[virus] impossible a supprimer

lorg03 Messages postés 99 Statut Membre -  
lorg03 Messages postés 99 Statut Membre -
bonjour, j ai depuis deux semaines mon ordinateur qui est infecté; IE est pollué de fenetre publicitaire asiatique, et mon par feu est tres solliciter je trouve, j ai tres souvent des fenetres qui s ouvrent me disant qu un programme suspect essai de se mettre en route.

j aimerai pouvoir me debarrasser de tout ca; comme anti virus, j ai Norton, et j ai rajouté un par feu que l on m a conseillé, Kerio. J ai aussi spycatche rqui m envoit tres souvant des alertes...
j ai fait un rapport Hijackthis que voici:

Logfile of HijackThis v1.99.1
Scan saved at 22:58:57, on 06/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\SWEEPER.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bayle\Bureau\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5853b8b6-d774-4ed5-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4ed5cfsb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {c4cc6cd0-57a1-4c13-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4c13ntos.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
Configuration: Windows XP
Firefox 1.5.0.10


si quelqu un a uen solution il sera le bienvenue
merci

47 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Plusieurs éléments décrivent une infection sur un PC sous Windows XP, avec un affichage constant de publicités et des fenêtres qui annoncent des programmes suspects, malgré Norton et un pare-feu Kerio. La discussion s'appuie sur des rapports HijackThis et sur des éléments modifiés comme pages de démarrage et barres d'outils, avec des modules BHO et des moteurs de recherche redirigés décrits comme problématiques. En cas de piste, certains répondants suggèrent de vérifier les services et les démarrages, d'éviter les téléchargements de scans douteux et d'utiliser des outils hors ligne pour éviter d'alourdir le système.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. solweig91 Messages postés 2 Statut Membre
     
    bonsoir, c pareil j'ai chopé un virus italien par msn.....et je ne comprends rien a hijackthis...et ou fo copier le rapport merci de bien vouloir me repondre
    help

    je suis nouvelle je ne sais pas trop comment fo faire avec les forums,
    merci de bien vouloir m'aider qd meme!
    mon rapport:
    Logfile of HijackThis v1.99.1
    Scan saved at 23:15:02, on 05/03/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\WINDOWS\System32\LVComS.exe
    C:\WINDOWS\ying.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\Cursors\Rg2catbd.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Documents and Settings\sol\Bureau\test.exe\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8l.hpwis.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8l.hpwis.com/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [svchost] C:\WINDOWS\ying.exe
    O4 - HKLM\..\Run: [Rg2catbd] C:\Windows\Cursors\Rg2catbd.exe
    O4 - HKLM\..\Run: [ying] C:\WINDOWS\ying.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe"
    O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    0
  2. zBr
     
    Bonsoir lorg03

    Télécharge Comboscan ici:
    http://www.techsupportforum.com/sectools/Deckard/comboscan.exe
    et enregistre le sur ton bureau.

    Fermes toutes les applications en cours et lances Comboscan.exe
    Sois patient, le scan peut durer de 1 à plus de 5 minutes.
    Une fois le scan terminé, rends toi dans le dossier :
    C:\ComboScan
    et copie et colle ici tout le contenu des fichiers :
    ComboScan.txt
    et
    Supplementary.txt.

    a++
    0
  3. lorg03 Messages postés 99 Statut Membre
     
    voici le tres long rapport comboscan:

    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    Successfully created restore point.
    Performed disk cleanup.

    -- HijackThis (run as bayle.exe) ------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 03:18:15, on 07/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\System32\svchost.exe
    F:\BitComet\BitComet.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Documents and Settings\bayle\Bureau\comboscan.exe
    C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
    O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5853b8b6-d774-4ed5-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4ed5cfsb.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {c4cc6cd0-57a1-4c13-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4c13ntos.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

    -- HijackThis Fixed Entries (C:\DOCUME~1\bayle\Bureau\HIJACK~1\backups\) --------

    backup-20070222-070243-215 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
    backup-20070222-070243-257 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
    backup-20070222-070243-161 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    backup-20070222-070243-556 O2 - BHO: (no name) - {4b16577c-a8e2-4c7f-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4c7fcfsb.dll
    backup-20070222-070243-495 O2 - BHO: ʵÓÃËÑË÷ - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - (no file)
    backup-20070222-070243-318 O2 - BHO: (no name) - {A4B313AC-16DC-52D1-A4D7-1D4F7B1A9C4E} - C:\WINDOWS\system32\mshtmll.dll
    backup-20070222-070243-962 O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
    backup-20070222-070243-830 O2 - BHO: 7c97 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\496cntos.dll
    backup-20070222-070243-203 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    backup-20070222-070243-957 O4 - HKLM\..\Run: [System] C:\Program Files\Fichiers communs\System\Updaterun.exe
    backup-20070222-070243-694 O4 - HKLM\..\Run: [srodzxdjht] c:\windows\system32\srodzxdjht.exe srodzxdjht
    backup-20070222-070243-342 O4 - HKLM\..\Run: [sdafdsafds] C:\WINDOWS\temp\162.exe
    backup-20070222-070243-772 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    backup-20070222-070243-289 O4 - HKCU\..\Run: [mssys32] C:\WINDOWS\system32\mssys32.exe
    backup-20070222-070243-932 O4 - HKCU\..\Run: [mshtmll] regsvr32 /s C:\WINDOWS\system32\mshtmll.dll
    backup-20070222-070243-267 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    backup-20070222-070243-121 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    backup-20070222-070243-200 O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll
    backup-20070222-070244-810 O23 - Service: 988FC5FC - Unknown owner - C:\WINDOWS\system32\988FC5FC.EXE (file missing)
    backup-20070224-192816-464 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
    backup-20070224-192816-244 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
    backup-20070224-192816-420 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    backup-20070224-192816-234 R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\ËÑË÷À¸\tbhelper.dll
    backup-20070224-192816-324 O2 - BHO: (no name) - {5b04469f-0b09-4f4e-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4f4ecfsb.dll (file missing)
    backup-20070224-192816-523 O2 - BHO: b9f5 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4153ntos.dll (file missing)
    backup-20070224-192816-191 O2 - BHO: TBSB03263 - {EEC7E620-B32A-4E3B-B200-291660803474} - C:\PROGRA~1\ËÑË÷À¸\eqiso.dll
    backup-20070224-192816-778 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
    backup-20070224-192816-533 O3 - Toolbar: ??? - {33E640D8-EB95-4B22-B475-1852B7D35993} - C:\Program Files\ËÑË÷À¸\eqiso.dll
    backup-20070224-234311-576 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kuaiso.com/
    backup-20070224-234311-431 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
    backup-20070224-234311-928 O3 - Toolbar: (no name) - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - (no file)
    backup-20070224-234311-324 O3 - Toolbar: ??? - {33E640D8-EB95-4B22-B475-1852B7D35993} - C:\Program Files\ËÑË÷À¸\eqiso.dll

    -- File Associations ------------------------------------------------------------

    .bat - batfile - "%1" %*
    .chm - chm.file - "C:\WINDOWS\hh.exe" %1
    .cmd - cmdfile - "%1" %*
    .com - comfile - "%1" %*
    .exe - exefile - "%1" %*
    .hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
    .inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
    .js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
    .lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
    .pif - piffile - "%1" %*
    .reg - regfile - regedit.exe "%1"
    .scr - scrfile - "%1" /S
    .txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
    .vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

