Sujet Précédent Sujet Suivant

Win32:bho-kd [TRJ]

Fermé
seifer - 15 janv. 2008 à 22:51
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 11 févr. 2008 à 23:34
Mon ordinateur est infecté depuis 2 semaines par Win32:BHO-KD [trj] Avast le détecte mais ne réussit ni à le supprimer, ni à le mettre en quarantaine Est ce que quelqu'un a une solution ? Merci beaucoup pour vos réponses

16 réponses

Réponse 1 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
16 janv. 2008 à 00:03
Bonsoir

Télécharge sur le bureau
ftp://ftp.commentcamarche.com/download/HJTInstall.exe

=> Double-clic dessus
=> installe
=> Clic Do a system scan and save the log
=> coller le rapport
si problème voir l'aide
http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm
@+
0
Réponse 2 / 16
seifer
16 janv. 2008 à 06:08
Merci pour ta réponse

Voici le rapport : Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 06:02:24, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\apps\ABoard\AOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {1243E8C7-1468-4CB5-990A-1369B3D70894} - C:\WINDOWS\system32\ssqpn.dll (file missing)
O2 - BHO: Dcads Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\dcads_sidebar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {98F02F40-3C00-4C5A-984D-5485184BDF0F} - C:\WINDOWS\system32\apcup.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {e67b9660-8930-440f-a084-7977bfdcf458} - C:\WINDOWS\system32\osojcntr.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SYSTRAV] newbreed.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [newbreed] dialer423.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [dmdud.exe] C:\WINDOWS\system32\dmdud.exe
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A37407C0-03D9-460C-9CC5-52907F4DE565}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 3 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
16 janv. 2008 à 19:07
Bonsoir

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix,
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
@+
0
Réponse 4 / 16
seifer
16 janv. 2008 à 20:28
bonsoir voila le rapport : ComboFix 08-01-16.4 - cyril.h 2008-01-16 20:13:56.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.184 [GMT 1:00]
Running from: C:\Documents and Settings\cyril.h\Local Settings\Temporary Internet Files\Content.IE5\EWRWEQEM\ComboFix[1].exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2007-12-16 to 2008-01-16 ))))))))))))))))))))))))))))))))))))
.

