Sujet Précédent Sujet Suivant

[virus] impossible a supprimer

lorg03 Messages postés 99 Statut Membre -  
lorg03 Messages postés 99 Statut Membre -
bonjour, j ai depuis deux semaines mon ordinateur qui est infecté; IE est pollué de fenetre publicitaire asiatique, et mon par feu est tres solliciter je trouve, j ai tres souvent des fenetres qui s ouvrent me disant qu un programme suspect essai de se mettre en route.

j aimerai pouvoir me debarrasser de tout ca; comme anti virus, j ai Norton, et j ai rajouté un par feu que l on m a conseillé, Kerio. J ai aussi spycatche rqui m envoit tres souvant des alertes...
j ai fait un rapport Hijackthis que voici:

Logfile of HijackThis v1.99.1
Scan saved at 22:58:57, on 06/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\SWEEPER.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bayle\Bureau\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5853b8b6-d774-4ed5-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4ed5cfsb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {c4cc6cd0-57a1-4c13-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4c13ntos.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [Internet Sweeper] C:\WINDOWS\SYSTEM32\SWEEPER.EXE /Q
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O20 - Winlogon Notify: cryptimg - cryptimg.dll (file missing)
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

si quelqu un a uen solution il sera le bienvenue
merci
A voir également:

47 réponses

Réponse 1 / 47
solweig91 Messages postés 2 Statut Membre
 
bonsoir, c pareil j'ai chopé un virus italien par msn.....et je ne comprends rien a hijackthis...et ou fo copier le rapport merci de bien vouloir me repondre
help

je suis nouvelle je ne sais pas trop comment fo faire avec les forums,
merci de bien vouloir m'aider qd meme!
mon rapport:
Logfile of HijackThis v1.99.1
Scan saved at 23:15:02, on 05/03/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\System32\LVComS.exe
C:\WINDOWS\ying.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\Cursors\Rg2catbd.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\sol\Bureau\test.exe\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-fr8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr8l.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [svchost] C:\WINDOWS\ying.exe
O4 - HKLM\..\Run: [Rg2catbd] C:\Windows\Cursors\Rg2catbd.exe
O4 - HKLM\..\Run: [ying] C:\WINDOWS\ying.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe"
O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart16.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
0
Réponse 2 / 47
zBr
 
Bonsoir lorg03

Télécharge Comboscan ici:
http://www.techsupportforum.com/sectools/Deckard/comboscan.exe
et enregistre le sur ton bureau.

Fermes toutes les applications en cours et lances Comboscan.exe
Sois patient, le scan peut durer de 1 à plus de 5 minutes.
Une fois le scan terminé, rends toi dans le dossier :
C:\ComboScan
et copie et colle ici tout le contenu des fichiers :
ComboScan.txt
et
Supplementary.txt.

a++
0
Réponse 3 / 47
lorg03 Messages postés 99 Statut Membre
 
voici le tres long rapport comboscan:

Computer is in Normal Mode.
--------------------------------------------------------------------------------

Successfully created restore point.
Performed disk cleanup.

-- HijackThis (run as bayle.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 03:18:15, on 07/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
F:\BitComet\BitComet.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\bayle\Bureau\comboscan.exe
C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5853b8b6-d774-4ed5-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4ed5cfsb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {c4cc6cd0-57a1-4c13-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4c13ntos.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: 57a1 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4c13ntos.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

-- HijackThis Fixed Entries (C:\DOCUME~1\bayle\Bureau\HIJACK~1\backups\) --------

backup-20070222-070243-215 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
backup-20070222-070243-257 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
backup-20070222-070243-161 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20070222-070243-556 O2 - BHO: (no name) - {4b16577c-a8e2-4c7f-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4c7fcfsb.dll
backup-20070222-070243-495 O2 - BHO: ʵÓÃËÑË÷ - {6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} - (no file)
backup-20070222-070243-318 O2 - BHO: (no name) - {A4B313AC-16DC-52D1-A4D7-1D4F7B1A9C4E} - C:\WINDOWS\system32\mshtmll.dll
backup-20070222-070243-962 O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
backup-20070222-070243-830 O2 - BHO: 7c97 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\496cntos.dll
backup-20070222-070243-203 O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
backup-20070222-070243-957 O4 - HKLM\..\Run: [System] C:\Program Files\Fichiers communs\System\Updaterun.exe
backup-20070222-070243-694 O4 - HKLM\..\Run: [srodzxdjht] c:\windows\system32\srodzxdjht.exe srodzxdjht
backup-20070222-070243-342 O4 - HKLM\..\Run: [sdafdsafds] C:\WINDOWS\temp\162.exe
backup-20070222-070243-772 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
backup-20070222-070243-289 O4 - HKCU\..\Run: [mssys32] C:\WINDOWS\system32\mssys32.exe
backup-20070222-070243-932 O4 - HKCU\..\Run: [mshtmll] regsvr32 /s C:\WINDOWS\system32\mshtmll.dll
backup-20070222-070243-267 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
backup-20070222-070243-121 O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
backup-20070222-070243-200 O20 - Winlogon Notify: cryptimg - C:\WINDOWS\SYSTEM32\cryptimg.dll
backup-20070222-070244-810 O23 - Service: 988FC5FC - Unknown owner - C:\WINDOWS\system32\988FC5FC.EXE (file missing)
backup-20070224-192816-464 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
backup-20070224-192816-244 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
backup-20070224-192816-420 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
backup-20070224-192816-234 R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\PROGRA~1\ËÑË÷À¸\tbhelper.dll
backup-20070224-192816-324 O2 - BHO: (no name) - {5b04469f-0b09-4f4e-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4f4ecfsb.dll (file missing)
backup-20070224-192816-523 O2 - BHO: b9f5 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4153ntos.dll (file missing)
backup-20070224-192816-191 O2 - BHO: TBSB03263 - {EEC7E620-B32A-4E3B-B200-291660803474} - C:\PROGRA~1\ËÑË÷À¸\eqiso.dll
backup-20070224-192816-778 O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
backup-20070224-192816-533 O3 - Toolbar: ??? - {33E640D8-EB95-4B22-B475-1852B7D35993} - C:\Program Files\ËÑË÷À¸\eqiso.dll
backup-20070224-234311-576 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kuaiso.com/
backup-20070224-234311-431 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hao123.union123.com/index.htm
backup-20070224-234311-928 O3 - Toolbar: (no name) - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - (no file)
backup-20070224-234311-324 O3 - Toolbar: ??? - {33E640D8-EB95-4B22-B475-1852B7D35993} - C:\Program Files\ËÑË÷À¸\eqiso.dll

-- File Associations ------------------------------------------------------------

.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - %SystemRoot%\System32\WScript.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - %SystemRoot%\System32\WScript.exe "%1" %*

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3R AR5211 (Atheros Wireless Network Adapter Service) - C:\WINDOWS\system32\drivers\ar5211.sys
2S ast - C:\WINDOWS\system32\drivers\ast.sys (not found)
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys
3R DKbFltr (Dritek HotKey Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\DKbFltr.SYS
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
3R EraserUtilRebootDrv - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2S ffpbek - C:\WINDOWS\system32\drivers\ffpbek.sys (not found)
0R fowf_n - C:\WINDOWS\system32\drivers\fowf_n.sys
1R fwdrv (Firewall Driver) - C:\WINDOWS\system32\drivers\fwdrv.sys
3S gmer - C:\WINDOWS\system32\drivers\gmer.sys
0R gzqkx (gzqk) - C:\WINDOWS\system32\drivers\gzqkx.sys
2R hidproc - C:\WINDOWS\system32\drivers\hidproc.sys
3R HSFHWSIS - C:\WINDOWS\system32\drivers\HSFHWSIS.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
2R i82440bx - C:\WINDOWS\system32\drivers\i82440bx.sys
2R int15.sys - C:\Acer\Empowering Technology\eRecovery\int15.sys
1R intelppm (Pilote de processeur Intel) - C:\WINDOWS\system32\drivers\intelppm.sys
3S Jukebox3 - C:\WINDOWS\system32\drivers\ctpdusb.sys
1R khips (Kerio HIPS Driver) - C:\WINDOWS\system32\drivers\khips.sys
2R lanfs - C:\WINDOWS\system32\drivers\lanfs.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3R NAVENG - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070305.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070305.018\NAVEX15.SYS
3R NTIDrvr (Upper Class Filter Driver) - C:\WINDOWS\system32\drivers\NTIDrvr.sys
2R osaio - C:\WINDOWS\system32\drivers\osaio.sys
2R osanbm - C:\WINDOWS\system32\drivers\osanbm.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3R SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3R SISNICXP (SiS PCI Fast Ethernet Adapter Driver for NDIS51) - C:\WINDOWS\system32\drivers\sisnicxp.sys
1R SPBBCDrv - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
1R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Fichiers communs\Symantec Shared\SymcData\idsdefs\20070302.001\SymIDSCo.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
0R uagp35 (Filtre AGP version 3.5 Microsoft) - C:\WINDOWS\system32\drivers\UAGP35.SYS
0R UBHelper - C:\WINDOWS\system32\drivers\UBHelper.sys
3R usbehci (Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Pilote miniport de contrôleur hôte ouvert USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys
3R USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
3S WpdUsb - C:\WINDOWS\system32\drivers\wpdusb.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