    3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    3R AR5211 (Atheros Wireless Network Adapter Service) - C:\WINDOWS\system32\drivers\ar5211.sys
    2S ast - C:\WINDOWS\system32\drivers\ast.sys (not found)
    1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
    3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys
    3R DKbFltr (Dritek HotKey Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\DKbFltr.SYS
    1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
    3R EraserUtilRebootDrv - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    2S ffpbek - C:\WINDOWS\system32\drivers\ffpbek.sys (not found)
    0R fowf_n - C:\WINDOWS\system32\drivers\fowf_n.sys
    1R fwdrv (Firewall Driver) - C:\WINDOWS\system32\drivers\fwdrv.sys
    3S gmer - C:\WINDOWS\system32\drivers\gmer.sys
    0R gzqkx (gzqk) - C:\WINDOWS\system32\drivers\gzqkx.sys
    2R hidproc - C:\WINDOWS\system32\drivers\hidproc.sys
    3R HSFHWSIS - C:\WINDOWS\system32\drivers\HSFHWSIS.sys
    3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
    2R i82440bx - C:\WINDOWS\system32\drivers\i82440bx.sys
    2R int15.sys - C:\Acer\Empowering Technology\eRecovery\int15.sys
    1R intelppm (Pilote de processeur Intel) - C:\WINDOWS\system32\drivers\intelppm.sys
    3S Jukebox3 - C:\WINDOWS\system32\drivers\ctpdusb.sys
    1R khips (Kerio HIPS Driver) - C:\WINDOWS\system32\drivers\khips.sys
    2R lanfs - C:\WINDOWS\system32\drivers\lanfs.sys
    2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
    3R NAVENG - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070305.018\NAVENG.SYS
    3R NAVEX15 - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070305.018\NAVEX15.SYS
    3R NTIDrvr (Upper Class Filter Driver) - C:\WINDOWS\system32\drivers\NTIDrvr.sys
    2R osaio - C:\WINDOWS\system32\drivers\osaio.sys
    2R osanbm - C:\WINDOWS\system32\drivers\osanbm.sys
    3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
    0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
    3R SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
    0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
    1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
    3R SISNICXP (SiS PCI Fast Ethernet Adapter Driver for NDIS51) - C:\WINDOWS\system32\drivers\sisnicxp.sys
    1R SPBBCDrv - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
    0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
    1R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
    3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
    1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
    3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
    3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
    3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
    3R SYMIDSCO - C:\Program Files\Fichiers communs\Symantec Shared\SymcData\idsdefs\20070302.001\SymIDSCo.sys
    3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
    3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
    1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
    3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
    0R uagp35 (Filtre AGP version 3.5 Microsoft) - C:\WINDOWS\system32\drivers\UAGP35.SYS
    0R UBHelper - C:\WINDOWS\system32\drivers\UBHelper.sys
    3R usbehci (Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0) - C:\WINDOWS\system32\drivers\usbehci.sys
    3R usbohci (Pilote miniport de contrôleur hôte ouvert USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys
    3R USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
    3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
    3S WpdUsb - C:\WINDOWS\system32\drivers\wpdusb.sys

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    4S 988FC5FC - C:\WINDOWS\system32\988FC5FC.EXE -service
    2S A9C0AE3A - C:\WINDOWS\system32\A9C0AE3A.EXE -service
    2R anbmService (Notebook Manager Service) - C:\Acer\eManager\anbmServ.exe
    2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
    2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
    2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
    3S comHost (COM Host) - "C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe"
    2R Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.EXE
    2R datl (Std datl Service) - C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\yvld\ifvq.dll,Service -s
    2S Fax - C:\WINDOWS\system32\fxssvc.exe
    4S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
    2S jsefusf - C:\WINDOWS\system32\jsefusf.exe -service
    2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
    3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
    2S Mercha2 (Local Connection Manager) - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL,Export 1087
    3S ose (Office Source Engine) - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
    3S Symantec Core LC - "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"
    2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"
    2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
    2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"

    -- Scheduled Tasks --------------------------------------------------------------

    2007-03-07 02:48:56 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
    2007-03-02 20:00:16 564 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - bayle.job<NORTON~1.JOB>

    -- Files created between 2007-02-07 and 2007-03-07 ------------------------------

    2007-03-07 02:45:20 0 d--hs---- C:\FOUND.002
    2007-03-07 00:03:28 0 d-------- C:\Program Files\Fichiers communs\CPUSH
    2007-03-06 16:08:20 10752 --a------ C:\WINDOWS\system32\drivers\lanfs.sys
    2007-03-06 16:06:52 108106 --a------ C:\WINDOWS\system32\jjgfst1.exe
    2007-03-01 18:53:32 209920 --a------ C:\WINDOWS\system32\lsanp.dll
    2007-03-01 18:53:32 10752 --a------ C:\WINDOWS\system32\drivers\i82440bx.sys
    2007-02-28 16:02:17 10752 --a------ C:\WINDOWS\system32\drivers\https.sys
    2007-02-27 19:12:22 41902 --a------ C:\WINDOWS\system32\431172599928.dat<4359C6~1.DAT>
    2007-02-27 16:24:51 41902 --a------ C:\WINDOWS\system32\431172589876.dat<434DDF~1.DAT>
    2007-02-27 07:30:11 42086 --a------ C:\WINDOWS\system32\431172557805.dat<434DBC~1.DAT>
    2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
    2007-02-27 01:27:35 15360 --a------ C:\WINDOWS\system32\cacheur.exe
    2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
    2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
    2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
    2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
    2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
    2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
    2007-02-27 01:22:48 42036 --a------ C:\WINDOWS\system32\431172535764.dat<4331D4~1.DAT>
    2007-02-27 01:14:16 42036 --a------ C:\WINDOWS\system32\431172535255.dat<433DC6~1.DAT>
    2007-02-26 20:39:30 0 d-------- C:\Program Files\yvld
    2007-02-26 06:01:49 42080 --a------ C:\WINDOWS\system32\431172466108.dat<434AB7~1.DAT>
    2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461307.dat<4340B7~1.DAT>
    2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461303.dat<4330B7~1.DAT>
    2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
    2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
    2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
    2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
    2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
    2007-02-25 19:17:01 42030 --a------ C:\WINDOWS\system32\431172427410.dat<4320CD~1.DAT>
    2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
    2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424302.dat<4326BF~1.DAT>
    2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424300.dat<4326B7~1.DAT>
    2007-02-25 04:39:51 42030 --a------ C:\WINDOWS\system32\431172374790.dat<4339D8~1.DAT>
    2007-02-24 21:48:22 0 d-------- C:\Rustbfix
    2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
    2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
    2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
    2007-02-23 21:07:20 42030 --a------ C:\WINDOWS\system32\431172261240.dat<432EBD~1.DAT>
    2007-02-23 21:07:17 43060 --a------ C:\WINDOWS\system32\jsefusf.exe
    2007-02-23 21:06:21 42030 --a------ C:\WINDOWS\system32\431172261173.dat<432AC3~1.DAT>
    2007-02-23 05:23:26 6633 --a------ C:\WINDOWS\system32\dufs2.exe
    2007-02-23 04:22:55 285584 --a------ C:\WINDOWS\system32\dufs1.exe
    2007-02-23 03:22:48 42286 --a------ C:\WINDOWS\system32\431172197367.dat<4341DB~1.DAT>
    2007-02-22 23:43:52 42286 --a------ C:\WINDOWS\system32\431172184232.dat<432FBE~1.DAT>
    2007-02-22 21:25:40 42286 --a------ C:\WINDOWS\system32\431172175921.dat<433DB1~1.DAT>
    2007-02-22 21:18:13 42286 --a------ C:\WINDOWS\system32\431172175486.dat<4345D7~1.DAT>
    2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
    2007-02-22 09:49:52 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
    2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
    2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
    2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125156.dat<4339C6~1.DAT>
    2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125154.dat<4329CE~1.DAT>
    2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124388.dat<4343DA~1.DAT>
    2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124382.dat<4323D2~1.DAT>
    2007-02-22 05:18:17 42286 --a------ C:\WINDOWS\system32\431172117895.dat<434DD9~1.DAT>
    2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073651.dat<4334C7~1.DAT>
    2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073648.dat<4340C3~1.DAT>
    2007-02-21 05:59:47 42142 --a------ C:\WINDOWS\system32\431172033987.dat<4340D5~1.DAT>
    2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025439.dat<431172~4.DAT>
    2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025435.dat<431172~3.DAT>
    2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
    2007-02-21 02:51:13 42142 --a------ C:\WINDOWS\system32\431172022672.dat<431172~2.DAT>
    2007-02-21 02:50:12 42142 --a------ C:\WINDOWS\system32\431172022612.dat<431172~1.DAT>
    2007-02-21 00:16:48 0 d--hs---- C:\FOUND.001
    2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
    2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
    2007-02-20 15:54:06 37376 --a------ C:\WINDOWS\system32\jsefusf.dll
    2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
    2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
    2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
    2007-02-18 19:45:07 9327 --a------ C:\WINDOWS\system32\drivers\hidproc.sys
    2007-02-18 19:45:02 41984 --a------ C:\WINDOWS\system32\A9C0AE3A.DLL
    2007-02-18 19:45:01 50227 --a------ C:\WINDOWS\system32\A9C0AE3AT.EXE<A9C0AE~1.EXE>
    2007-02-18 19:45:01 50227 --a------ C:\WINDOWS\system32\A9C0AE3A.EXE
    2007-02-18 19:44:51 171 --a------ C:\WINDOWS\system32\988FC5FC.dat
    2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
    2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
    2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
    2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
    2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>
    2007-02-08 21:49:14 264754 --a------ C:\WINDOWS\system32\srodzxdjht_nav.dat<SRODZX~3.DAT>
    2007-02-08 21:48:11 366 --a------ C:\WINDOWS\system32\srodzxdjht_navps.dat<SRODZX~2.DAT>
    2007-02-08 21:48:06 4741 --a------ C:\WINDOWS\system32\srodzxdjht.dat<SRODZX~1.DAT>