2008-01-14 19:54 . 2008-01-15 13:37 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Microsoft Games
2008-01-14 19:35 . 2008-01-14 19:35 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Skype
2008-01-10 19:54 . 2008-01-10 19:54 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Apple Computer
2008-01-10 17:31 . 2008-01-10 17:31 <REP> d-------- C:\VundoFix Backups
2008-01-10 16:42 . 2008-01-10 16:53 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-09 23:53 . 2008-01-09 23:53 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 21:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 14:34 . 2008-01-09 14:34 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\OD2
2008-01-09 03:41 . 2008-01-09 03:41 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\InterTrust
2008-01-09 03:35 . 2008-01-09 03:35 <REP> d----c--- C:\Documents and Settings\cyril~h\LOCALS~1
2008-01-09 00:55 . 2008-01-09 00:55 268 --ah----- C:\sqmdata17.sqm
2008-01-09 00:55 . 2008-01-09 00:55 244 --ah----- C:\sqmnoopt17.sqm
2008-01-09 00:49 . 2008-01-09 01:48 <REP> d----c--- C:\Documents and Settings\cyril.h\Contacts
2008-01-09 00:48 . 2008-01-09 00:48 268 --ah----- C:\sqmdata16.sqm
2008-01-09 00:48 . 2008-01-09 00:48 244 --ah----- C:\sqmnoopt16.sqm
2008-01-08 20:09 . 2008-01-16 11:44 <REP> d----c--- C:\Documents and Settings\cyril.h\Shared
2008-01-08 20:09 . 2008-01-16 13:25 <REP> d----c--- C:\Documents and Settings\cyril.h\Incomplete
2008-01-08 20:09 . 2008-01-16 05:38 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\LimeWire
2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Voisinage réseau
2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Voisinage d'impression
2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Modèles
2008-01-08 18:21 . 2008-01-11 05:27 <REP> dr---c--- C:\Documents and Settings\cyril.h\Mes documents
2008-01-08 18:21 . 2004-08-16 16:55 <REP> dr---c--- C:\Documents and Settings\cyril.h\Menu Démarrer
2008-01-08 18:21 . 2008-01-16 02:16 <REP> dr---c--- C:\Documents and Settings\cyril.h\Favoris
2008-01-08 18:21 . 2008-01-16 05:54 <REP> dr---c--- C:\Documents and Settings\cyril.h\Bureau
2008-01-08 18:21 . 2005-08-09 16:14 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\You've Got Pictures Screensaver
2008-01-08 18:21 . 2005-08-09 16:07 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Symantec
2008-01-05 03:57 . 2008-01-07 13:00 474 ---hs---- C:\WINDOWS\system32\pljreune.ini
2008-01-05 02:56 . 2008-01-05 02:56 <REP> d----c--- C:\Program Files\Glory of the Roman Empire - DEMO
2008-01-03 03:26 . 2008-01-03 03:26 268 --ah----- C:\sqmdata15.sqm
2008-01-03 03:26 . 2008-01-03 03:26 244 --ah----- C:\sqmnoopt15.sqm
2008-01-01 15:34 . 2008-01-01 15:34 268 --ah----- C:\sqmdata14.sqm
2008-01-01 15:34 . 2008-01-01 15:34 244 --ah----- C:\sqmnoopt14.sqm
2008-01-01 15:33 . 2008-01-05 02:06 714 ---hs---- C:\WINDOWS\system32\uolfpfwt.ini
2007-12-30 21:42 . 2007-12-30 21:42 268 --ah----- C:\sqmdata13.sqm
2007-12-30 21:42 . 2007-12-30 21:42 244 --ah----- C:\sqmnoopt13.sqm
2007-12-29 21:04 . 2007-12-29 21:04 268 --ah----- C:\sqmdata12.sqm
2007-12-29 21:04 . 2007-12-29 21:04 244 --ah----- C:\sqmnoopt12.sqm
2007-12-29 14:33 . 2007-12-29 14:33 268 --ah----- C:\sqmdata11.sqm
2007-12-29 14:33 . 2007-12-29 14:33 244 --ah----- C:\sqmnoopt11.sqm
2007-12-29 02:58 . 2007-12-29 02:58 90,176 -----c--- C:\WINDOWS\system32\nvdbnmya.dll
2007-12-29 02:58 . 2007-12-29 14:22 1,126 ---hs---- C:\WINDOWS\system32\aymnbdvn.ini
2007-12-29 02:55 . 2007-12-29 02:55 77,888 --a--c--- C:\WINDOWS\system32\bxwiuxjx.dll
2007-12-28 23:16 . 2007-12-28 23:16 268 --ah----- C:\sqmdata10.sqm
2007-12-28 23:16 . 2007-12-28 23:16 244 --ah----- C:\sqmnoopt10.sqm
2007-12-28 02:54 . 2007-12-28 02:54 3,120 --a------ C:\WINDOWS\system32\118290.54
2007-12-28 02:54 . 2007-12-28 02:54 3,120 --a------ C:\WINDOWS\118294.78
2007-12-28 02:53 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2007-12-28 02:53 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-12-28 02:53 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-12-28 01:40 . 2007-12-28 01:40 <REP> d----c--- C:\Documents and Settings\marie-noelle\Application Data\vlc
2007-12-28 01:31 . 2007-12-28 01:31 268 --ah----- C:\sqmdata09.sqm
2007-12-28 01:31 . 2007-12-28 01:31 244 --ah----- C:\sqmnoopt09.sqm
2007-12-28 01:15 . 19,456 C:\WINDOWS\system32\drivers\rgqgrrfd.dat
2007-12-28 01:14 . 2004-08-05 13:00 84,992 --a--c--- C:\WINDOWS\system32\apcup.dll
2007-12-28 01:14 . 2007-12-28 01:14 268 --ah----- C:\sqmdata08.sqm
2007-12-28 01:14 . 2007-12-28 01:14 244 --ah----- C:\sqmnoopt08.sqm
2007-12-27 18:06 . 2007-12-27 18:06 <REP> d----c--- C:\Documents and Settings\marie-noelle\Application Data\Motive
2007-12-27 17:24 . 2007-12-27 17:24 268 --ah----- C:\sqmdata07.sqm
2007-12-27 17:24 . 2007-12-27 17:24 244 --ah----- C:\sqmnoopt07.sqm
2007-12-26 13:56 . 2007-12-26 13:56 77,376 --a--c--- C:\WINDOWS\system32\osojcntr.dll
2007-12-26 13:53 . 2007-12-29 02:53 1,006 ---hs---- C:\WINDOWS\system32\hshsqrus.ini
2007-12-25 13:57 . 2007-12-26 01:31 714 ---hs---- C:\WINDOWS\system32\gxjysujb.ini
2007-12-25 07:42 . 2007-12-25 07:42 474 ---hs---- C:\WINDOWS\system32\ikoofnnl.ini
2007-12-23 22:56 . 2007-12-25 07:37 414 ---hs---- C:\WINDOWS\system32\xyfwyugf.ini
2007-12-22 22:06 . 2007-12-29 21:06 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 20:28 . 2007-12-22 20:28 268 --ah----- C:\sqmdata06.sqm
2007-12-22 20:28 . 2007-12-22 20:28 244 --ah----- C:\sqmnoopt06.sqm
2007-12-17 18:14 . 2007-12-17 18:14 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
2007-12-17 18:14 . 2007-12-17 18:14 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-17 18:14 . 2007-12-17 18:14 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2007-12-17 14:11 . 2007-12-17 14:11 268 --ah----- C:\sqmdata05.sqm
2007-12-17 14:11 . 2007-12-17 14:11 244 --ah----- C:\sqmnoopt05.sqm
2007-12-17 02:27 . 2007-12-22 22:13 4 --a------ C:\WINDOWS\INI2=No
2007-12-17 02:27 . 2007-12-22 22:13 4 --a------ C:\WINDOWS\INI1=No

