/09/2010  10:46:11.2.2 - x86
Microsoft® Windows Vista(TM) Édition Familiale Basique   6.0.6002.2.1252.33.1036.18.2972.1593 [GMT 2:00]
Lancé depuis: c:\users\Alice\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Alice\Desktop\CFscript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\Ask.com"
"c:\program files\Ask.com\GenericAskToolbar.dll"
"c:\programdata\BarDiscover"
"c:\programdata\BarDiscover\bardiscover149.exe"
"c:\users\Alice\AppData\Local\Temp\jar_cache1998025128338300236.tmp"
"c:\users\Alice\AppData\Local\Temp\jar_cache2875772469728598879.tmp"
"c:\users\Alice\AppData\Local\VirtualStore\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul"
"c:\users\Alice\AppData\Roaming\39A3BA6DE6C61016C78C5D96C7316690\upd_debug.exe"
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com\GenericAskToolbar.dll
c:\users\Alice\AppData\Local\VirtualStore\Program Files\Mozilla Firefox\extensions\{1CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\plug.xul
c:\users\Alice\AppData\Roaming\39A3BA6DE6C61016C78C5D96C7316690\upd_debug.exe
c:\users\Alice\AppData\Roaming\avdrn.dat
c:\users\Alice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk
c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-08-25 au 2010-09-25  ))))))))))))))))))))))))))))))))))))
.

2010-09-25 09:02 . 2010-09-25 09:02	--------	d-----w-	c:\users\Public\AppData\Local	emp
2010-09-25 09:02 . 2010-09-25 09:02	--------	d-----w-	c:\users\Default\AppData\Local	emp
2010-09-24 04:56 . 2010-09-24 04:56	--------	d-----w-	c:\program files\Common Files\Java
2010-09-24 04:56 . 2010-07-17 03:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-23 17:46 . 2010-09-23 17:46	--------	d-----w-	C:	mp
2010-09-15 17:39 . 2010-04-16 16:46	502272	----a-w-	c:\windows\system32\usp10.dll
2010-09-15 17:39 . 2010-08-17 14:11	128000	----a-w-	c:\windows\system32\spoolsv.exe
2010-09-15 17:39 . 2010-04-05 17:02	317952	----a-w-	c:\windows\system32\MP4SDECD.DLL
2010-09-15 17:26 . 2010-05-27 20:08	739328	----a-w-	c:\windows\system32\inetcomm.dll
2010-09-14 05:07 . 2010-09-14 05:07	--------	d-----w-	c:\windows\system32\x64
2010-09-14 05:03 . 2010-09-14 05:10	--------	d-----w-	c:\program files\Windows Live Safety Center
2010-09-13 20:06 . 2010-09-13 20:06	--------	d-----w-	c:\users\Alice\AppData\Roaming\xm1
2010-09-13 20:05 . 2010-09-13 20:05	--------	d-----w-	c:\program files\Algobox
2010-09-13 19:54 . 2010-09-13 19:56	--------	d-----w-	c:\program files\xcas
2010-09-07 01:01 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2010-09-07 01:01 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2010-09-07 01:01 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2010-09-06 16:22 . 2010-09-06 16:22	--------	d-----w-	c:\program files\Windows Portable Devices
2010-09-06 16:02 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2010-09-06 15:58 . 2009-10-08 21:07	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2010-09-06 15:58 . 2009-10-08 21:08	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2010-09-06 15:58 . 2009-10-08 21:08	234496	----a-w-	c:\windows\system32\oleacc.dll
2010-09-04 21:16 . 2010-09-04 21:17	--------	d-----w-	c:\windows\system32\ca-ES
2010-09-04 21:16 . 2010-09-04 21:17	--------	d-----w-	c:\windows\system32\eu-ES
2010-09-04 21:16 . 2010-09-04 21:17	--------	d-----w-	c:\windows\system32\vi-VN
2010-09-04 19:26 . 2010-08-24 12:57	9344	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2010-09-04 19:25 . 2010-08-24 12:57	84264	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2010-09-04 19:25 . 2010-08-24 12:57	64304	----a-w-	c:\windows\system32\drivers\mfenlfk.sys
2010-09-04 19:25 . 2010-08-24 12:57	164808	----a-w-	c:\windows\system32\drivers\mfewfpk.sys
2010-09-04 19:25 . 2010-08-24 12:57	95600	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2010-09-04 19:25 . 2010-08-24 12:57	52104	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2010-09-04 19:25 . 2010-08-24 12:57	386712	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2010-09-04 19:25 . 2010-08-24 12:57	312904	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2010-09-04 19:25 . 2010-08-24 12:57	152992	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2010-09-04 19:25 . 2010-08-24 12:57	55840	----a-w-	c:\windows\system32\drivers\cfwids.sys