    -- Find3M Report ----------------------------------------------------------------

    2007-03-06 18:43:12 0 --a------ C:\WINDOWS\system32\cievz.dll
    2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
    2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
    2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

    -- Registry Dump ----------------------------------------------------------------

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
    "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
    "SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
    "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
    "LaunchApp"="Alaunch"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
    "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
    "SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ttp"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ast
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ffpbek
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanfs
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\msusbbux

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    Tech

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

    -- End of ComboScan: finished at 2007-03-07 at 03:21:05 -------------------------
    0
  4. zBr
     
    Salut Lorg

    Oui, le rapport est assez long en effet.
    Tu as posté aussi le contenu du fichier C:\ComboScan\Supplementary.txt ?
    Ce serait bien si tu pouvais le faire.

    Ton infection est assez sévère et protégé par rootkit.
    Avant de te donner une procédure, j'aimerais que tu fasse scanner les fichier si-dessous ici:
    http://www.virustotal.com/en/virustotalx.html
    Une fois sur le site, tu clic sur parcourir et tu recherche le premier fichier de la liste (n'oublie pas de rendre visible avant les fichiers cachés et système) et tu clic sur send.
    sauvegarde le rapport dans un fichier txt et fais pareil pour les autres fichiers.

    C:\WINDOWS\system32\drivers\msusbbux.sys
    C:\WINDOWS\system32\S32EVNT1.DLL
    C:\WINDOWS\system32\drivers\https.sys
    C:\WINDOWS\system32\cievz.dll
    C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL

    Ensuite télécharge Clean.zip (de Malekal),
    http://www.malekal.com/download/clean.zip
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente.
    Poste ensuite le contenu de tous les rapport.

    a++
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. lorg03 Messages postés 99 Statut Membre
     
    salut,
    j ai pas trouvé les fichiers suivants malgré les fichiers cachés:

    C:\WINDOWS\system32\drivers\msusbbux.sys

    C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL
    0
  7. lorg03 Messages postés 99 Statut Membre
     
    VOICI LE CONTENU DES RAPPORT PR LES TROIS DOSSIERS QUE J AI TROUVE:

    pr HTTPS :
    Complete scanning result of "https.sys", received in VirusTotal at 03.06.2007, 23:17:12 (CET).

    Antivirus Version Update Result
    AntiVir 7.3.1.38 03.06.2007 TR/Agent.afb.6
    Authentium 4.93.8 03.06.2007 no virus found
    Avast 4.7.936.0 03.06.2007 no virus found
    AVG 7.5.0.447 03.06.2007 Generic3.GED
    BitDefender 7.2 03.06.2007 Trojan.Rootkit.Protector.A
    CAT-QuickHeal 9.00 03.06.2007 no virus found
    ClamAV devel-20060426 03.06.2007 no virus found
    DrWeb 4.33 03.06.2007 no virus found
    eSafe 7.0.14.0 03.06.2007 Win32.Agent.afb
    eTrust-Vet 30.6.3458 03.06.2007 no virus found
    Ewido 4.0 03.06.2007 Trojan.Agent.afb
    FileAdvisor 1 03.06.2007 no virus found
    Fortinet 2.85.0.0 03.06.2007 W32/Agent.AFB!tr
    F-Prot 4.3.1.45 03.06.2007 no virus found
    F-Secure 6.70.13030.0 03.06.2007 Trojan.Win32.Agent.afb
    Ikarus T3.1.1.3 03.06.2007 Trojan.Win32.Agent.afb
    Kaspersky 4.0.2.24 03.06.2007 Trojan.Win32.Agent.afb
    McAfee 4978 03.06.2007 New Malware.z
    Microsoft 1.2204 03.06.2007 Program:Win32/CaiFu (threat-c)
    NOD32v2 2099 03.06.2007 no virus found
    Norman 5.80.02 03.06.2007 W32/Agent.BDLB
    Panda 9.0.0.4 03.06.2007 no virus found
    Prevx1 V2 03.06.2007 no virus found
    Sophos 4.15.0 03.06.2007 no virus found
    Sunbelt 2.2.907.0 03.05.2007 no virus found
    Symantec 10 03.06.2007 no virus found
    TheHacker 6.1.6.070 03.06.2007 no virus found
    UNA 1.83 03.06.2007 no virus found
    VBA32 3.11.2 03.05.2007 no virus found
    VirusBuster 4.3.19:9 03.06.2007 no virus found

    Aditional Information
    File size: 10752 bytes
    MD5: a4a8e0892bf7433de758bd1022b90a17
    SHA1: 769a86c8ce4fb255fa6f57aba8ad180996d8bb25*

    pour S32EVNT:
    Antivirus Version Update Result
    AntiVir 7.3.1.38 03.06.2007 no virus found
    Authentium 4.93.8 03.06.2007 no virus found
    Avast 4.7.936.0 03.06.2007 no virus found
    AVG 7.5.0.447 03.06.2007 no virus found
    BitDefender 7.2 03.06.2007 no virus found
    CAT-QuickHeal 9.00 03.06.2007 no virus found
    ClamAV devel-20060426 03.06.2007 no virus found
    DrWeb 4.33 03.06.2007 no virus found
    eSafe 7.0.14.0 03.06.2007 no virus found
    eTrust-Vet 30.6.3458 03.06.2007 no virus found
    Ewido 4.0 03.06.2007 no virus found
    FileAdvisor 1 03.06.2007 no virus found
    Fortinet 2.85.0.0 03.06.2007 no virus found
    F-Prot 4.3.1.45 03.06.2007 no virus found
    F-Secure 6.70.13030.0 03.06.2007 no virus found
    Ikarus T3.1.1.3 03.06.2007 no virus found
    Kaspersky 4.0.2.24 03.06.2007 no virus found
    McAfee 4978 03.06.2007 no virus found
    Microsoft 1.2204 03.06.2007 no virus found
    NOD32v2 2099 03.06.2007 no virus found
    Norman 5.80.02 03.06.2007 no virus found
    Panda 9.0.0.4 03.06.2007 no virus found
    Prevx1 V2 03.06.2007 no virus found
    Sophos 4.15.0 03.06.2007 no virus found
    Sunbelt 2.2.907.0 03.05.2007 no virus found
    Symantec 10 03.06.2007 no virus found
    TheHacker 6.1.6.070 03.06.2007 no virus found
    UNA 1.83 03.06.2007 no virus found
    VBA32 3.11.2 03.05.2007 no virus found
    VirusBuster 4.3.19:9 03.06.2007 no virus found

    et pour cievz.dll:
    0 bytes size received / Se ha recibido un archivo vacio

    enfin, le rapport clean:

    Rapport clean par Malekal_morte - http://www.malekal.com
    Option 1, executee le 07/03/2007 a 23:49:12,39

    *** Recherche de fichiers sur C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\jsefusf.exe FOUND
    C:\WINDOWS\system32\cacheur.exe FOUND
    C:\WINDOWS\system32\dufs1.exe FOUND
    C:\WINDOWS\system32\dufs2.exe FOUND
    C:\WINDOWS\system32\jsefusf.exe FOUND
    C:\WINDOWS\System32\jsefusf.dll FOUND
    C:\WINDOWS\system32\regsvr32.dll FOUND
    C:\WINDOWS\system32\jsefusf.dll FOUND
    C:\WINDOWS\system32\wbem\ocmor.dll FOUND

    "C:\Program Files\Fichiers communs\CPUSH\" FOUND
    *** Fin du rapport !

    merci

    a+
    0
  8. zBr
     
    Salut lorg

    Merci.

    Donc voilà la manip à suivre scrupuleusement :-)

    1. Télécharge The Avenger par Swandog46 sur ton Bureau.
    http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

    * Extraire avenger.exe sur ton bureau

    2. Copier tout le texte en bleu ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C)

    3. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.