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 00:56 --------- dc----w C:\Program Files\Messenger Plus! Live
2008-01-15 03:49 77,379 ----a-w C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
2008-01-14 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 18:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-01-14 18:50 --------- d-----w C:\Program Files\Microsoft Games
2008-01-10 16:29 --------- dc----w C:\Program Files\Trend Micro
2008-01-09 02:50 --------- dc----w C:\Program Files\AOL 8.0
2008-01-08 00:35 --------- dc----w C:\Program Files\AOL Toolbar
2008-01-08 00:35 --------- dc----w C:\Program Files\AOL 9.0
2008-01-08 00:33 --------- d-----w C:\Program Files\DivX
2008-01-08 00:33 --------- d-----w C:\Program Files\AIM
2008-01-03 04:30 --------- dc----w C:\Program Files\AOL 9.0a
2008-01-03 04:29 --------- dc----w C:\Program Files\GameSpy Arcade
2008-01-03 04:29 --------- d-----w C:\Program Files\SLD Codec Pack
2008-01-03 04:29 --------- d-----w C:\Program Files\JVTorrent
2007-12-31 02:46 --------- d-----w C:\Program Files\Capturino V1.3
2007-12-31 02:43 --------- d-----w C:\Program Files\Every Toolbar 1.1
2007-12-27 16:20 --------- d-----w C:\Program Files\Google
2007-12-23 14:45 --------- dc----w C:\Program Files\Dial-Messenger
2007-12-18 08:53 80,097 ----a-w C:\WINDOWS\system32\dcads-remove.exe
2007-12-17 16:47 --------- dc----w C:\Program Files\PlayMP3z
2007-12-15 22:16 40,731 ----a-w C:\WINDOWS\system32\superiorads-uninst.exe
2007-12-15 22:16 --------- dc----w C:\Program Files\Dcads Games Collection
2007-12-15 18:47 134 ----a-w C:\n.bat
2007-12-15 18:46 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2007-12-12 10:31 --------- dc----w C:\Program Files\iTunes
2007-12-12 10:31 --------- dc----w C:\Program Files\iPod
2007-12-12 10:28 --------- dc----w C:\Program Files\QuickTime
2007-12-10 18:47 303,104 ----a-w C:\WINDOWS\system32\dcads_sidebar.dll
2007-12-05 19:06 --------- dc----w C:\Program Files\Samsung
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 -c--a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-29 19:52 --------- dc----w C:\Program Files\American Conquest
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2006-03-07 17:44 560 -c--a-w C:\Program Files\Global.sw
2006-10-18 00:11 88 --sh--r C:\WINDOWS\system32\1B8B9650E2.sys
2006-10-18 00:27 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-10_21.38.27.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-09 20:21:55 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-16 19:13:18 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-09 20:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-16 19:13:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-09 20:21:55 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-16 19:13:18 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-09 20:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-16 19:13:18 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-09 20:21:55 1,536,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-16 19:13:18 1,822,720 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-09 20:21:55 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-16 19:13:18 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-14 22:18:05 57,344 ----a-r C:\WINDOWS\Installer\{15292416-A464-4FBA-BB96-7298EAACFC07}\ARPPRODUCTICON.exe
- 2007-12-12 10:32:05 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
+ 2008-01-10 18:54:35 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
- 2008-01-09 17:01:22 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-10 19:33:26 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-09 17:01:22 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-10 19:33:27 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-09 17:01:22 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-10 19:33:27 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-09 17:01:22 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-10 19:33:27 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-15 12:30:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4cc.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1243E8C7-1468-4CB5-990A-1369B3D70894}]
C:\WINDOWS\system32\ssqpn.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2007-12-10 19:47 303104 --a------ C:\WINDOWS\system32\dcads_sidebar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98F02F40-3C00-4C5A-984D-5485184BDF0F}]
2004-08-05 13:00 84992 --a--c--- C:\WINDOWS\system32\apcup.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e67b9660-8930-440f-a084-7977bfdcf458}]
2007-12-26 13:56 77376 --a--c--- C:\WINDOWS\system32\osojcntr.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 14:13 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-09 16:05 180269]
"SYSTRAV"="newbreed.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"StartFoxie"="C:\Program Files\Foxie Suite\StartFoxie.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-01-04 15:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 04:52 36864]
"PopUp Destroy"="C:\Program Files\PopUp Destroy\Popup-Destroy.exe" [ ]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
"newbreed"="dialer423.exe" []
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 11:50 155648]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 14:43 98304]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2002-08-23 15:50 40960]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 10:39 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"dmdud.exe"="C:\WINDOWS\system32\dmdud.exe" [ ]
"BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="lsass.exe"