4S 988FC5FC - C:\WINDOWS\system32\988FC5FC.EXE -service
2S A9C0AE3A - C:\WINDOWS\system32\A9C0AE3A.EXE -service
2R anbmService (Notebook Manager Service) - C:\Acer\eManager\anbmServ.exe
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
3S comHost (COM Host) - "C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe"
2R Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.EXE
2R datl (Std datl Service) - C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\yvld\ifvq.dll,Service -s
2S Fax - C:\WINDOWS\system32\fxssvc.exe
4S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
2S jsefusf - C:\WINDOWS\system32\jsefusf.exe -service
2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
3S LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
2S Mercha2 (Local Connection Manager) - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL,Export 1087
3S ose (Office Source Engine) - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
3S Symantec Core LC - "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"
2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"

-- Scheduled Tasks --------------------------------------------------------------

2007-03-07 02:48:56 330 --ah----- C:\WINDOWS\Tasks\MP Scheduled Scan.job<MPSCHE~1.JOB>
2007-03-02 20:00:16 564 --a------ C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - bayle.job<NORTON~1.JOB>

-- Files created between 2007-02-07 and 2007-03-07 ------------------------------

2007-03-07 02:45:20 0 d--hs---- C:\FOUND.002
2007-03-07 00:03:28 0 d-------- C:\Program Files\Fichiers communs\CPUSH
2007-03-06 16:08:20 10752 --a------ C:\WINDOWS\system32\drivers\lanfs.sys
2007-03-06 16:06:52 108106 --a------ C:\WINDOWS\system32\jjgfst1.exe
2007-03-01 18:53:32 209920 --a------ C:\WINDOWS\system32\lsanp.dll
2007-03-01 18:53:32 10752 --a------ C:\WINDOWS\system32\drivers\i82440bx.sys
2007-02-28 16:02:17 10752 --a------ C:\WINDOWS\system32\drivers\https.sys
2007-02-27 19:12:22 41902 --a------ C:\WINDOWS\system32\431172599928.dat<4359C6~1.DAT>
2007-02-27 16:24:51 41902 --a------ C:\WINDOWS\system32\431172589876.dat<434DDF~1.DAT>
2007-02-27 07:30:11 42086 --a------ C:\WINDOWS\system32\431172557805.dat<434DBC~1.DAT>
2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
2007-02-27 01:27:35 15360 --a------ C:\WINDOWS\system32\cacheur.exe
2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
2007-02-27 01:22:48 42036 --a------ C:\WINDOWS\system32\431172535764.dat<4331D4~1.DAT>
2007-02-27 01:14:16 42036 --a------ C:\WINDOWS\system32\431172535255.dat<433DC6~1.DAT>
2007-02-26 20:39:30 0 d-------- C:\Program Files\yvld
2007-02-26 06:01:49 42080 --a------ C:\WINDOWS\system32\431172466108.dat<434AB7~1.DAT>
2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461307.dat<4340B7~1.DAT>
2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461303.dat<4330B7~1.DAT>
2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
2007-02-25 19:17:01 42030 --a------ C:\WINDOWS\system32\431172427410.dat<4320CD~1.DAT>
2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424302.dat<4326BF~1.DAT>
2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424300.dat<4326B7~1.DAT>
2007-02-25 04:39:51 42030 --a------ C:\WINDOWS\system32\431172374790.dat<4339D8~1.DAT>
2007-02-24 21:48:22 0 d-------- C:\Rustbfix
2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
2007-02-23 21:07:20 42030 --a------ C:\WINDOWS\system32\431172261240.dat<432EBD~1.DAT>
2007-02-23 21:07:17 43060 --a------ C:\WINDOWS\system32\jsefusf.exe
2007-02-23 21:06:21 42030 --a------ C:\WINDOWS\system32\431172261173.dat<432AC3~1.DAT>
2007-02-23 05:23:26 6633 --a------ C:\WINDOWS\system32\dufs2.exe
2007-02-23 04:22:55 285584 --a------ C:\WINDOWS\system32\dufs1.exe
2007-02-23 03:22:48 42286 --a------ C:\WINDOWS\system32\431172197367.dat<4341DB~1.DAT>
2007-02-22 23:43:52 42286 --a------ C:\WINDOWS\system32\431172184232.dat<432FBE~1.DAT>
2007-02-22 21:25:40 42286 --a------ C:\WINDOWS\system32\431172175921.dat<433DB1~1.DAT>
2007-02-22 21:18:13 42286 --a------ C:\WINDOWS\system32\431172175486.dat<4345D7~1.DAT>
2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-02-22 09:49:52 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125156.dat<4339C6~1.DAT>
2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125154.dat<4329CE~1.DAT>
2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124388.dat<4343DA~1.DAT>
2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124382.dat<4323D2~1.DAT>
2007-02-22 05:18:17 42286 --a------ C:\WINDOWS\system32\431172117895.dat<434DD9~1.DAT>
2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073651.dat<4334C7~1.DAT>
2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073648.dat<4340C3~1.DAT>
2007-02-21 05:59:47 42142 --a------ C:\WINDOWS\system32\431172033987.dat<4340D5~1.DAT>
2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025439.dat<431172~4.DAT>
2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025435.dat<431172~3.DAT>
2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-21 02:51:13 42142 --a------ C:\WINDOWS\system32\431172022672.dat<431172~2.DAT>
2007-02-21 02:50:12 42142 --a------ C:\WINDOWS\system32\431172022612.dat<431172~1.DAT>
2007-02-21 00:16:48 0 d--hs---- C:\FOUND.001
2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
2007-02-20 15:54:06 37376 --a------ C:\WINDOWS\system32\jsefusf.dll
2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
2007-02-18 19:45:07 9327 --a------ C:\WINDOWS\system32\drivers\hidproc.sys
2007-02-18 19:45:02 41984 --a------ C:\WINDOWS\system32\A9C0AE3A.DLL
2007-02-18 19:45:01 50227 --a------ C:\WINDOWS\system32\A9C0AE3AT.EXE<A9C0AE~1.EXE>
2007-02-18 19:45:01 50227 --a------ C:\WINDOWS\system32\A9C0AE3A.EXE
2007-02-18 19:44:51 171 --a------ C:\WINDOWS\system32\988FC5FC.dat
2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>
2007-02-08 21:49:14 264754 --a------ C:\WINDOWS\system32\srodzxdjht_nav.dat<SRODZX~3.DAT>
2007-02-08 21:48:11 366 --a------ C:\WINDOWS\system32\srodzxdjht_navps.dat<SRODZX~2.DAT>
2007-02-08 21:48:06 4741 --a------ C:\WINDOWS\system32\srodzxdjht.dat<SRODZX~1.DAT>

-- Find3M Report ----------------------------------------------------------------

2007-03-06 18:43:12 0 --a------ C:\WINDOWS\system32\cievz.dll
2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Skype"="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"LaunchApp"="Alaunch"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttp"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ast
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ffpbek
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanfs
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\msusbbux

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Tech

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

-- End of ComboScan: finished at 2007-03-07 at 03:21:05 -------------------------
0
Réponse 4 / 47
zBr
 
Salut Lorg

Oui, le rapport est assez long en effet.
Tu as posté aussi le contenu du fichier C:\ComboScan\Supplementary.txt ?
Ce serait bien si tu pouvais le faire.

Ton infection est assez sévère et protégé par rootkit.
Avant de te donner une procédure, j'aimerais que tu fasse scanner les fichier si-dessous ici:
http://www.virustotal.com/en/virustotalx.html
Une fois sur le site, tu clic sur parcourir et tu recherche le premier fichier de la liste (n'oublie pas de rendre visible avant les fichiers cachés et système) et tu clic sur send.
sauvegarde le rapport dans un fichier txt et fais pareil pour les autres fichiers.

C:\WINDOWS\system32\drivers\msusbbux.sys
C:\WINDOWS\system32\S32EVNT1.DLL
C:\WINDOWS\system32\drivers\https.sys
C:\WINDOWS\system32\cievz.dll
C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL

Ensuite télécharge Clean.zip (de Malekal),
http://www.malekal.com/download/clean.zip
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente.
Poste ensuite le contenu de tous les rapport.

a++
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 47
lorg03 Messages postés 99 Statut Membre
 
salut,
j ai pas trouvé les fichiers suivants malgré les fichiers cachés:

C:\WINDOWS\system32\drivers\msusbbux.sys

C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL
0
Réponse 6 / 47
lorg03 Messages postés 99 Statut Membre
 
VOICI LE CONTENU DES RAPPORT PR LES TROIS DOSSIERS QUE J AI TROUVE:

pr HTTPS :
Complete scanning result of "https.sys", received in VirusTotal at 03.06.2007, 23:17:12 (CET).