    * Sous "Script file to execute" choisir "Input Script Manually".
    * Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
    * Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
    * Cliquer Done
    * ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
    * Répondre "Yes" deux fois quand demandé.

    4. The Avenger va automatiquement faire ce qui suit:

    * Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
    * Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
    * Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
    * The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.

    5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau log HijackThis et comboscan

    Drivers to unload:
    ast
    ffpbek
    hidproc
    https
    gzqkx
    hidproc
    lanfs
    
    
    Registry keys to delete:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\988FC5FC
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\A9C0AE3A
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\datl
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jsefusf
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mercha2
     
    
    Files to delete:
    C:\WINDOWS\\jsefusf.dll
    C:\WINDOWS\system32\988FC5FC.EXE
    C:\WINDOWS\system32\A9C0AE3A.EXE
    C:\WINDOWS\system32\A9C0AE3A.DLL
    C:\WINDOWS\system32\A9C0AE3AT.EXE
    C:\WINDOWS\system32\A9C0AE3A.EXE
    C:\WINDOWS\system32\4c13ntos.dll
    C:\WINDOWS\system32\4f4ecfsb.dl
    C:\WINDOWS\system32\4153ntos.dll
    C:\WINDOWS\system32\cievz.dll
    C:\WINDOWS\system32\dufs2.exe
    C:\WINDOWS\system32\dufs1.exe
    C:\WINDOWS\system32\jsefusf.exe
    C:\WINDOWS\system32\jjgfst1.exe
    C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE
    C:\WINDOWS\system32\lsanp.dll
    C:\WINDOWS\system32\mshtmll.dll
    C:\WINDOWS\system32\mssys32.exe
    C:\WINDOWS\system32\regsvr32.dll 
    C:\WINDOWS\system32\cacheur.exe
    C:\WINDOWS\system32\srodzxdjht_nav.dat
    C:\WINDOWS\system32\srodzxdjht_navps.dat
    C:\WINDOWS\system32\srodzxdjht.dat
    C:\WINDOWS\SYSTEM32\cryptimg.dll
    C:\WINDOWS\system32\drivers\ast.sys
    C:\WINDOWS\system32\drivers\ffpbek.sys
    C:\WINDOWS\system32\drivers\gzqkx.sys
    C:\WINDOWS\system32\drivers\hidproc.sys
    C:\WINDOWS\system32\drivers\https.sys
    C:\WINDOWS\system32\drivers\lanfs.sys
    C:\WINDOWS\system32\drivers\ttp.exe
    C:\WINDOWS\system32\wbem\ocmor.dll
    C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL
    %PROGRAMFILES%Fichiers communs\System\Updaterun.exe
    
    
    Folders to delete:
    %ProgramFiles%\Fichiers communs\CPUSH
    %APPDATA%\Fichiers communs\CPUSH
    %PROGRAMFILES%\ËÑË÷À


    Bon courage !

    a+
    0
  9. Utilisateur anonyme
     
    Bonjour à tous,

    Désolé d'intervenir mais je crois qu'il y a un petit manque à un fichier du script avenger

    %PROGRAMFILES%Fichiers communs\System\Updaterun.exe

    %PROGRAMFILES%\Fichiers communs\System\Updaterun.exe

    Bonne continuation
    0
  10. lorg03 Messages postés 99 Statut Membre
     
    bjr, mais bien fait la manipulation mais le ficher txt est vide, peut etre un pb de par feu qui s est declenché au meme moment quand l ordinateur s est rallumé...
    voici le rapport hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:30:17, on 08/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\bayle\Bureau\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
    O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
    O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
    O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
    O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
    O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    0
  11. lorg03 Messages postés 99 Statut Membre
     
    et voci le rapport comboscan:

    -- HijackThis (run as bayle.exe) ------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 20:34:07, on 08/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\bayle\Bureau\comboscan.exe
    C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
    O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
    O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
    O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
    O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
    O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

    -- Files created between 2007-02-08 and 2007-03-08 ------------------------------

    2007-03-08 20:10:52 0 d-------- C:\avenger
    2007-03-08 20:10:16 44224 --a------ C:\WINDOWS\system32\sdftj.dat
    2007-03-08 15:45:34 0 d-------- C:\Program Files\Alexa Toolbar<ALEXAT~1>
    2007-03-08 15:44:19 10752 --a------ C:\WINDOWS\system32\drivers\romman.sys
    2007-03-08 15:44:11 14848 --a------ C:\WINDOWS\system32\xpnap.exe
    2007-03-08 15:44:10 32256 --a------ C:\WINDOWS\system32\kbnaxp.dll
    2007-03-08 15:44:09 9728 --a------ C:\WINDOWS\system32\trtbc.dll
    2007-03-08 15:44:09 9901 --a------ C:\WINDOWS\system32\drivers\ndcia.sys
    2007-03-07 02:45:20 0 d--hs---- C:\FOUND.002
    2007-03-07 00:03:28 0 d-------- C:\Program Files\Fichiers communs\CPUSH
    2007-03-06 16:08:20 10752 --a------ C:\WINDOWS\system32\drivers\lanfs.sys
    2007-03-06 16:06:52 108106 --a------ C:\WINDOWS\system32\jjgfst1.exe
    2007-03-01 18:53:32 232448 --a------ C:\WINDOWS\system32\lsanp.dll
    2007-03-01 18:53:32 10752 --a------ C:\WINDOWS\system32\drivers\i82440bx.sys
    2007-02-27 19:12:22 41902 --a------ C:\WINDOWS\system32\431172599928.dat<4359C6~1.DAT>
    2007-02-27 16:24:51 41902 --a------ C:\WINDOWS\system32\431172589876.dat<434DDF~1.DAT>
    2007-02-27 07:30:11 42086 --a------ C:\WINDOWS\system32\431172557805.dat<434DBC~1.DAT>
    2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
    2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
    2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
    2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
    2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
    2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
    2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
    2007-02-27 01:22:48 42036 --a------ C:\WINDOWS\system32\431172535764.dat<4331D4~1.DAT>
    2007-02-27 01:14:16 42036 --a------ C:\WINDOWS\system32\431172535255.dat<433DC6~1.DAT>
    2007-02-26 20:39:30 0 d-------- C:\Program Files\yvld
    2007-02-26 06:01:49 42080 --a------ C:\WINDOWS\system32\431172466108.dat<434AB7~1.DAT>
    2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461307.dat<4340B7~1.DAT>
    2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461303.dat<4330B7~1.DAT>
    2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
    2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
    2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
    2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
    2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
    2007-02-25 19:17:01 42030 --a------ C:\WINDOWS\system32\431172427410.dat<4320CD~1.DAT>
    2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
    2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424302.dat<4326BF~1.DAT>
    2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424300.dat<4326B7~1.DAT>
    2007-02-25 04:39:51 42030 --a------ C:\WINDOWS\system32\431172374790.dat<4339D8~1.DAT>
    2007-02-24 21:48:22 0 d-------- C:\Rustbfix
    2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
    2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
    2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
    2007-02-23 21:07:20 42030 --a------ C:\WINDOWS\system32\431172261240.dat<432EBD~1.DAT>
    2007-02-23 21:07:17 43062 --a------ C:\WINDOWS\system32\jsefusf.exe
    2007-02-23 21:06:21 42030 --a------ C:\WINDOWS\system32\431172261173.dat<432AC3~1.DAT>
    2007-02-23 05:23:26 6633 --a------ C:\WINDOWS\system32\dufs2.exe
    2007-02-23 04:22:55 285584 --a------ C:\WINDOWS\system32\dufs1.exe
    2007-02-23 03:22:48 42286 --a------ C:\WINDOWS\system32\431172197367.dat<4341DB~1.DAT>
    2007-02-22 23:43:52 42286 --a------ C:\WINDOWS\system32\431172184232.dat<432FBE~1.DAT>
    2007-02-22 21:25:40 42286 --a------ C:\WINDOWS\system32\431172175921.dat<433DB1~1.DAT>
    2007-02-22 21:18:13 42286 --a------ C:\WINDOWS\system32\431172175486.dat<4345D7~1.DAT>
    2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
    2007-02-22 09:49:52 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
    2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
    2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
    2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125156.dat<4339C6~1.DAT>
    2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125154.dat<4329CE~1.DAT>
    2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124388.dat<4343DA~1.DAT>
    2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124382.dat<4323D2~1.DAT>
    2007-02-22 05:18:17 42286 --a------ C:\WINDOWS\system32\431172117895.dat<434DD9~1.DAT>
    2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073651.dat<4334C7~1.DAT>
    2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073648.dat<4340C3~1.DAT>
    2007-02-21 05:59:47 42142 --a------ C:\WINDOWS\system32\431172033987.dat<4340D5~1.DAT>
    2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025439.dat<431172~4.DAT>
    2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025435.dat<431172~3.DAT>
    2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
    2007-02-21 02:51:13 42142 --a------ C:\WINDOWS\system32\431172022672.dat<431172~2.DAT>
    2007-02-21 02:50:12 42142 --a------ C:\WINDOWS\system32\431172022612.dat<431172~1.DAT>
    2007-02-21 00:16:48 0 d--hs---- C:\FOUND.001
    2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
    2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
    2007-02-20 15:54:06 37376 --a------ C:\WINDOWS\system32\jsefusf.dll
    2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
    2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
    2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
    2007-02-18 19:45:02 41984 --a------ C:\WINDOWS\system32\A9C0AE3A.DLL
    2007-02-18 19:45:01 50227 --a------ C:\WINDOWS\system32\A9C0AE3AT.EXE<A9C0AE~1.EXE>
    2007-02-18 19:45:01 50227 --a------ C:\WINDOWS\system32\A9C0AE3A.EXE
    2007-02-18 19:44:51 171 --a------ C:\WINDOWS\system32\988FC5FC.dat
    2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
    2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
    2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
    2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
    2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>
    2007-02-08 21:49:14 264754 --a------ C:\WINDOWS\system32\srodzxdjht_nav.dat<SRODZX~3.DAT>
    2007-02-08 21:48:11 366 --a------ C:\WINDOWS\system32\srodzxdjht_navps.dat<SRODZX~2.DAT>
    2007-02-08 21:48:06 4741 --a------ C:\WINDOWS\system32\srodzxdjht.dat<SRODZX~1.DAT>