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 09:10 . 2009-02-04 00:00	679042	----a-w-	c:\windows\system32\perfh00C.dat
2010-09-25 09:10 . 2009-02-04 00:00	126626	----a-w-	c:\windows\system32\perfc00C.dat
2010-09-25 09:05 . 2010-07-25 21:00	--------	d-----w-	c:\users\Alice\AppData\Roaming\39A3BA6DE6C61016C78C5D96C7316690
2010-09-25 08:55 . 2010-09-25 08:55	153088	----a-w-	c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\debugadvcert.exe
2010-09-25 08:55 . 2010-07-17 18:43	--------	d-----w-	c:\program files\Ask.com
2010-09-24 16:31 . 2010-05-16 19:17	--------	d-----w-	c:\users\Alice\AppData\Roaming\vlc
2010-09-24 15:51 . 2009-08-28 12:18	--------	d-----w-	c:\programdata\Messenger Plus!
2010-09-24 14:23 . 2010-07-02 13:35	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-09-24 04:56 . 2009-09-04 05:19	--------	d-----w-	c:\program files\Java
2010-09-24 04:53 . 2009-08-27 18:56	--------	d-----w-	c:\program files\Messenger Plus! Live
2010-09-23 10:21 . 2010-09-23 10:21	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb9DD4.tmp.exe
2010-09-22 16:05 . 2010-09-22 16:05	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEBA1.tmp.exe
2010-09-21 17:25 . 2010-09-21 17:25	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEFF.tmp.exe
2010-09-16 15:39 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-09-16 15:34 . 2009-02-03 16:22	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-15 17:12 . 2010-09-15 17:13	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb2B12.tmp.exe
2010-09-14 11:04 . 2010-09-14 11:04	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbBD6E.tmp.exe
2010-09-14 05:03 . 2009-11-24 17:54	--------	d-----w-	c:\program files\Microsoft
2010-09-13 17:39 . 2010-09-13 17:39	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb55BF.tmp.exe
2010-09-11 10:38 . 2009-11-24 17:59	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-10 20:06 . 2010-06-26 22:41	--------	d-----w-	c:\users\Alice\AppData\Roaming\dvdcss
2010-09-08 09:55 . 2010-09-08 09:55	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbED40.tmp.exe
2010-09-07 14:52 . 2009-09-04 05:34	824	----a-w-	c:\users\Alice\AppData\Roaming\wklnhst.dat
2010-09-07 07:01 . 2010-09-07 07:01	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb2953.tmp.exe
2010-09-06 16:22 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-09-06 16:22 . 2010-09-06 16:22	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-09-06 16:21 . 2010-09-06 16:21	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-09-06 15:49 . 2010-09-06 15:49	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb4A1B.tmp.exe
2010-09-04 21:21 . 2009-02-03 15:54	--------	d-----w-	c:\program files\McAfee.com
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Sidebar
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Collaboration
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Calendar
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Photo Gallery
2010-09-04 21:17 . 2006-11-02 12:35	--------	d-----w-	c:\program files\Windows Defender
2010-09-04 20:26 . 2009-11-25 07:57	1356	----a-w-	c:\users\Alice\AppData\Local\d3d9caps.dat
2010-09-04 20:24 . 2009-02-03 15:54	--------	d-----w-	c:\program files\McAfee
2010-09-04 20:23 . 2009-02-03 15:55	--------	d-----w-	c:\program files\Common Files\McAfee
2010-09-01 09:45 . 2010-09-01 09:45	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb3D7E.tmp.exe