Antivirus Version Update Result
AntiVir 7.3.1.38 03.06.2007 TR/Agent.afb.6
Authentium 4.93.8 03.06.2007 no virus found
Avast 4.7.936.0 03.06.2007 no virus found
AVG 7.5.0.447 03.06.2007 Generic3.GED
BitDefender 7.2 03.06.2007 Trojan.Rootkit.Protector.A
CAT-QuickHeal 9.00 03.06.2007 no virus found
ClamAV devel-20060426 03.06.2007 no virus found
DrWeb 4.33 03.06.2007 no virus found
eSafe 7.0.14.0 03.06.2007 Win32.Agent.afb
eTrust-Vet 30.6.3458 03.06.2007 no virus found
Ewido 4.0 03.06.2007 Trojan.Agent.afb
FileAdvisor 1 03.06.2007 no virus found
Fortinet 2.85.0.0 03.06.2007 W32/Agent.AFB!tr
F-Prot 4.3.1.45 03.06.2007 no virus found
F-Secure 6.70.13030.0 03.06.2007 Trojan.Win32.Agent.afb
Ikarus T3.1.1.3 03.06.2007 Trojan.Win32.Agent.afb
Kaspersky 4.0.2.24 03.06.2007 Trojan.Win32.Agent.afb
McAfee 4978 03.06.2007 New Malware.z
Microsoft 1.2204 03.06.2007 Program:Win32/CaiFu (threat-c)
NOD32v2 2099 03.06.2007 no virus found
Norman 5.80.02 03.06.2007 W32/Agent.BDLB
Panda 9.0.0.4 03.06.2007 no virus found
Prevx1 V2 03.06.2007 no virus found
Sophos 4.15.0 03.06.2007 no virus found
Sunbelt 2.2.907.0 03.05.2007 no virus found
Symantec 10 03.06.2007 no virus found
TheHacker 6.1.6.070 03.06.2007 no virus found
UNA 1.83 03.06.2007 no virus found
VBA32 3.11.2 03.05.2007 no virus found
VirusBuster 4.3.19:9 03.06.2007 no virus found

Aditional Information
File size: 10752 bytes
MD5: a4a8e0892bf7433de758bd1022b90a17
SHA1: 769a86c8ce4fb255fa6f57aba8ad180996d8bb25*

pour S32EVNT:
Antivirus Version Update Result
AntiVir 7.3.1.38 03.06.2007 no virus found
Authentium 4.93.8 03.06.2007 no virus found
Avast 4.7.936.0 03.06.2007 no virus found
AVG 7.5.0.447 03.06.2007 no virus found
BitDefender 7.2 03.06.2007 no virus found
CAT-QuickHeal 9.00 03.06.2007 no virus found
ClamAV devel-20060426 03.06.2007 no virus found
DrWeb 4.33 03.06.2007 no virus found
eSafe 7.0.14.0 03.06.2007 no virus found
eTrust-Vet 30.6.3458 03.06.2007 no virus found
Ewido 4.0 03.06.2007 no virus found
FileAdvisor 1 03.06.2007 no virus found
Fortinet 2.85.0.0 03.06.2007 no virus found
F-Prot 4.3.1.45 03.06.2007 no virus found
F-Secure 6.70.13030.0 03.06.2007 no virus found
Ikarus T3.1.1.3 03.06.2007 no virus found
Kaspersky 4.0.2.24 03.06.2007 no virus found
McAfee 4978 03.06.2007 no virus found
Microsoft 1.2204 03.06.2007 no virus found
NOD32v2 2099 03.06.2007 no virus found
Norman 5.80.02 03.06.2007 no virus found
Panda 9.0.0.4 03.06.2007 no virus found
Prevx1 V2 03.06.2007 no virus found
Sophos 4.15.0 03.06.2007 no virus found
Sunbelt 2.2.907.0 03.05.2007 no virus found
Symantec 10 03.06.2007 no virus found
TheHacker 6.1.6.070 03.06.2007 no virus found
UNA 1.83 03.06.2007 no virus found
VBA32 3.11.2 03.05.2007 no virus found
VirusBuster 4.3.19:9 03.06.2007 no virus found

et pour cievz.dll:
0 bytes size received / Se ha recibido un archivo vacio

enfin, le rapport clean:

Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 07/03/2007 a 23:49:12,39

*** Recherche de fichiers sur C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\jsefusf.exe FOUND
C:\WINDOWS\system32\cacheur.exe FOUND
C:\WINDOWS\system32\dufs1.exe FOUND
C:\WINDOWS\system32\dufs2.exe FOUND
C:\WINDOWS\system32\jsefusf.exe FOUND
C:\WINDOWS\System32\jsefusf.dll FOUND
C:\WINDOWS\system32\regsvr32.dll FOUND
C:\WINDOWS\system32\jsefusf.dll FOUND
C:\WINDOWS\system32\wbem\ocmor.dll FOUND

"C:\Program Files\Fichiers communs\CPUSH\" FOUND
*** Fin du rapport !

merci

a+
0
Réponse 7 / 47
zBr
 
Salut lorg

Merci.

Donc voilà la manip à suivre scrupuleusement :-)

1. Télécharge The Avenger par Swandog46 sur ton Bureau.
http://www.geekstogo.com/forum/files/file/393-the-avenger-by-swandog46/

* Extraire avenger.exe sur ton bureau

2. Copier tout le texte en bleu ci-dessous : mettre en surbrillance et appuyer sur les touches(Ctrl+C)

3. Maintenant, lancer The Avenger en cliquant sur son icône du bureau.

* Sous "Script file to execute" choisir "Input Script Manually".
* Puis cliquer sur l'icône en forme de loupe qui va ouvrir une nouvelle fenêtre "View/edit script"
* Dans cette fenêtre, coller le texte précedemment copié sur le bureau par les touches (Ctrl+V).
* Cliquer Done
* ensuite cliquer sur l'icône en forme de Feu Vert pour démarrer l'exécution du script
* Répondre "Yes" deux fois quand demandé.

4. The Avenger va automatiquement faire ce qui suit:

* Il va Re-démarrer le système. ( Dans les cas où le script contient un/des "Drivers to Unload", The Avenger re-démarrera votre système 2 fois.)
* Pendant le re-démarrage, il apparaitra brièvement une fenêtre de commande de windows noire sur votre bureau, ceci est NORMAL.
* Après le re-démarrage, il crée un fichier log qui s'ouvrira, faisant apparaitre les actions exécutées par The Avenger. Ce fichier log se trouve ici : C:\avenger.txt
* The Avenger aura également sauvegardé tous les fichiers, etc., que vous lui avez demandé de supprimer, les aura compactés (zipped) et tranféré l'archive zip ici C:\avenger\backup.zip.

5. Pour finir copier/coller le contenu du ficher c:\avenger.txt dans votre réponse avec un nouveau log HijackThis et comboscan 

Drivers to unload:
ast
ffpbek
hidproc
https
gzqkx
hidproc
lanfs


Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\988FC5FC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\A9C0AE3A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\datl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jsefusf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mercha2
 

Files to delete:
C:\WINDOWS\\jsefusf.dll
C:\WINDOWS\system32\988FC5FC.EXE
C:\WINDOWS\system32\A9C0AE3A.EXE
C:\WINDOWS\system32\A9C0AE3A.DLL
C:\WINDOWS\system32\A9C0AE3AT.EXE
C:\WINDOWS\system32\A9C0AE3A.EXE
C:\WINDOWS\system32\4c13ntos.dll
C:\WINDOWS\system32\4f4ecfsb.dl
C:\WINDOWS\system32\4153ntos.dll
C:\WINDOWS\system32\cievz.dll
C:\WINDOWS\system32\dufs2.exe
C:\WINDOWS\system32\dufs1.exe
C:\WINDOWS\system32\jsefusf.exe
C:\WINDOWS\system32\jjgfst1.exe
C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\system32\lsanp.dll
C:\WINDOWS\system32\mshtmll.dll
C:\WINDOWS\system32\mssys32.exe
C:\WINDOWS\system32\regsvr32.dll 
C:\WINDOWS\system32\cacheur.exe
C:\WINDOWS\system32\srodzxdjht_nav.dat
C:\WINDOWS\system32\srodzxdjht_navps.dat
C:\WINDOWS\system32\srodzxdjht.dat
C:\WINDOWS\SYSTEM32\cryptimg.dll
C:\WINDOWS\system32\drivers\ast.sys
C:\WINDOWS\system32\drivers\ffpbek.sys
C:\WINDOWS\system32\drivers\gzqkx.sys
C:\WINDOWS\system32\drivers\hidproc.sys
C:\WINDOWS\system32\drivers\https.sys
C:\WINDOWS\system32\drivers\lanfs.sys
C:\WINDOWS\system32\drivers\ttp.exe
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL
%PROGRAMFILES%Fichiers communs\System\Updaterun.exe