    -- Find3M Report ----------------------------------------------------------------

    2007-03-06 18:43:12 0 --a------ C:\WINDOWS\system32\cievz.dll
    2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
    2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
    2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

    -- Registry Dump ----------------------------------------------------------------

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
    "SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
    "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
    "LaunchApp"="Alaunch"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
    "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
    "SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ttp"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
    "{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}"="NetCache"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ast
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ffpbek
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanfs
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\msusbbux
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ndcia
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\romman

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    Tech

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS

    -- End of ComboScan: finished at 2007-03-08 at 20:36:42 -------------------------

    merci et a++
    0
  12. zBr
     
    Merci !aur3n7 :-), je ne l'avais pas remarqué ! !

    Lorg, recommence toute la procédure avec avenger, mais cette fois tu utiliseras le script ci-dessous à l'étape 3 de la manip.

    Drivers to unload:
    ast
    ffpbek
    hidproc
    https
    gzqkx
    hidproc
    lanfs
    
    
    Registry keys to delete:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\988FC5FC
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\A9C0AE3A
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\datl
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jsefusf
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mercha2
     
    
    Files to delete:
    C:\WINDOWS\\jsefusf.dll
    C:\WINDOWS\system32\988FC5FC.EXE
    C:\WINDOWS\system32\A9C0AE3A.EXE
    C:\WINDOWS\system32\A9C0AE3A.DLL
    C:\WINDOWS\system32\A9C0AE3AT.EXE
    C:\WINDOWS\system32\A9C0AE3A.EXE
    C:\WINDOWS\system32\4c13ntos.dll
    C:\WINDOWS\system32\4f4ecfsb.dl
    C:\WINDOWS\system32\4153ntos.dll
    C:\WINDOWS\system32\cievz.dll
    C:\WINDOWS\system32\dufs2.exe
    C:\WINDOWS\system32\dufs1.exe
    C:\WINDOWS\system32\jsefusf.exe
    C:\WINDOWS\system32\jjgfst1.exe
    C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE
    C:\WINDOWS\system32\lsanp.dll
    C:\WINDOWS\system32\mshtmll.dll
    C:\WINDOWS\system32\mssys32.exe
    C:\WINDOWS\system32\regsvr32.dll
     C:\WINDOWS\system32\xpnap.exe
    C:\WINDOWS\system32\kbnaxp.dll
    C:\WINDOWS\system32\trtbc.dll 
    C:\WINDOWS\system32\cacheur.exe
    C:\WINDOWS\system32\srodzxdjht_nav.dat
    C:\WINDOWS\system32\srodzxdjht_navps.dat
    C:\WINDOWS\system32\srodzxdjht.dat
    C:\WINDOWS\SYSTEM32\cryptimg.dll
    C:\WINDOWS\system32\drivers\romman.sys
    C:\WINDOWS\system32\drivers\ndcia.sys 
    C:\WINDOWS\system32\drivers\ast.sys
    C:\WINDOWS\system32\drivers\ffpbek.sys
    C:\WINDOWS\system32\drivers\gzqkx.sys
    C:\WINDOWS\system32\drivers\hidproc.sys
    C:\WINDOWS\system32\drivers\https.sys
    C:\WINDOWS\system32\drivers\lanfs.sys
    C:\WINDOWS\system32\drivers\ttp.exe
    C:\WINDOWS\system32\wbem\ocmor.dll
    C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL
    %PROGRAMFILES%\Fichiers communs\System\Updaterun.exe
    
    
    Folders to delete:
    %ProgramFiles%\Fichiers communs\CPUSH
    %APPDATA%\Fichiers communs\CPUSH
    %PROGRAMFILES%\ËÑË÷À
    %PROGRAMFILES%\yvld


    Ensuite, reposte un rapport hijackthis, Avenger et comboscan.

    Plus vite tu feras ces manips, mieux ce sera car l'infection progresse de jours en jours...

    a++
    0
  13. lorg03 Messages postés 99 Statut Membre
     
    voici le rapport avenger txt:

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\agkbcndl

    *******************

    Script file located at: \??\C:\WINDOWS\system32\kemwtgrw.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver ast unloaded successfully.
    Driver ffpbek unloaded successfully.

    Registry key \Registry\Machine\System\CurrentControlSet\Services\hidproc not found!
    Unload of driver hidproc failed!

    Could not process line:
    hidproc
    Status: 0xc0000034

    Registry key \Registry\Machine\System\CurrentControlSet\Services\https not found!
    Unload of driver https failed!

    Could not process line:
    https
    Status: 0xc0000034

    Driver gzqkx unloaded successfully.

    Registry key \Registry\Machine\System\CurrentControlSet\Services\hidproc not found!
    Unload of driver hidproc failed!

    Could not process line:
    hidproc
    Status: 0xc0000034

    Registry key \Registry\Machine\System\CurrentControlSet\Services\lanfs not found!
    Unload of driver lanfs failed!

    Could not process line:
    lanfs
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\988FC5FC deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\A9C0AE3A deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\datl deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jsefusf deleted successfully.

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs not found!
    Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs failed!

    Could not process line:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs
    Status: 0xc0000034

    Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mercha2 deleted successfully.

    Could not open file C:\WINDOWS\\jsefusf.dll for deletion
    Deletion of file C:\WINDOWS\\jsefusf.dll failed!

    Could not process line:
    C:\WINDOWS\\jsefusf.dll
    Status: 0xc0000033

    File C:\WINDOWS\system32\988FC5FC.EXE not found!
    Deletion of file C:\WINDOWS\system32\988FC5FC.EXE failed!

    Could not process line:
    C:\WINDOWS\system32\988FC5FC.EXE
    Status: 0xc0000034

    File C:\WINDOWS\system32\A9C0AE3A.EXE deleted successfully.
    File C:\WINDOWS\system32\A9C0AE3A.DLL deleted successfully.
    File C:\WINDOWS\system32\A9C0AE3AT.EXE deleted successfully.

    File C:\WINDOWS\system32\A9C0AE3A.EXE not found!
    Deletion of file C:\WINDOWS\system32\A9C0AE3A.EXE failed!

    Could not process line:
    C:\WINDOWS\system32\A9C0AE3A.EXE
    Status: 0xc0000034

    File C:\WINDOWS\system32\4c13ntos.dll not found!
    Deletion of file C:\WINDOWS\system32\4c13ntos.dll failed!

    Could not process line:
    C:\WINDOWS\system32\4c13ntos.dll
    Status: 0xc0000034

    File C:\WINDOWS\system32\4f4ecfsb.dl not found!
    Deletion of file C:\WINDOWS\system32\4f4ecfsb.dl failed!