R0 qqioyxbp;qqioyxbp;C:\WINDOWS\system32\drivers\rgqgrrfd.dat []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-10-20 20:57]
S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 13:00]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-16 07:50:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-10-03 11:04:45 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 20:18:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-16 20:20:00
ComboFix-quarantined-files.txt 2008-01-16 19:19:36
ComboFix2.txt 2008-01-10 19:22:19
ComboFix3.txt 2008-01-10 17:26:08
ComboFix4.txt 2008-01-10 17:18:02
ComboFix5.txt 2008-01-10 20:53:30
.
2008-01-09 05:03:20 --- E O F ---
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
16 janv. 2008 à 21:52
selectionne ceci

driver::

rgqgrrfd.dat


registry::

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1243E8C7-1468-4CB5-990A-1369B3D70894}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98F02F40-3C00-4C5A-984D-5485184BDF0F}]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e67b9660-8930-440f-a084-7977bfdcf458}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dmdud.exe"=-
"newbreed"=-
"SYSTRAV"=-


File::

C:\WINDOWS\system32\pljreune.ini
C:\WINDOWS\system32\uolfpfwt.ini
C:\WINDOWS\system32\nvdbnmya.dll
C:\WINDOWS\system32\aymnbdvn.ini
C:\WINDOWS\system32\bxwiuxjx.dll
C:\WINDOWS\system32\osojcntr.dll
C:\WINDOWS\system32\hshsqrus.ini
C:\WINDOWS\system32\gxjysujb.ini
C:\WINDOWS\system32\ikoofnnl.ini
C:\WINDOWS\system32\xyfwyugf.ini
C:\WINDOWS\system32\drivers\rgqgrrfd.dat


=> Copie le texte sélectionné (CTRL+C).
=> Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
=> Colle le texte copié dans ce bloc-notes (CTRL+V).
=> Sauvegarde ce fichier sous le nom de CFScript.txt
=> Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe
=> Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
=> Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
=> Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
=> Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

@+
0
Réponse 6 / 16
seifer
17 janv. 2008 à 02:58
ComboFix 08-01-17.3 - cyril.h 2008-01-17 2:36:37.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.295 [GMT 1:00]
Running from: C:\Documents and Settings\cyril.h\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\cyril.h\Bureau\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\aymnbdvn.ini
C:\WINDOWS\system32\bxwiuxjx.dll
C:\WINDOWS\system32\drivers\rgqgrrfd.dat
C:\WINDOWS\system32\gxjysujb.ini
C:\WINDOWS\system32\hshsqrus.ini
C:\WINDOWS\system32\ikoofnnl.ini
C:\WINDOWS\system32\nvdbnmya.dll
C:\WINDOWS\system32\osojcntr.dll
C:\WINDOWS\system32\pljreune.ini
C:\WINDOWS\system32\uolfpfwt.ini
C:\WINDOWS\system32\xyfwyugf.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\aymnbdvn.ini
C:\WINDOWS\system32\bxwiuxjx.dll
C:\WINDOWS\system32\drivers\rgqgrrfd.dat
C:\WINDOWS\system32\gxjysujb.ini
C:\WINDOWS\system32\hshsqrus.ini
C:\WINDOWS\system32\ikoofnnl.ini
C:\WINDOWS\system32\nvdbnmya.dll
C:\WINDOWS\system32\osojcntr.dll
C:\WINDOWS\system32\pljreune.ini
C:\WINDOWS\system32\uolfpfwt.ini
C:\WINDOWS\system32\xyfwyugf.ini

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.