Folders to delete:
%ProgramFiles%\Fichiers communs\CPUSH
%APPDATA%\Fichiers communs\CPUSH
%PROGRAMFILES%\ËÑË÷À


Bon courage !

a+
0
Réponse 8 / 47
Utilisateur anonyme
 
Bonjour à tous,

Désolé d'intervenir mais je crois qu'il y a un petit manque à un fichier du script avenger

%PROGRAMFILES%Fichiers communs\System\Updaterun.exe

%PROGRAMFILES%\Fichiers communs\System\Updaterun.exe

Bonne continuation
0
Réponse 9 / 47
lorg03 Messages postés 99 Statut Membre
 
bjr, mais bien fait la manipulation mais le ficher txt est vide, peut etre un pb de par feu qui s est declenché au meme moment quand l ordinateur s est rallumé...
voici le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 20:30:17, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\bayle\Bureau\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 10 / 47
lorg03 Messages postés 99 Statut Membre
 
et voci le rapport comboscan:

-- HijackThis (run as bayle.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:34:07, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\bayle\Bureau\comboscan.exe
C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Local Connection Manager (Mercha2) - Unknown owner - C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

-- Files created between 2007-02-08 and 2007-03-08 ------------------------------

2007-03-08 20:10:52 0 d-------- C:\avenger
2007-03-08 20:10:16 44224 --a------ C:\WINDOWS\system32\sdftj.dat
2007-03-08 15:45:34 0 d-------- C:\Program Files\Alexa Toolbar<ALEXAT~1>
2007-03-08 15:44:19 10752 --a------ C:\WINDOWS\system32\drivers\romman.sys
2007-03-08 15:44:11 14848 --a------ C:\WINDOWS\system32\xpnap.exe
2007-03-08 15:44:10 32256 --a------ C:\WINDOWS\system32\kbnaxp.dll
2007-03-08 15:44:09 9728 --a------ C:\WINDOWS\system32\trtbc.dll
2007-03-08 15:44:09 9901 --a------ C:\WINDOWS\system32\drivers\ndcia.sys
2007-03-07 02:45:20 0 d--hs---- C:\FOUND.002
2007-03-07 00:03:28 0 d-------- C:\Program Files\Fichiers communs\CPUSH
2007-03-06 16:08:20 10752 --a------ C:\WINDOWS\system32\drivers\lanfs.sys
2007-03-06 16:06:52 108106 --a------ C:\WINDOWS\system32\jjgfst1.exe
2007-03-01 18:53:32 232448 --a------ C:\WINDOWS\system32\lsanp.dll
2007-03-01 18:53:32 10752 --a------ C:\WINDOWS\system32\drivers\i82440bx.sys
2007-02-27 19:12:22 41902 --a------ C:\WINDOWS\system32\431172599928.dat<4359C6~1.DAT>
2007-02-27 16:24:51 41902 --a------ C:\WINDOWS\system32\431172589876.dat<434DDF~1.DAT>
2007-02-27 07:30:11 42086 --a------ C:\WINDOWS\system32\431172557805.dat<434DBC~1.DAT>
2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
2007-02-27 01:22:48 42036 --a------ C:\WINDOWS\system32\431172535764.dat<4331D4~1.DAT>
2007-02-27 01:14:16 42036 --a------ C:\WINDOWS\system32\431172535255.dat<433DC6~1.DAT>
2007-02-26 20:39:30 0 d-------- C:\Program Files\yvld
2007-02-26 06:01:49 42080 --a------ C:\WINDOWS\system32\431172466108.dat<434AB7~1.DAT>
2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461307.dat<4340B7~1.DAT>
2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461303.dat<4330B7~1.DAT>
2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
2007-02-25 19:17:01 42030 --a------ C:\WINDOWS\system32\431172427410.dat<4320CD~1.DAT>
2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424302.dat<4326BF~1.DAT>
2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424300.dat<4326B7~1.DAT>
2007-02-25 04:39:51 42030 --a------ C:\WINDOWS\system32\431172374790.dat<4339D8~1.DAT>
2007-02-24 21:48:22 0 d-------- C:\Rustbfix
2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
2007-02-23 21:07:20 42030 --a------ C:\WINDOWS\system32\431172261240.dat<432EBD~1.DAT>
2007-02-23 21:07:17 43062 --a------ C:\WINDOWS\system32\jsefusf.exe
2007-02-23 21:06:21 42030 --a------ C:\WINDOWS\system32\431172261173.dat<432AC3~1.DAT>
2007-02-23 05:23:26 6633 --a------ C:\WINDOWS\system32\dufs2.exe
2007-02-23 04:22:55 285584 --a------ C:\WINDOWS\system32\dufs1.exe
2007-02-23 03:22:48 42286 --a------ C:\WINDOWS\system32\431172197367.dat<4341DB~1.DAT>
2007-02-22 23:43:52 42286 --a------ C:\WINDOWS\system32\431172184232.dat<432FBE~1.DAT>
2007-02-22 21:25:40 42286 --a------ C:\WINDOWS\system32\431172175921.dat<433DB1~1.DAT>
2007-02-22 21:18:13 42286 --a------ C:\WINDOWS\system32\431172175486.dat<4345D7~1.DAT>
2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-02-22 09:49:52 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125156.dat<4339C6~1.DAT>
2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125154.dat<4329CE~1.DAT>
2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124388.dat<4343DA~1.DAT>
2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124382.dat<4323D2~1.DAT>
2007-02-22 05:18:17 42286 --a------ C:\WINDOWS\system32\431172117895.dat<434DD9~1.DAT>
2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073651.dat<4334C7~1.DAT>
2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073648.dat<4340C3~1.DAT>
2007-02-21 05:59:47 42142 --a------ C:\WINDOWS\system32\431172033987.dat<4340D5~1.DAT>
2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025439.dat<431172~4.DAT>
2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025435.dat<431172~3.DAT>
2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-21 02:51:13 42142 --a------ C:\WINDOWS\system32\431172022672.dat<431172~2.DAT>
2007-02-21 02:50:12 42142 --a------ C:\WINDOWS\system32\431172022612.dat<431172~1.DAT>
2007-02-21 00:16:48 0 d--hs---- C:\FOUND.001
2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
2007-02-20 15:54:06 37376 --a------ C:\WINDOWS\system32\jsefusf.dll
2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
2007-02-18 19:45:02 41984 --a------ C:\WINDOWS\system32\A9C0AE3A.DLL
2007-02-18 19:45:01 50227 --a------ C:\WINDOWS\system32\A9C0AE3AT.EXE<A9C0AE~1.EXE>
2007-02-18 19:45:01 50227 --a------ C:\WINDOWS\system32\A9C0AE3A.EXE
2007-02-18 19:44:51 171 --a------ C:\WINDOWS\system32\988FC5FC.dat
2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>
2007-02-08 21:49:14 264754 --a------ C:\WINDOWS\system32\srodzxdjht_nav.dat<SRODZX~3.DAT>
2007-02-08 21:48:11 366 --a------ C:\WINDOWS\system32\srodzxdjht_navps.dat<SRODZX~2.DAT>
2007-02-08 21:48:06 4741 --a------ C:\WINDOWS\system32\srodzxdjht.dat<SRODZX~1.DAT>

-- Find3M Report ----------------------------------------------------------------

2007-03-06 18:43:12 0 --a------ C:\WINDOWS\system32\cievz.dll
2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"LaunchApp"="Alaunch"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttp"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}"="NetCache"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ast
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ffpbek
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanfs
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\msusbbux
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ndcia
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\romman

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Tech

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST
*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_INT15.SYS

-- End of ComboScan: finished at 2007-03-08 at 20:36:42 -------------------------

merci et a++
0
Réponse 11 / 47
zBr
 
Merci !aur3n7 :-), je ne l'avais pas remarqué ! !

Lorg, recommence toute la procédure avec avenger, mais cette fois tu utiliseras le script ci-dessous à l'étape 3 de la manip. 