    Could not process line:
    C:\WINDOWS\system32\4f4ecfsb.dl
    Status: 0xc0000034

    File C:\WINDOWS\system32\4153ntos.dll not found!
    Deletion of file C:\WINDOWS\system32\4153ntos.dll failed!

    Could not process line:
    C:\WINDOWS\system32\4153ntos.dll
    Status: 0xc0000034

    File C:\WINDOWS\system32\cievz.dll deleted successfully.
    File C:\WINDOWS\system32\dufs2.exe deleted successfully.
    File C:\WINDOWS\system32\dufs1.exe deleted successfully.
    File C:\WINDOWS\system32\jsefusf.exe deleted successfully.
    File C:\WINDOWS\system32\jjgfst1.exe deleted successfully.

    File C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE not found!
    Deletion of file C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE failed!

    Could not process line:
    C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE
    Status: 0xc0000034

    File C:\WINDOWS\system32\lsanp.dll deleted successfully.

    File C:\WINDOWS\system32\mshtmll.dll not found!
    Deletion of file C:\WINDOWS\system32\mshtmll.dll failed!

    Could not process line:
    C:\WINDOWS\system32\mshtmll.dll
    Status: 0xc0000034

    File C:\WINDOWS\system32\mssys32.exe not found!
    Deletion of file C:\WINDOWS\system32\mssys32.exe failed!

    Could not process line:
    C:\WINDOWS\system32\mssys32.exe
    Status: 0xc0000034

    File C:\WINDOWS\system32\regsvr32.dll deleted successfully.
    File C:\WINDOWS\system32\xpnap.exe deleted successfully.
    File C:\WINDOWS\system32\kbnaxp.dll deleted successfully.
    File C:\WINDOWS\system32\trtbc.dll deleted successfully.

    File C:\WINDOWS\system32\cacheur.exe not found!
    Deletion of file C:\WINDOWS\system32\cacheur.exe failed!

    Could not process line:
    C:\WINDOWS\system32\cacheur.exe
    Status: 0xc0000034

    File C:\WINDOWS\system32\srodzxdjht_nav.dat deleted successfully.
    File C:\WINDOWS\system32\srodzxdjht_navps.dat deleted successfully.
    File C:\WINDOWS\system32\srodzxdjht.dat deleted successfully.

    File C:\WINDOWS\SYSTEM32\cryptimg.dll not found!
    Deletion of file C:\WINDOWS\SYSTEM32\cryptimg.dll failed!

    Could not process line:
    C:\WINDOWS\SYSTEM32\cryptimg.dll
    Status: 0xc0000034

    File C:\WINDOWS\system32\drivers\romman.sys deleted successfully.
    File C:\WINDOWS\system32\drivers\ndcia.sys deleted successfully.

    File C:\WINDOWS\system32\drivers\ast.sys not found!
    Deletion of file C:\WINDOWS\system32\drivers\ast.sys failed!

    Could not process line:
    C:\WINDOWS\system32\drivers\ast.sys
    Status: 0xc0000034

    File C:\WINDOWS\system32\drivers\ffpbek.sys not found!
    Deletion of file C:\WINDOWS\system32\drivers\ffpbek.sys failed!

    Could not process line:
    C:\WINDOWS\system32\drivers\ffpbek.sys
    Status: 0xc0000034

    File C:\WINDOWS\system32\drivers\gzqkx.sys deleted successfully.

    File C:\WINDOWS\system32\drivers\hidproc.sys not found!
    Deletion of file C:\WINDOWS\system32\drivers\hidproc.sys failed!

    Could not process line:
    C:\WINDOWS\system32\drivers\hidproc.sys
    Status: 0xc0000034

    File C:\WINDOWS\system32\drivers\https.sys not found!
    Deletion of file C:\WINDOWS\system32\drivers\https.sys failed!

    Could not process line:
    C:\WINDOWS\system32\drivers\https.sys
    Status: 0xc0000034

    File C:\WINDOWS\system32\drivers\lanfs.sys deleted successfully.

    File C:\WINDOWS\system32\drivers\ttp.exe not found!
    Deletion of file C:\WINDOWS\system32\drivers\ttp.exe failed!

    Could not process line:
    C:\WINDOWS\system32\drivers\ttp.exe
    Status: 0xc0000034

    File C:\WINDOWS\system32\wbem\ocmor.dll deleted successfully.

    File C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL not found!
    Deletion of file C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL failed!

    Could not process line:
    C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL
    Status: 0xc0000034

    File C:\Program Files\Fichiers communs\System\Updaterun.exe not found!
    Deletion of file C:\Program Files\Fichiers communs\System\Updaterun.exe failed!

    Could not process line:
    C:\Program Files\Fichiers communs\System\Updaterun.exe
    Status: 0xc0000034

    Folder C:\Program Files\Fichiers communs\CPUSH deleted successfully.

    Could not open folder C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH for deletion
    Deletion of folder C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH failed!

    Could not process line:
    C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH
    Status: 0xc000003a

    Folder C:\Program Files\ËÑË÷À not found!
    Deletion of folder C:\Program Files\ËÑË÷À failed!

    Could not process line:
    C:\Program Files\ËÑË÷À
    Status: 0xc0000034

    Folder C:\Program Files\yvld deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
    0
  14. lorg03 Messages postés 99 Statut Membre
     
    voivie le rapport comboscan:

    ComboScan v20070226.18 run by bayle on 2007-03-08 at 23:54:17
    Computer is in Normal Mode.
    --------------------------------------------------------------------------------

    -- HijackThis (run as bayle.exe) ------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 23:54:30, on 08/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Documents and Settings\bayle\Bureau\comboscan.exe
    C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
    O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll (file missing)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
    O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
    O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
    O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
    O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

    -- Files created between 2007-02-08 and 2007-03-08 ------------------------------

    2007-03-08 23:48:59 0 d-------- C:\avenger
    2007-03-08 20:10:16 44224 --a------ C:\WINDOWS\system32\sdftj.dat
    2007-03-08 15:45:34 0 d-------- C:\Program Files\Alexa Toolbar<ALEXAT~1>
    2007-03-07 02:45:20 0 d--hs---- C:\FOUND.002
    2007-03-01 18:53:32 10752 --a------ C:\WINDOWS\system32\drivers\i82440bx.sys
    2007-02-27 19:12:22 41902 --a------ C:\WINDOWS\system32\431172599928.dat<4359C6~1.DAT>
    2007-02-27 16:24:51 41902 --a------ C:\WINDOWS\system32\431172589876.dat<434DDF~1.DAT>
    2007-02-27 07:30:11 42086 --a------ C:\WINDOWS\system32\431172557805.dat<434DBC~1.DAT>
    2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
    2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
    2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
    2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
    2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
    2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
    2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
    2007-02-27 01:22:48 42036 --a------ C:\WINDOWS\system32\431172535764.dat<4331D4~1.DAT>
    2007-02-27 01:14:16 42036 --a------ C:\WINDOWS\system32\431172535255.dat<433DC6~1.DAT>
    2007-02-26 06:01:49 42080 --a------ C:\WINDOWS\system32\431172466108.dat<434AB7~1.DAT>
    2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461307.dat<4340B7~1.DAT>
    2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461303.dat<4330B7~1.DAT>
    2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
    2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
    2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
    2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
    2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
    2007-02-25 19:17:01 42030 --a------ C:\WINDOWS\system32\431172427410.dat<4320CD~1.DAT>
    2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
    2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424302.dat<4326BF~1.DAT>
    2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424300.dat<4326B7~1.DAT>
    2007-02-25 04:39:51 42030 --a------ C:\WINDOWS\system32\431172374790.dat<4339D8~1.DAT>
    2007-02-24 21:48:22 0 d-------- C:\Rustbfix
    2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
    2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
    2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
    2007-02-23 21:07:20 42030 --a------ C:\WINDOWS\system32\431172261240.dat<432EBD~1.DAT>
    2007-02-23 21:06:21 42030 --a------ C:\WINDOWS\system32\431172261173.dat<432AC3~1.DAT>
    2007-02-23 03:22:48 42286 --a------ C:\WINDOWS\system32\431172197367.dat<4341DB~1.DAT>
    2007-02-22 23:43:52 42286 --a------ C:\WINDOWS\system32\431172184232.dat<432FBE~1.DAT>
    2007-02-22 21:25:40 42286 --a------ C:\WINDOWS\system32\431172175921.dat<433DB1~1.DAT>
    2007-02-22 21:18:13 42286 --a------ C:\WINDOWS\system32\431172175486.dat<4345D7~1.DAT>
    2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
    2007-02-22 09:49:52 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
    2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
    2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
    2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125156.dat<4339C6~1.DAT>
    2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125154.dat<4329CE~1.DAT>
    2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124388.dat<4343DA~1.DAT>
    2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124382.dat<4323D2~1.DAT>
    2007-02-22 05:18:17 42286 --a------ C:\WINDOWS\system32\431172117895.dat<434DD9~1.DAT>
    2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073651.dat<4334C7~1.DAT>
    2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073648.dat<4340C3~1.DAT>
    2007-02-21 05:59:47 42142 --a------ C:\WINDOWS\system32\431172033987.dat<4340D5~1.DAT>
    2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025439.dat<431172~4.DAT>
    2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025435.dat<431172~3.DAT>
    2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
    2007-02-21 02:51:13 42142 --a------ C:\WINDOWS\system32\431172022672.dat<431172~2.DAT>
    2007-02-21 02:50:12 42142 --a------ C:\WINDOWS\system32\431172022612.dat<431172~1.DAT>
    2007-02-21 00:16:48 0 d--hs---- C:\FOUND.001
    2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
    2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
    2007-02-20 15:54:06 37376 --a------ C:\WINDOWS\system32\jsefusf.dll
    2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
    2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
    2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
    2007-02-18 19:44:51 171 --a------ C:\WINDOWS\system32\988FC5FC.dat
    2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
    2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
    2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
    2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
    2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>