2010-08-31 12:16 . 2010-08-31 12:16	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEC76.tmp.exe
2010-08-30 18:43 . 2010-08-30 18:43	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbD517.tmp.exe
2010-08-25 10:21 . 2010-08-25 10:21	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbC8AD.tmp.exe
2010-08-24 11:22 . 2010-08-24 11:22	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb3415.tmp.exe
2010-08-24 10:18 . 2010-08-24 10:18	--------	d-----w-	c:\programdata\Friends Games
2010-08-23 15:10 . 2010-08-23 15:10	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb6BDE.tmp.exe
2010-08-14 08:36 . 2010-08-14 08:36	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb6932.tmp.exe
2010-08-13 16:08 . 2010-08-13 16:08	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbED9B.tmp.exe
2010-08-12 21:09 . 2010-08-12 21:09	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbD598.tmp.exe
2010-08-02 20:07 . 2010-08-02 20:07	--------	d-----w-	c:\programdata\TERMINAL Studio
2010-08-01 09:43 . 2010-08-01 09:43	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb2CAC.tmp.exe
2010-07-31 15:51 . 2010-07-31 15:51	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbF6D4.tmp.exe
2010-07-30 10:25 . 2010-07-30 10:25	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb80B5.tmp.exe
2010-07-25 09:29 . 2010-07-25 09:29	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb406B.tmp.exe
2010-07-24 09:31 . 2010-07-24 09:31	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb365D.tmp.exe
2010-07-23 10:23 . 2010-07-23 10:23	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb6FA5.tmp.exe
2010-07-20 14:17 . 2010-07-20 14:17	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb512B.tmp.exe
2010-07-14 11:16 . 2010-07-14 11:16	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb81AF.tmp.exe
2010-07-13 18:38 . 2010-07-13 18:38	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb6F00.tmp.exe
2010-07-08 18:07 . 2010-07-08 18:07	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbCAC6.tmp.exe
2010-07-07 09:45 . 2010-07-07 09:45	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbEB6B.tmp.exe
2010-07-06 17:36 . 2010-07-06 17:36	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbAA63.tmp.exe
2010-07-03 22:46 . 2010-07-03 22:46	257257	----a-w-	c:\users\Alice\AppData\Roaming\OpenCandy\OpenCandy_7B1CBF5A3FB34C6A9EC21EE601684E10\DLMgr3WrapperUniBlue.exe
2010-07-01 12:00 . 2010-07-01 12:00	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbB237.tmp.exe
2010-06-30 10:29 . 2010-06-30 10:29	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtbCC7C.tmp.exe
2010-06-29 11:32 . 2010-06-29 11:32	509552	----a-w-	c:\programdata\Google\Google Toolbar\Update\gtb2972.tmp.exe
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-28 68856]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2010-04-28 2633976]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"RtHDVCpl"="RtHDVCpl.exe" [2008-06-13 6183456]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-10-08 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-10-08 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-10-17 167936]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-09 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*debugadvcert.exe"="c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\debugadvcert.exe" [2010-09-25 153088]