Drivers to unload:
ast
ffpbek
hidproc
https
gzqkx
hidproc
lanfs


Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\988FC5FC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\A9C0AE3A
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\datl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jsefusf
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mercha2
 

Files to delete:
C:\WINDOWS\\jsefusf.dll
C:\WINDOWS\system32\988FC5FC.EXE
C:\WINDOWS\system32\A9C0AE3A.EXE
C:\WINDOWS\system32\A9C0AE3A.DLL
C:\WINDOWS\system32\A9C0AE3AT.EXE
C:\WINDOWS\system32\A9C0AE3A.EXE
C:\WINDOWS\system32\4c13ntos.dll
C:\WINDOWS\system32\4f4ecfsb.dl
C:\WINDOWS\system32\4153ntos.dll
C:\WINDOWS\system32\cievz.dll
C:\WINDOWS\system32\dufs2.exe
C:\WINDOWS\system32\dufs1.exe
C:\WINDOWS\system32\jsefusf.exe
C:\WINDOWS\system32\jjgfst1.exe
C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\system32\lsanp.dll
C:\WINDOWS\system32\mshtmll.dll
C:\WINDOWS\system32\mssys32.exe
C:\WINDOWS\system32\regsvr32.dll
 C:\WINDOWS\system32\xpnap.exe
C:\WINDOWS\system32\kbnaxp.dll
C:\WINDOWS\system32\trtbc.dll 
C:\WINDOWS\system32\cacheur.exe
C:\WINDOWS\system32\srodzxdjht_nav.dat
C:\WINDOWS\system32\srodzxdjht_navps.dat
C:\WINDOWS\system32\srodzxdjht.dat
C:\WINDOWS\SYSTEM32\cryptimg.dll
C:\WINDOWS\system32\drivers\romman.sys
C:\WINDOWS\system32\drivers\ndcia.sys 
C:\WINDOWS\system32\drivers\ast.sys
C:\WINDOWS\system32\drivers\ffpbek.sys
C:\WINDOWS\system32\drivers\gzqkx.sys
C:\WINDOWS\system32\drivers\hidproc.sys
C:\WINDOWS\system32\drivers\https.sys
C:\WINDOWS\system32\drivers\lanfs.sys
C:\WINDOWS\system32\drivers\ttp.exe
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL
%PROGRAMFILES%\Fichiers communs\System\Updaterun.exe


Folders to delete:
%ProgramFiles%\Fichiers communs\CPUSH
%APPDATA%\Fichiers communs\CPUSH
%PROGRAMFILES%\ËÑË÷À
%PROGRAMFILES%\yvld


Ensuite, reposte un rapport hijackthis, Avenger et comboscan.

Plus vite tu feras ces manips, mieux ce sera car l'infection progresse de jours en jours...

a++
0
Réponse 12 / 47
lorg03 Messages postés 99 Statut Membre
 
voici le rapport avenger txt:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\agkbcndl

*******************

Script file located at: \??\C:\WINDOWS\system32\kemwtgrw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver ast unloaded successfully.
Driver ffpbek unloaded successfully.

Registry key \Registry\Machine\System\CurrentControlSet\Services\hidproc not found!
Unload of driver hidproc failed!

Could not process line:
hidproc
Status: 0xc0000034

Registry key \Registry\Machine\System\CurrentControlSet\Services\https not found!
Unload of driver https failed!

Could not process line:
https
Status: 0xc0000034

Driver gzqkx unloaded successfully.

Registry key \Registry\Machine\System\CurrentControlSet\Services\hidproc not found!
Unload of driver hidproc failed!

Could not process line:
hidproc
Status: 0xc0000034

Registry key \Registry\Machine\System\CurrentControlSet\Services\lanfs not found!
Unload of driver lanfs failed!

Could not process line:
lanfs
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\988FC5FC deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\A9C0AE3A deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ast
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\datl deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ffpbek
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gzqkx
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidproc
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\https
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\jsefusf deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs not found!
Deletion of registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs failed!

Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanfs
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mercha2 deleted successfully.

Could not open file C:\WINDOWS\\jsefusf.dll for deletion
Deletion of file C:\WINDOWS\\jsefusf.dll failed!

Could not process line:
C:\WINDOWS\\jsefusf.dll
Status: 0xc0000033

File C:\WINDOWS\system32\988FC5FC.EXE not found!
Deletion of file C:\WINDOWS\system32\988FC5FC.EXE failed!

Could not process line:
C:\WINDOWS\system32\988FC5FC.EXE
Status: 0xc0000034

File C:\WINDOWS\system32\A9C0AE3A.EXE deleted successfully.
File C:\WINDOWS\system32\A9C0AE3A.DLL deleted successfully.
File C:\WINDOWS\system32\A9C0AE3AT.EXE deleted successfully.

File C:\WINDOWS\system32\A9C0AE3A.EXE not found!
Deletion of file C:\WINDOWS\system32\A9C0AE3A.EXE failed!

Could not process line:
C:\WINDOWS\system32\A9C0AE3A.EXE
Status: 0xc0000034

File C:\WINDOWS\system32\4c13ntos.dll not found!
Deletion of file C:\WINDOWS\system32\4c13ntos.dll failed!

Could not process line:
C:\WINDOWS\system32\4c13ntos.dll
Status: 0xc0000034

File C:\WINDOWS\system32\4f4ecfsb.dl not found!
Deletion of file C:\WINDOWS\system32\4f4ecfsb.dl failed!

Could not process line:
C:\WINDOWS\system32\4f4ecfsb.dl
Status: 0xc0000034

File C:\WINDOWS\system32\4153ntos.dll not found!
Deletion of file C:\WINDOWS\system32\4153ntos.dll failed!

Could not process line:
C:\WINDOWS\system32\4153ntos.dll
Status: 0xc0000034

File C:\WINDOWS\system32\cievz.dll deleted successfully.
File C:\WINDOWS\system32\dufs2.exe deleted successfully.
File C:\WINDOWS\system32\dufs1.exe deleted successfully.
File C:\WINDOWS\system32\jsefusf.exe deleted successfully.
File C:\WINDOWS\system32\jjgfst1.exe deleted successfully.

File C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE not found!
Deletion of file C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE failed!

Could not process line:
C:\WINDOWS\system32\RUNDLLFROMWIN2000.EXE
Status: 0xc0000034

File C:\WINDOWS\system32\lsanp.dll deleted successfully.

File C:\WINDOWS\system32\mshtmll.dll not found!
Deletion of file C:\WINDOWS\system32\mshtmll.dll failed!

Could not process line:
C:\WINDOWS\system32\mshtmll.dll
Status: 0xc0000034

File C:\WINDOWS\system32\mssys32.exe not found!
Deletion of file C:\WINDOWS\system32\mssys32.exe failed!

Could not process line:
C:\WINDOWS\system32\mssys32.exe
Status: 0xc0000034

File C:\WINDOWS\system32\regsvr32.dll deleted successfully.
File C:\WINDOWS\system32\xpnap.exe deleted successfully.
File C:\WINDOWS\system32\kbnaxp.dll deleted successfully.
File C:\WINDOWS\system32\trtbc.dll deleted successfully.

File C:\WINDOWS\system32\cacheur.exe not found!
Deletion of file C:\WINDOWS\system32\cacheur.exe failed!

Could not process line:
C:\WINDOWS\system32\cacheur.exe
Status: 0xc0000034

File C:\WINDOWS\system32\srodzxdjht_nav.dat deleted successfully.
File C:\WINDOWS\system32\srodzxdjht_navps.dat deleted successfully.
File C:\WINDOWS\system32\srodzxdjht.dat deleted successfully.

File C:\WINDOWS\SYSTEM32\cryptimg.dll not found!
Deletion of file C:\WINDOWS\SYSTEM32\cryptimg.dll failed!

Could not process line:
C:\WINDOWS\SYSTEM32\cryptimg.dll
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\romman.sys deleted successfully.
File C:\WINDOWS\system32\drivers\ndcia.sys deleted successfully.

File C:\WINDOWS\system32\drivers\ast.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\ast.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\ast.sys
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\ffpbek.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\ffpbek.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\ffpbek.sys
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\gzqkx.sys deleted successfully.

File C:\WINDOWS\system32\drivers\hidproc.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\hidproc.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\hidproc.sys
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\https.sys not found!
Deletion of file C:\WINDOWS\system32\drivers\https.sys failed!

Could not process line:
C:\WINDOWS\system32\drivers\https.sys
Status: 0xc0000034

File C:\WINDOWS\system32\drivers\lanfs.sys deleted successfully.

File C:\WINDOWS\system32\drivers\ttp.exe not found!
Deletion of file C:\WINDOWS\system32\drivers\ttp.exe failed!

Could not process line:
C:\WINDOWS\system32\drivers\ttp.exe
Status: 0xc0000034

File C:\WINDOWS\system32\wbem\ocmor.dll deleted successfully.

File C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL not found!
Deletion of file C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL failed!

Could not process line:
C:\WINDOWS\SYSTEM32\WBEM\CROTE.DLL
Status: 0xc0000034

File C:\Program Files\Fichiers communs\System\Updaterun.exe not found!
Deletion of file C:\Program Files\Fichiers communs\System\Updaterun.exe failed!

Could not process line:
C:\Program Files\Fichiers communs\System\Updaterun.exe
Status: 0xc0000034

Folder C:\Program Files\Fichiers communs\CPUSH deleted successfully.

Could not open folder C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH for deletion
Deletion of folder C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH failed!

Could not process line:
C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH
Status: 0xc000003a

Folder C:\Program Files\ËÑË÷À not found!
Deletion of folder C:\Program Files\ËÑË÷À failed!