    -- Find3M Report ----------------------------------------------------------------

    2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
    2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
    2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

    -- Registry Dump ----------------------------------------------------------------

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
    "SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
    "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
    "LaunchApp"="Alaunch"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
    "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
    "SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="ttp"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
    "{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}"="NetCache"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ast
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ffpbek
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanfs
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\msusbbux
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ndcia
    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\romman

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    Tech

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

    -- End of ComboScan: finished at 2007-03-08 at 23:56:51 -------------------------
    0
  15. lorg03 Messages postés 99 Statut Membre
     
    et pour finir, le rapport hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 23:58:52, on 08/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\sistray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\bayle\Bureau\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
    O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll (file missing)
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
    O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
    O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
    O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
    O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

    merci de m aider, j epsere qu on pourra resoudre les problemes car je telecharge plein de scan ou d anti spyware ou par feu, et du coup mon ordinateur met du temps a tout assimiler au demarrage...

    merci
    a++
    0
  16. zBr
     
    Salut Lorg

    C'est mieux depuis le passage d'Avenger, mais il reste encore du boulot !

    Commence par désinstaller Alexa toolbar dans ajout/Suppression de programmes.

    Ensuite j'aimerais que tu fasse scanner les fichiers si-dessous ici:
    http://www.virustotal.com/en/virustotalx.html
    C:\WINDOWS\system32\drivers\CO_Mon.sys
    C:\WINDOWS\system32\drivers\i82440bx.sys
    Hier j'avais oublié de te les mettre dans la liste :-)

    Ouvre le bloc notes et copie et colle la totalité de ce qui est en bleu ci-dessous:
    REGEDIT4
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=-
    "{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}"=-
    
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ast]
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ffpbek]
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc]
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https]
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanfs]
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\msusbbux]
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ndcia]
    [-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\romman]
    
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]

    Puis clic sur FICHIER dans le menu et sur Enregistrer sous.
    Choisis le bureau comme lieu de destination.
    - Dans [Nom du fichier]:
    Mets fix.reg

    - Dans [Type]
    Choisis tous les fichiers
    Et clic sur [Enregistrer]

    Une fois fait, redemarre en mode sans échec (impératif).
    Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
    Choisis le mode sans échec dans les options et valide avec entrée.
    Rend visible les fichiers cachés et systeme
    panneau de configuration > options des dossiers > onglet affichage
    Cocher la case devant " afficher les fichiers et dossiers cachés "
    Décocher la case devant " masquer les extentions des fichiers dont le type est connu"
    Décocher la case devant " masquer les fichiers protégés du système"
    clic sur [Appliquer] puis sur [ok] pour valider

    /!\ Ne pas oublier une fois le nettoyage terminé de faire l'inverse pour recacher les fichiers.

    Lance hijackthis et clic sur [Do a system scan only]
    Coche la case au début des lignes suivantes:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll

    O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
    O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll (file missing)
    02 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
    O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll

    O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
    O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

    O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
    O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
    O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
    O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
    O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

    Valide en cliquant sur le bouton [Fix checked]

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Recherche et supprime ces fichiers s'ils sont présent:
    (N'utilise pas la fonction "Rechercher", rends toi directement dans les dossiers avec l'explorateur)

    C:\WINDOWS\system32\AlxTB1.dll
    C:\WINDOWS\system32\jsefusf.dll
    C:\WINDOWS\system32\4520ntos.dll
    C:\WINDOWS\system32\4074cfsb.dll
    C:\WINDOWS\system32\988FC5FC.dat
    C:\WINDOWS\system32\431172125156.dat
    C:\WINDOWS\system32\431172125154.dat
    C:\WINDOWS\system32\431172124388.dat
    C:\WINDOWS\system32\431172124382.dat
    C:\WINDOWS\system32\431172117895.dat
    C:\WINDOWS\system32\431172073651.dat
    C:\WINDOWS\system32\431172073648.dat
    C:\WINDOWS\system32\431172033987.dat
    C:\WINDOWS\system32\431172025439.dat
    C:\WINDOWS\system32\431172025435.dat
    C:\WINDOWS\system32\431172175486.dat
    C:\WINDOWS\system32\431172175921.dat
    C:\WINDOWS\system32\431172261240.dat
    C:\WINDOWS\system32\431172261173.dat
    C:\WINDOWS\system32\431172197367.dat
    C:\WINDOWS\system32\431172184232.dat
    C:\WINDOWS\system32\431172424302.dat
    C:\WINDOWS\system32\431172424300.dat
    C:\WINDOWS\system32\431172374790.dat
    C:\WINDOWS\system32\431172022672.dat
    C:\WINDOWS\system32\431172022612.dat
    C:\WINDOWS\system32\431172535764.dat
    C:\WINDOWS\system32\431172535255.dat
    C:\WINDOWS\system32\431172466108.dat
    C:\WINDOWS\system32\431172461307.dat
    C:\WINDOWS\system32\431172461303.dat
    C:\WINDOWS\system32\431172599928.dat
    C:\WINDOWS\system32\431172589876.dat
    C:\WINDOWS\system32\431172557805.dat
    C:\FOUND.001
    C:\FOUND.002
    C:\Program Files\Alexa Toolbar
    C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH
    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Sur ton bureau, double clic sur le fichier Fix.reg et accepte la fusion dans le registre

    -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

    Redemarre ton pc normalement.
    Si un ou plusieurs fichiers nont pas pu être supprimés en mode sans échec, réessaye de les supprimer à cette étape de la manip.
    Ensuite fais ceci:

    Demarrer >> Exécuter et copie et colle ceci: (y compris les guillemets)

    "C:\Documents and Settings\bayle\Bureau\comboscan.exe" /config

    Valide

    Dans la fenetre qui va s'ouvrir et dans la partie MODULES assures- toi que les options:
    Temp cleanup
    Drivers
    Services
    File dump
    Registry dump

    SOIT BIEN COCHEES !!
    Valide en cliquant sur "Scan" et clic sur OK pour lancer l'analyse de Comboscan.

    Poste ici le rapport d'analyse des deux fichiers (si positif) + celui de comboscan, ainsi que le contenu du fichier C:\WINDOWS\ntbtlog.txt
    Ca risque de faire assez volumineux lol, poste les en plusieurs fois si tu vois qu'ils ne rentrent pas dans un seul message.

    a+ et bon courage.