c:\users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R2 BarDiscover Service;BarDiscover Service;c:\programdata\BarDiscover\bardiscover149.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-06-26 212992]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-09 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-08-24 84264]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-08-24 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-08-24 164808]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-10-04 69632]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-04-16 93320]
S2 McMPFSvc;Service McAfee Personal Firewall;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [2010-08-24 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-08-24 141792]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-25 45056]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-25 131072]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-08-24 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-08-24 312904]


--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Contenu du dossier 'Tâches planifiées'

2010-09-24 c:\windows\Tasks\Norton Security Scan for Alice.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-23 07:48]

2010-09-25 c:\windows\Tasks\User_Feed_Synchronization-{5D30FB2C-FC0A-4CEC-81C6-A734FDB396AE}.job
- c:\windows\system32\msfeedssync.exe [2010-08-12 04:24]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vb32&d=0209&m=aspire_5735
IE: E&xporter vers Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{DB38E21A-0133-419d-92AD-ECDFD5244D6D} - {3E2DFD6A-4E20-4d4c-AA8B-E1F9DBEF3C80} - c:\program files\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll
IE: {{EB620C54-E229-4942-87CE-E717109FC8C6} - {714E0876-FCEE-49ce-A429-B9AD8AEFCB56} - c:\program files\ShoppingReport2\Bin\2.7.12\ShoppingReport.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 11:07
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 


c:\users\Alice\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan terminé avec succès
Fichiers cachés: 1

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'Explorer.exe'(3436)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32undll32.exe
c:\acer\Mobility Center\MobilityService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Common Files\McAfee\SystemCore\mfefire.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RtHDVCpl.exe
c:\program files\Launch Manager\LManager.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\igfxext.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
.
**************************************************************************
.
Heure de fin: 2010-09-25  11:19:10 - La machine a redémarré
ComboFix-quarantined-files.txt  2010-09-25 09:18
ComboFix2.txt  2010-09-24 05:50

Avant-CF: 84 776 456 192 octets libres
Après-CF: 84 782 309 376 octets libres

- - End Of File - - 38E6DE5667D55186C811E89DD7AD29A6

jlpjlp · Answer

ok ce n'est pas finit


télécharge OTM
http://www.geekstogo.com/forum/files/file/402-otm-oldtimers-move-it/
(de Old_Timer) sur ton Bureau.

double-clique sur OTM.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTM :Paste instruction for items to be moved.


:processes
explorer.exe
:services
BarDiscover Service
BarDiscover
:files
c:\programdata\BarDiscover
:commands
[purity]
[emptytemp]
[start explorer] 



clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTM\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

______________________ 

puis 
remets un rapport kaspersky pour faire le point

lilice · Answer

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
Service BarDiscover Service stopped successfully!
Service BarDiscover Service deleted successfully!
Error: No service named BarDiscover was found to stop!
Service\Driver key BarDiscover not found.
========== FILES ==========
File/Folder c:\programdata\BarDiscover not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alice
->Temp folder emptied: 497023 bytes
->Temporary Internet Files folder emptied: 1418141503 bytes
->Java cache emptied: 72801378 bytes
->Flash cache emptied: 42293 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Flash cache emptied: 75 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Invité
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5061080 bytes
->Flash cache emptied: 853 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 11635904 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 743 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1 438,00 mb
 
 
OTM by OldTimer - Version 3.1.16.1 log created on 09252010_134439

Files moved on Reboot...
File C:\Users\Alice\AppData\Local\Temp\~DF282C.tmp not found!
File C:\Users\Alice\AppData\Local\Temp\~DF2CD3.tmp not found!
File C:\Users\Alice\AppData\Local\Temp\~DF2DAA.tmp not found!
File C:\Users\Alice\AppData\Local\Temp\~DF2DC6.tmp not found!
File C:\Users\Alice\AppData\Local\Temp\~DF2E74.tmp not found!
File C:\Users\Alice\AppData\Local\Temp\~DF3095.tmp not found!
C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2OETM97\ads[4].htm moved successfully.
C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M2OETM97\affich-19268946-trojan-gamethief-win32-et-trojan-spy-js-agent[2].htm moved successfully.
C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1XMAFP0I\ads[2].htm moved successfully.
C:\Users\Alice\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Trojan-GameThief.Win32 et Trojan-Spy.JS.Agent

10 réponses

Votre réponse

Discussions similaires

Newsletters