Could not process line:
C:\Program Files\ËÑË÷À
Status: 0xc0000034

Folder C:\Program Files\yvld deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
0
Réponse 13 / 47
lorg03 Messages postés 99 Statut Membre
 
voivie le rapport comboscan:

ComboScan v20070226.18 run by bayle on 2007-03-08 at 23:54:17
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as bayle.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 23:54:30, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Documents and Settings\bayle\Bureau\comboscan.exe
C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

-- Files created between 2007-02-08 and 2007-03-08 ------------------------------

2007-03-08 23:48:59 0 d-------- C:\avenger
2007-03-08 20:10:16 44224 --a------ C:\WINDOWS\system32\sdftj.dat
2007-03-08 15:45:34 0 d-------- C:\Program Files\Alexa Toolbar<ALEXAT~1>
2007-03-07 02:45:20 0 d--hs---- C:\FOUND.002
2007-03-01 18:53:32 10752 --a------ C:\WINDOWS\system32\drivers\i82440bx.sys
2007-02-27 19:12:22 41902 --a------ C:\WINDOWS\system32\431172599928.dat<4359C6~1.DAT>
2007-02-27 16:24:51 41902 --a------ C:\WINDOWS\system32\431172589876.dat<434DDF~1.DAT>
2007-02-27 07:30:11 42086 --a------ C:\WINDOWS\system32\431172557805.dat<434DBC~1.DAT>
2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
2007-02-27 01:22:48 42036 --a------ C:\WINDOWS\system32\431172535764.dat<4331D4~1.DAT>
2007-02-27 01:14:16 42036 --a------ C:\WINDOWS\system32\431172535255.dat<433DC6~1.DAT>
2007-02-26 06:01:49 42080 --a------ C:\WINDOWS\system32\431172466108.dat<434AB7~1.DAT>
2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461307.dat<4340B7~1.DAT>
2007-02-26 04:42:00 42080 --a------ C:\WINDOWS\system32\431172461303.dat<4330B7~1.DAT>
2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
2007-02-25 19:17:01 42030 --a------ C:\WINDOWS\system32\431172427410.dat<4320CD~1.DAT>
2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424302.dat<4326BF~1.DAT>
2007-02-25 18:25:11 42030 --a------ C:\WINDOWS\system32\431172424300.dat<4326B7~1.DAT>
2007-02-25 04:39:51 42030 --a------ C:\WINDOWS\system32\431172374790.dat<4339D8~1.DAT>
2007-02-24 21:48:22 0 d-------- C:\Rustbfix
2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
2007-02-23 21:07:20 42030 --a------ C:\WINDOWS\system32\431172261240.dat<432EBD~1.DAT>
2007-02-23 21:06:21 42030 --a------ C:\WINDOWS\system32\431172261173.dat<432AC3~1.DAT>
2007-02-23 03:22:48 42286 --a------ C:\WINDOWS\system32\431172197367.dat<4341DB~1.DAT>
2007-02-22 23:43:52 42286 --a------ C:\WINDOWS\system32\431172184232.dat<432FBE~1.DAT>
2007-02-22 21:25:40 42286 --a------ C:\WINDOWS\system32\431172175921.dat<433DB1~1.DAT>
2007-02-22 21:18:13 42286 --a------ C:\WINDOWS\system32\431172175486.dat<4345D7~1.DAT>
2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-02-22 09:49:52 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125156.dat<4339C6~1.DAT>
2007-02-22 07:19:24 42286 --a------ C:\WINDOWS\system32\431172125154.dat<4329CE~1.DAT>
2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124388.dat<4343DA~1.DAT>
2007-02-22 07:06:36 42286 --a------ C:\WINDOWS\system32\431172124382.dat<4323D2~1.DAT>
2007-02-22 05:18:17 42286 --a------ C:\WINDOWS\system32\431172117895.dat<434DD9~1.DAT>
2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073651.dat<4334C7~1.DAT>
2007-02-21 17:01:01 42142 --a------ C:\WINDOWS\system32\431172073648.dat<4340C3~1.DAT>
2007-02-21 05:59:47 42142 --a------ C:\WINDOWS\system32\431172033987.dat<4340D5~1.DAT>
2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025439.dat<431172~4.DAT>
2007-02-21 03:37:29 42142 --a------ C:\WINDOWS\system32\431172025435.dat<431172~3.DAT>
2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-21 02:51:13 42142 --a------ C:\WINDOWS\system32\431172022672.dat<431172~2.DAT>
2007-02-21 02:50:12 42142 --a------ C:\WINDOWS\system32\431172022612.dat<431172~1.DAT>
2007-02-21 00:16:48 0 d--hs---- C:\FOUND.001
2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
2007-02-20 15:54:06 37376 --a------ C:\WINDOWS\system32\jsefusf.dll
2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
2007-02-18 19:44:51 171 --a------ C:\WINDOWS\system32\988FC5FC.dat
2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>

-- Find3M Report ----------------------------------------------------------------

2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"LaunchApp"="Alaunch"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ttp"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\drivers\\ttp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}"="NetCache"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ast
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ffpbek
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanfs
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\msusbbux
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ndcia
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\romman

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Tech

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

-- End of ComboScan: finished at 2007-03-08 at 23:56:51 -------------------------
0
Réponse 14 / 47
lorg03 Messages postés 99 Statut Membre
 
et pour finir, le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 23:58:52, on 08/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\bayle\Bureau\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll (file missing)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

merci de m aider, j epsere qu on pourra resoudre les problemes car je telecharge plein de scan ou d anti spyware ou par feu, et du coup mon ordinateur met du temps a tout assimiler au demarrage...

merci
a++
0
Réponse 15 / 47
zBr
 
Salut Lorg

C'est mieux depuis le passage d'Avenger, mais il reste encore du boulot !

Commence par désinstaller Alexa toolbar dans ajout/Suppression de programmes.

Ensuite j'aimerais que tu fasse scanner les fichiers si-dessous ici:
http://www.virustotal.com/en/virustotalx.html
C:\WINDOWS\system32\drivers\CO_Mon.sys
C:\WINDOWS\system32\drivers\i82440bx.sys
Hier j'avais oublié de te les mettre dans la liste :-)

Ouvre le bloc notes et copie et colle la totalité de ce qui est en bleu ci-dessous: 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"=-
"{4ED6E0B5-F47A-4609-A940-11CF60FDC3C3}"=-

[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ast]
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ffpbek]
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\hidproc]
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\https]
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\lanfs]
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\msusbbux]
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\ndcia]
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\romman]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32\drivers\ttp.exe]

Puis clic sur FICHIER dans le menu et sur Enregistrer sous.
Choisis le bureau comme lieu de destination.
- Dans [Nom du fichier]:
Mets fix.reg

- Dans [Type]
Choisis tous les fichiers
Et clic sur [Enregistrer]

Une fois fait, redemarre en mode sans échec (impératif).
Redemarre le pc, laisse passer l'écran du bios, puis tapote sur la touche F8 avant qu'apparaisse l'écran de chargement de windows.
Choisis le mode sans échec dans les options et valide avec entrée.
Rend visible les fichiers cachés et systeme
panneau de configuration > options des dossiers > onglet affichage
Cocher la case devant " afficher les fichiers et dossiers cachés "
Décocher la case devant " masquer les extentions des fichiers dont le type est connu"
Décocher la case devant " masquer les fichiers protégés du système"
clic sur [Appliquer] puis sur [ok] pour valider

/!\ Ne pas oublier une fois le nettoyage terminé de faire l'inverse pour recacher les fichiers.

Lance hijackthis et clic sur [Do a system scan only]
Coche la case au début des lignes suivantes:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://xyz.union123.com/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll

O2 - BHO: AlxTB BHO - {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} - C:\WINDOWS\system32\AlxTB1.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Fichiers communs\CPUSH\cpush0.dll (file missing)
02 - BHO: (no name) - {27894913-c964-4520-ae2b-1b294ae19f4f} - C:\WINDOWS\system32\4520ntos.dll
O2 - BHO: (no name) - {7f7590b9-9b75-4074-8b0d-4e03f37a8dbf} - C:\WINDOWS\system32\4074cfsb.dll

O3 - Toolbar: c964 - {DFCB34B6-902D-426E-AE2B-1B294AE19F4F} - C:\WINDOWS\system32\4520ntos.dll
O3 - Toolbar: Alexa - {3CEFF6CD-6F08-4e4d-BCCD-FF7415288C3B} - C:\WINDOWS\system32\SHDOCVW.DLL

O8 - Extra context menu item: Alexa Web Search - http://client.alexa.com/holiday/script/actions/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Get Alexa Data - http://client.alexa.com/holiday/script/actions/sitedata.htm
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/actions/mailto.htm
O8 - Extra context menu item: See Related Links - http://client.alexa.com/holiday/script/actions/related.htm
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: ²Æ¸»Í¨ - {C1F0024B-8278-4999-B7E6-2718426D9FE6} - C:\WINDOWS\system32\shdocvw.dll (HKCU)

Valide en cliquant sur le bouton [Fix checked]

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Recherche et supprime ces fichiers s'ils sont présent:
(N'utilise pas la fonction "Rechercher", rends toi directement dans les dossiers avec l'explorateur)