    PS:
    Dis moi si tu as rencontré des problèmes de suppression de fichiers afin de prevoir une autre manip pour les virer.
    0
  17. lorg03 Messages postés 99 Statut Membre
     
    voici le rappor du scan pr le fichier C:\WINDOWS\system32\drivers\i82440bx.sys

    Antivirus Version Update Result
    AntiVir 7.3.1.41 03.08.2007 no virus found
    Authentium 4.93.8 03.07.2007 no virus found
    Avast 4.7.936.0 03.08.2007 no virus found
    AVG 7.5.0.447 03.08.2007 Generic3.GFG
    BitDefender 7.2 03.08.2007 no virus found
    CAT-QuickHeal 9.00 03.08.2007 Rootkit.Agent.di
    ClamAV devel-20060426 03.08.2007 no virus found
    DrWeb 4.33 03.08.2007 no virus found
    eSafe 7.0.14.0 03.08.2007 no virus found
    eTrust-Vet 30.6.3464 03.08.2007 no virus found
    Ewido 4.0 03.07.2007 no virus found
    FileAdvisor 1 03.08.2007 no virus found
    Fortinet 2.85.0.0 03.08.2007 no virus found
    F-Prot 4.3.1.45 03.07.2007 no virus found
    F-Secure 6.70.13030.0 03.08.2007 Trojan.Win32.Agent.afb
    Ikarus T3.1.1.3 03.08.2007 no virus found
    Kaspersky 4.0.2.24 03.08.2007 Trojan.Win32.Agent.afb
    McAfee 4980 03.08.2007 New Malware.z
    Microsoft 1.2204 03.08.2007 no virus found
    NOD32v2 2103 03.08.2007 no virus found
    Norman 5.80.02 03.07.2007 W32/Agent.BDML
    Panda 9.0.0.4 03.08.2007 no virus found
    Prevx1 V2 03.08.2007 no virus found
    Sophos 4.15.0 03.07.2007 no virus found
    Sunbelt 2.2.907.0 03.07.2007 no virus found
    Symantec 10 03.08.2007 no virus found
    TheHacker 6.1.6.072 03.07.2007 no virus found
    UNA 1.83 03.07.2007 no virus found
    VBA32 3.11.2 03.07.2007 no virus found
    VirusBuster 4.3.19:9 03.08.2007 no virus found

    Aditional Information
    File size: 10752 bytes
    MD5: fa601e57f44abb98e7fd86692a224d25
    SHA1: 2c1a5d48237b2a1fbf29390fdd4e54c56c08ef3a
    0
  18. lorg03 Messages postés 99 Statut Membre
     
    pr le fichier C:\WINDOWS\system32\drivers\CO_Mon.sys, aucun virus n a ete trouvé...bon signe
    0
  19. zBr
     
    Merci lorg :-)

    Dans la manip que je t'ai donné, rajoute simplement :
    C:\WINDOWS\system32\drivers\i82440bx.sys
    Dans la liste des fichiers à supprimer.

    Sacrée infection que tu as choppé là !!
    Sans être indiscret tu l'as prise ou ? (si tu te souviens...)

    a++
    0
  20. lorg03 Messages postés 99 Statut Membre
     
    voici le rapport comboscan:

    -- HijackThis (run as bayle.exe) ------------------------------------------------

    Logfile of HijackThis v1.99.1
    Scan saved at 20:00:45, on 09/03/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\eManager\anbmServ.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\keyhook.exe
    C:\Program Files\Arcade\PCMService.exe
    C:\Program Files\Launch Manager\QtZgAcer.EXE
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\WINDOWS\system32\sistray.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Documents and Settings\bayle\Bureau\comboscan.exe
    C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
    O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
    O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
    O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
    O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

    -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

    3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
    3R AR5211 (Atheros Wireless Network Adapter Service) - C:\WINDOWS\system32\drivers\ar5211.sys
    1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
    1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
    3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys
    3R DKbFltr (Dritek HotKey Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\DKbFltr.SYS
    1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
    3R EraserUtilRebootDrv - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0R fowf_n - C:\WINDOWS\system32\drivers\fowf_n.sys
    1R fwdrv (Firewall Driver) - C:\WINDOWS\system32\drivers\fwdrv.sys
    3S gmer - C:\WINDOWS\system32\drivers\gmer.sys
    0S gzqkx (gzqk) - C:\WINDOWS\system32\DRIVERS\gzqkx.sys (not found)
    3R HSFHWSIS - C:\WINDOWS\system32\drivers\HSFHWSIS.sys
    3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
    1R intelppm (Pilote de processeur Intel) - C:\WINDOWS\system32\drivers\intelppm.sys
    3S Jukebox3 - C:\WINDOWS\system32\drivers\ctpdusb.sys
    1R khips (Kerio HIPS Driver) - C:\WINDOWS\system32\drivers\khips.sys
    2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
    3R NAVENG - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070308.018\NAVENG.SYS
    3R NAVEX15 - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070308.018\NAVEX15.SYS
    2S ndcia - C:\WINDOWS\system32\drivers\ndcia.sys (not found)
    3R NTIDrvr (Upper Class Filter Driver) - C:\WINDOWS\system32\drivers\NTIDrvr.sys
    2R osaio - C:\WINDOWS\system32\drivers\osaio.sys
    2R osanbm - C:\WINDOWS\system32\drivers\osanbm.sys
    3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
    0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
    2S romman - C:\WINDOWS\system32\drivers\romman.sys (not found)
    3R SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
    0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
    1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
    3R SISNICXP (SiS PCI Fast Ethernet Adapter Driver for NDIS51) - C:\WINDOWS\system32\drivers\sisnicxp.sys
    1R SPBBCDrv - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
    0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
    1R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
    3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
    1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
    3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
    3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
    3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
    3R SYMIDSCO - C:\Program Files\Fichiers communs\Symantec Shared\SymcData\idsdefs\20070302.001\SymIDSCo.sys
    3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
    3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
    1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
    3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
    0R uagp35 (Filtre AGP version 3.5 Microsoft) - C:\WINDOWS\system32\drivers\UAGP35.SYS
    0R UBHelper - C:\WINDOWS\system32\drivers\UBHelper.sys
    3R usbehci (Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0) - C:\WINDOWS\system32\drivers\usbehci.sys
    3R usbohci (Pilote miniport de contrôleur hôte ouvert USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys
    3R USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
    3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
    3S WpdUsb - C:\WINDOWS\system32\drivers\wpdusb.sys

    -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

    2R anbmService (Notebook Manager Service) - C:\Acer\eManager\anbmServ.exe
    2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
    2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
    2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
    3S comHost (COM Host) - "C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe"
    2R Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.EXE
    2S Fax - C:\WINDOWS\system32\fxssvc.exe
    4S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
    2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
    3R LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
    3S ose (Office Source Engine) - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
    3S Symantec Core LC - "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"
    2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"
    2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
    2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"

    -- Files created between 2007-02-09 and 2007-03-09 ------------------------------

    2007-03-08 23:48:59 0 d-------- C:\avenger
    2007-03-08 20:10:16 44224 --a------ C:\WINDOWS\system32\sdftj.dat
    2007-03-01 18:53:32 10752 --a------ C:\WINDOWS\system32\drivers\i82440bx.sys
    2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
    2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
    2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
    2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
    2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
    2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
    2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
    2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
    2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
    2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
    2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
    2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
    2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
    2007-02-25 19:17:01 42030 --a------ C:\WINDOWS\system32\431172427410.dat<4320CD~1.DAT>
    2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
    2007-02-24 21:48:22 0 d-------- C:\Rustbfix
    2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
    2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
    2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
    2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
    2007-02-22 09:49:52 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
    2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
    2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
    2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
    2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
    2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
    2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
    2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
    2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
    2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
    2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
    2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
    2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
    2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
    2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>

    -- Find3M Report ----------------------------------------------------------------

    2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
    2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
    2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

    -- Registry Dump ----------------------------------------------------------------

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
    "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
    "SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
    "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
    "LaunchApp"="Alaunch"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
    "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
    "SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=dword:00000000

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0

    HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
    Tech

    *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

    -- End of ComboScan: finished at 2007-03-09 at 20:03:06 -------------------------
    0
  21. lorg03 Messages postés 99 Statut Membre
     
    je n ai aps reussi a trouver les fichiers suivants:

    C:\WINDOWS\system32\AlxTB1.dll
    C:\WINDOWS\system32\4520ntos.dll
    C:\WINDOWS\system32\4074cfsb.dll
    C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH

    sinon, je voulais savoir si je devais aussi effacer les fichiers suivants qui sont similaires a ceux deja effacer:

    C:\FOUND.000
    C:\WINDOWS\system32\431172427410.dat

    Quant a mon infection, je pense l avoir chopée en telechargeant un logiciel asiatique je crois, qui permettait de regarder la tele sur ordinateur, notament le sport...bien sur ca n a pas vraiment marché et je m en suis debarassé masi c etait trop tard...
    0
  • 1
  • 2
  • 3