C:\WINDOWS\system32\AlxTB1.dll
C:\WINDOWS\system32\jsefusf.dll
C:\WINDOWS\system32\4520ntos.dll
C:\WINDOWS\system32\4074cfsb.dll
C:\WINDOWS\system32\988FC5FC.dat
C:\WINDOWS\system32\431172125156.dat
C:\WINDOWS\system32\431172125154.dat
C:\WINDOWS\system32\431172124388.dat
C:\WINDOWS\system32\431172124382.dat
C:\WINDOWS\system32\431172117895.dat
C:\WINDOWS\system32\431172073651.dat
C:\WINDOWS\system32\431172073648.dat
C:\WINDOWS\system32\431172033987.dat
C:\WINDOWS\system32\431172025439.dat
C:\WINDOWS\system32\431172025435.dat
C:\WINDOWS\system32\431172175486.dat
C:\WINDOWS\system32\431172175921.dat
C:\WINDOWS\system32\431172261240.dat
C:\WINDOWS\system32\431172261173.dat
C:\WINDOWS\system32\431172197367.dat
C:\WINDOWS\system32\431172184232.dat
C:\WINDOWS\system32\431172424302.dat
C:\WINDOWS\system32\431172424300.dat
C:\WINDOWS\system32\431172374790.dat
C:\WINDOWS\system32\431172022672.dat
C:\WINDOWS\system32\431172022612.dat
C:\WINDOWS\system32\431172535764.dat
C:\WINDOWS\system32\431172535255.dat
C:\WINDOWS\system32\431172466108.dat
C:\WINDOWS\system32\431172461307.dat
C:\WINDOWS\system32\431172461303.dat
C:\WINDOWS\system32\431172599928.dat
C:\WINDOWS\system32\431172589876.dat
C:\WINDOWS\system32\431172557805.dat
C:\FOUND.001
C:\FOUND.002
C:\Program Files\Alexa Toolbar
C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Sur ton bureau, double clic sur le fichier Fix.reg et accepte la fusion dans le registre

-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_

Redemarre ton pc normalement.
Si un ou plusieurs fichiers nont pas pu être supprimés en mode sans échec, réessaye de les supprimer à cette étape de la manip.
Ensuite fais ceci:

Demarrer >> Exécuter et copie et colle ceci: (y compris les guillemets)

"C:\Documents and Settings\bayle\Bureau\comboscan.exe" /config

Valide

Dans la fenetre qui va s'ouvrir et dans la partie MODULES assures- toi que les options:
Temp cleanup
Drivers
Services
File dump
Registry dump
SOIT BIEN COCHEES !!
Valide en cliquant sur "Scan" et clic sur OK pour lancer l'analyse de Comboscan.

Poste ici le rapport d'analyse des deux fichiers (si positif) + celui de comboscan, ainsi que le contenu du fichier C:\WINDOWS\ntbtlog.txt
Ca risque de faire assez volumineux lol, poste les en plusieurs fois si tu vois qu'ils ne rentrent pas dans un seul message.

a+ et bon courage.

PS:
Dis moi si tu as rencontré des problèmes de suppression de fichiers afin de prevoir une autre manip pour les virer.
0
Réponse 16 / 47
lorg03 Messages postés 99 Statut Membre
 
voici le rappor du scan pr le fichier C:\WINDOWS\system32\drivers\i82440bx.sys

Antivirus Version Update Result
AntiVir 7.3.1.41 03.08.2007 no virus found
Authentium 4.93.8 03.07.2007 no virus found
Avast 4.7.936.0 03.08.2007 no virus found
AVG 7.5.0.447 03.08.2007 Generic3.GFG
BitDefender 7.2 03.08.2007 no virus found
CAT-QuickHeal 9.00 03.08.2007 Rootkit.Agent.di
ClamAV devel-20060426 03.08.2007 no virus found
DrWeb 4.33 03.08.2007 no virus found
eSafe 7.0.14.0 03.08.2007 no virus found
eTrust-Vet 30.6.3464 03.08.2007 no virus found
Ewido 4.0 03.07.2007 no virus found
FileAdvisor 1 03.08.2007 no virus found
Fortinet 2.85.0.0 03.08.2007 no virus found
F-Prot 4.3.1.45 03.07.2007 no virus found
F-Secure 6.70.13030.0 03.08.2007 Trojan.Win32.Agent.afb
Ikarus T3.1.1.3 03.08.2007 no virus found
Kaspersky 4.0.2.24 03.08.2007 Trojan.Win32.Agent.afb
McAfee 4980 03.08.2007 New Malware.z
Microsoft 1.2204 03.08.2007 no virus found
NOD32v2 2103 03.08.2007 no virus found
Norman 5.80.02 03.07.2007 W32/Agent.BDML
Panda 9.0.0.4 03.08.2007 no virus found
Prevx1 V2 03.08.2007 no virus found
Sophos 4.15.0 03.07.2007 no virus found
Sunbelt 2.2.907.0 03.07.2007 no virus found
Symantec 10 03.08.2007 no virus found
TheHacker 6.1.6.072 03.07.2007 no virus found
UNA 1.83 03.07.2007 no virus found
VBA32 3.11.2 03.07.2007 no virus found
VirusBuster 4.3.19:9 03.08.2007 no virus found

Aditional Information
File size: 10752 bytes
MD5: fa601e57f44abb98e7fd86692a224d25
SHA1: 2c1a5d48237b2a1fbf29390fdd4e54c56c08ef3a
0
Réponse 17 / 47
lorg03 Messages postés 99 Statut Membre
 
pr le fichier C:\WINDOWS\system32\drivers\CO_Mon.sys, aucun virus n a ete trouvé...bon signe
0
Réponse 18 / 47
zBr
 
Merci lorg :-)

Dans la manip que je t'ai donné, rajoute simplement :
C:\WINDOWS\system32\drivers\i82440bx.sys
Dans la liste des fichiers à supprimer.

Sacrée infection que tu as choppé là !!
Sans être indiscret tu l'as prise ou ? (si tu te souviens...)

a++
0
Réponse 19 / 47
lorg03 Messages postés 99 Statut Membre
 
voici le rapport comboscan:

-- HijackThis (run as bayle.exe) ------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:00:45, on 09/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\bayle\Bureau\comboscan.exe
C:\DOCUME~1\bayle\Bureau\HIJACK~1\bayle.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpyCatcher Reminder] "C:\Program Files\SpyCatcher 2006\SpyCatcher.exe" reminder
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O4 - Global Startup: SpyCatcher Protector.lnk = C:\Program Files\SpyCatcher 2006\Protector.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------

3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3R AR5211 (Atheros Wireless Network Adapter Service) - C:\WINDOWS\system32\drivers\ar5211.sys
1R AVG Anti-Spyware Driver - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
1R AvgAsCln (AVG Anti-Spyware Clean Driver) - C:\WINDOWS\system32\drivers\AvgAsCln.sys
3S CO_Mon - C:\WINDOWS\system32\drivers\CO_Mon.sys
3R DKbFltr (Dritek HotKey Keyboard Filter Driver) - C:\WINDOWS\system32\drivers\DKbFltr.SYS
1R eeCtrl (Symantec Eraser Control driver) - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
3R EraserUtilRebootDrv - C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0R fowf_n - C:\WINDOWS\system32\drivers\fowf_n.sys
1R fwdrv (Firewall Driver) - C:\WINDOWS\system32\drivers\fwdrv.sys
3S gmer - C:\WINDOWS\system32\drivers\gmer.sys
0S gzqkx (gzqk) - C:\WINDOWS\system32\DRIVERS\gzqkx.sys (not found)
3R HSFHWSIS - C:\WINDOWS\system32\drivers\HSFHWSIS.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
1R intelppm (Pilote de processeur Intel) - C:\WINDOWS\system32\drivers\intelppm.sys
3S Jukebox3 - C:\WINDOWS\system32\drivers\ctpdusb.sys
1R khips (Kerio HIPS Driver) - C:\WINDOWS\system32\drivers\khips.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3R NAVENG - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070308.018\NAVENG.SYS
3R NAVEX15 - C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20070308.018\NAVEX15.SYS
2S ndcia - C:\WINDOWS\system32\drivers\ndcia.sys (not found)
3R NTIDrvr (Upper Class Filter Driver) - C:\WINDOWS\system32\drivers\NTIDrvr.sys
2R osaio - C:\WINDOWS\system32\drivers\osaio.sys
2R osanbm - C:\WINDOWS\system32\drivers\osanbm.sys
3R pfc (Padus ASPI Shell) - C:\WINDOWS\system32\drivers\pfc.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
2S romman - C:\WINDOWS\system32\drivers\romman.sys (not found)
3R SiS315 - C:\WINDOWS\system32\drivers\sisgrp.sys
0R SISAGP (SiS AGP Filter) - C:\WINDOWS\system32\drivers\SISAGPX.SYS
1R SiSkp - C:\WINDOWS\system32\drivers\srvkp.sys
3R SISNICXP (SiS PCI Fast Ethernet Adapter Driver for NDIS51) - C:\WINDOWS\system32\drivers\sisnicxp.sys
1R SPBBCDrv - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
0R sptd - C:\WINDOWS\system32\drivers\sptd.sys
1R SRTSP - C:\WINDOWS\system32\drivers\srtsp.sys
3S SRTSPL - C:\WINDOWS\system32\drivers\srtspl.sys
1R SRTSPX - C:\WINDOWS\system32\drivers\srtspx.sys
3R SYMDNS - C:\WINDOWS\system32\drivers\symdns.sys
3R SymEvent - C:\WINDOWS\system32\drivers\SYMEVENT.SYS
3R SYMFW - C:\WINDOWS\system32\drivers\symfw.sys
3R SYMIDS - C:\WINDOWS\system32\drivers\symids.sys
3R SYMIDSCO - C:\Program Files\Fichiers communs\Symantec Shared\SymcData\idsdefs\20070302.001\SymIDSCo.sys
3R SYMNDIS - C:\WINDOWS\system32\drivers\symndis.sys
3R SYMREDRV - C:\WINDOWS\system32\drivers\symredrv.sys
1R SYMTDI - C:\WINDOWS\system32\drivers\symtdi.sys
3R SynTP (Synaptics TouchPad Driver) - C:\WINDOWS\system32\drivers\SynTP.sys
0R uagp35 (Filtre AGP version 3.5 Microsoft) - C:\WINDOWS\system32\drivers\UAGP35.SYS
0R UBHelper - C:\WINDOWS\system32\drivers\UBHelper.sys
3R usbehci (Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0) - C:\WINDOWS\system32\drivers\usbehci.sys
3R usbohci (Pilote miniport de contrôleur hôte ouvert USB Microsoft) - C:\WINDOWS\system32\drivers\usbohci.sys
3R USBSTOR (Pilote de stockage de masse USB) - C:\WINDOWS\system32\drivers\USBSTOR.SYS
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
3S WpdUsb - C:\WINDOWS\system32\drivers\wpdusb.sys

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

2R anbmService (Notebook Manager Service) - C:\Acer\eManager\anbmServ.exe
2R Automatic LiveUpdate Scheduler - "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
2R AVG Anti-Spyware Guard - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
2R ccEvtMgr (Symantec Event Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R ccSetMgr (Symantec Settings Manager) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
2R CLTNetCnService (Symantec Lic NetConnect service) - "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
3S comHost (COM Host) - "C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe"
2R Creative Service for CDROM Access - C:\WINDOWS\system32\CTsvcCDA.EXE
2S Fax - C:\WINDOWS\system32\fxssvc.exe
4S IDriverT (InstallDriver Table Manager) - "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
3S ISPwdSvc (Symantec IS Password Validation) - "C:\Program Files\Norton Internet Security\isPwdSvc.exe"
2R KPF4 (Sunbelt Kerio Personal Firewall 4) - "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
3R LiveUpdate - "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
3S ose (Office Source Engine) - "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
3S Symantec Core LC - "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"
2R SymAppCore (Symantec AppCore Service) - "C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"
2R UMWdf (Windows User Mode Driver Framework) - C:\WINDOWS\system32\wdfmgr.exe
2R WinDefend (Windows Defender) - "C:\Program Files\Windows Defender\MsMpEng.exe"

-- Files created between 2007-02-09 and 2007-03-09 ------------------------------

2007-03-08 23:48:59 0 d-------- C:\avenger
2007-03-08 20:10:16 44224 --a------ C:\WINDOWS\system32\sdftj.dat
2007-03-01 18:53:32 10752 --a------ C:\WINDOWS\system32\drivers\i82440bx.sys
2007-02-27 01:33:24 0 d-------- C:\Documents and Settings\bayle\Application Data\Tenebril
2007-02-27 01:23:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Tenebril
2007-02-27 01:23:37 0 d-------- C:\WINDOWS\system32\tenarchlib<TENARC~1>
2007-02-27 01:23:37 176128 --a-s---- C:\WINDOWS\system32\Interceptor.dll<INTERC~1.DLL>
2007-02-27 01:23:37 307200 --a-s---- C:\WINDOWS\system32\InterceptHelper.dll<INTERC~2.DLL>
2007-02-27 01:23:36 180224 --a-s---- C:\WINDOWS\system32\archlib.dll
2007-02-27 01:23:36 0 d-------- C:\Program Files\SpyCatcher 2006<SPYCAT~1>
2007-02-26 04:38:00 0 d-------- C:\WINDOWS\WBEM
2007-02-26 04:37:58 0 d-------- C:\WINDOWS\system32\fr-fr
2007-02-26 04:36:28 0 d--h----- C:\WINDOWS\ie7
2007-02-26 04:35:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-02-26 04:34:57 121856 -----n--- C:\WINDOWS\system32\xmllite.dll
2007-02-26 04:24:11 14826288 --a------ C:\Program Files\IE7-WindowsXP-x86-fra.exe<IE7-WI~1.EXE>
2007-02-25 19:17:01 42030 --a------ C:\WINDOWS\system32\431172427410.dat<4320CD~1.DAT>
2007-02-25 18:58:50 0 d-------- C:\Program Files\Sunbelt Software<SUNBEL~1>
2007-02-24 21:48:22 0 d-------- C:\Rustbfix
2007-02-24 19:37:45 80 --a------ C:\WINDOWS\gmer_uninstall.cmd<GMER_U~1.CMD>
2007-02-24 19:30:37 0 d-------- C:\_OTMoveIt<_OTMOV~1>
2007-02-23 21:18:30 3968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-23 21:18:28 0 d-------- C:\Program Files\Grisoft
2007-02-22 21:02:11 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-02-22 09:49:52 0 d-------- C:\Program Files\SpywareBlaster<SPYWAR~1>
2007-02-22 09:48:18 0 d-------- C:\Program Files\a-squared Free<A-SQUA~1>
2007-02-22 08:01:22 0 d-------- C:\WINDOWS\BDOSCAN8
2007-02-21 03:33:39 0 d--h----- C:\WINDOWS\$hf_mig$
2007-02-21 00:04:49 1 --a------ C:\WINDOWS\system32\index.dat
2007-02-20 18:48:19 0 d-------- C:\Program Files\CCleaner
2007-02-20 13:34:08 71088 --a------ C:\WINDOWS\system32\drivers\khips.sys
2007-02-20 13:34:02 302000 --a------ C:\WINDOWS\system32\drivers\fwdrv.sys
2007-02-19 21:08:45 0 d-------- C:\WINDOWS\pss
2007-02-15 21:02:47 0 d-------- C:\Program Files\Windows Defender<WIFD1F~1>
2007-02-15 20:58:40 0 d-------- C:\Documents and Settings\bayle\Application Data\Lavasoft
2007-02-15 19:12:13 28672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-02-15 00:05:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy<SPYBOT~1>
2007-02-14 00:36:40 0 d-------- C:\Program Files\BitComet
2007-02-13 23:41:59 0 d-------- C:\Program Files\Western Digital Technologies<WESTER~1>

-- Find3M Report ----------------------------------------------------------------

2007-02-17 19:12:36 369864 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-02-17 19:12:36 49924 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-01-15 06:28:54 48776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

-- Registry Dump ----------------------------------------------------------------

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
"SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
"SoundMan"="SOUNDMAN.EXE"
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"
"SiS Windows KeyHook"="C:\\WINDOWS\\system32\\keyhook.exe"
"PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"PCMService"="\"C:\\Program Files\\Arcade\\PCMService.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"LManager"="C:\\Program Files\\Launch Manager\\QtZgAcer.EXE"
"LaunchApp"="Alaunch"
"IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"SpyCatcher Reminder"="\"C:\\Program Files\\SpyCatcher 2006\\SpyCatcher.exe\" reminder"
"TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="interceptor.dll,c:\progra~1\google\google~1\goec62~1.dll c:\progra~1\google\google~1\goec62~1.dll"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\i82440bx

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
Tech

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST

-- End of ComboScan: finished at 2007-03-09 at 20:03:06 -------------------------
0
Réponse 20 / 47
lorg03 Messages postés 99 Statut Membre
 
je n ai aps reussi a trouver les fichiers suivants:

C:\WINDOWS\system32\AlxTB1.dll
C:\WINDOWS\system32\4520ntos.dll
C:\WINDOWS\system32\4074cfsb.dll
C:\Documents and Settings\bayle\Application Data\Fichiers communs\CPUSH

sinon, je voulais savoir si je devais aussi effacer les fichiers suivants qui sont similaires a ceux deja effacer:

C:\FOUND.000
C:\WINDOWS\system32\431172427410.dat

Quant a mon infection, je pense l avoir chopée en telechargeant un logiciel asiatique je crois, qui permettait de regarder la tele sur ordinateur, notament le sport...bien sur ca n a pas vraiment marché et je m en suis debarassé masi c etait trop tard...
0

Discussions similaires

Supprimer compte Tendermeets.com
anonyme -
anonyme -

1 réponse