2008-01-14 19:54 . 2008-01-15 13:37 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Microsoft Games
2008-01-14 19:35 . 2008-01-14 19:35 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Skype
2008-01-10 19:54 . 2008-01-10 19:54 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Apple Computer
2008-01-10 17:31 . 2008-01-10 17:31 <REP> d-------- C:\VundoFix Backups
2008-01-10 16:42 . 2008-01-10 16:53 <REP> d-a--c--- C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-09 23:53 . 2008-01-09 23:53 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-09 21:20 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-09 14:34 . 2008-01-09 14:34 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\OD2
2008-01-09 03:41 . 2008-01-09 03:41 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\InterTrust
2008-01-09 03:35 . 2008-01-09 03:35 <REP> d----c--- C:\Documents and Settings\cyril~h\LOCALS~1
2008-01-09 00:55 . 2008-01-09 00:55 268 --ah----- C:\sqmdata17.sqm
2008-01-09 00:55 . 2008-01-09 00:55 244 --ah----- C:\sqmnoopt17.sqm
2008-01-09 00:49 . 2008-01-09 01:48 <REP> d----c--- C:\Documents and Settings\cyril.h\Contacts
2008-01-09 00:48 . 2008-01-09 00:48 268 --ah----- C:\sqmdata16.sqm
2008-01-09 00:48 . 2008-01-09 00:48 244 --ah----- C:\sqmnoopt16.sqm
2008-01-08 20:09 . 2008-01-16 11:44 <REP> d----c--- C:\Documents and Settings\cyril.h\Shared
2008-01-08 20:09 . 2008-01-16 13:25 <REP> d----c--- C:\Documents and Settings\cyril.h\Incomplete
2008-01-08 20:09 . 2008-01-16 05:38 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\LimeWire
2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Voisinage r‚seau
2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\Voisinage d'impression
2008-01-08 18:21 . 2004-08-16 16:55 <REP> d--h-c--- C:\Documents and Settings\cyril.h\ModŠles
2008-01-08 18:21 . 2008-01-11 05:27 <REP> dr---c--- C:\Documents and Settings\cyril.h\Mes documents
2008-01-08 18:21 . 2004-08-16 16:55 <REP> dr---c--- C:\Documents and Settings\cyril.h\Menu D‚marrer
2008-01-08 18:21 . 2008-01-16 02:16 <REP> dr---c--- C:\Documents and Settings\cyril.h\Favoris
2008-01-08 18:21 . 2008-01-17 02:44 <REP> dr---c--- C:\Documents and Settings\cyril.h\Bureau
2008-01-08 18:21 . 2005-08-09 16:14 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\You've Got Pictures Screensaver
2008-01-08 18:21 . 2005-08-09 16:07 <REP> d----c--- C:\Documents and Settings\cyril.h\Application Data\Symantec
2008-01-05 02:56 . 2008-01-05 02:56 <REP> d----c--- C:\Program Files\Glory of the Roman Empire - DEMO
2008-01-03 03:26 . 2008-01-03 03:26 268 --ah----- C:\sqmdata15.sqm
2008-01-03 03:26 . 2008-01-03 03:26 244 --ah----- C:\sqmnoopt15.sqm
2008-01-01 15:34 . 2008-01-01 15:34 268 --ah----- C:\sqmdata14.sqm
2008-01-01 15:34 . 2008-01-01 15:34 244 --ah----- C:\sqmnoopt14.sqm
2007-12-30 21:42 . 2007-12-30 21:42 268 --ah----- C:\sqmdata13.sqm
2007-12-30 21:42 . 2007-12-30 21:42 244 --ah----- C:\sqmnoopt13.sqm
2007-12-29 21:04 . 2007-12-29 21:04 268 --ah----- C:\sqmdata12.sqm
2007-12-29 21:04 . 2007-12-29 21:04 244 --ah----- C:\sqmnoopt12.sqm
2007-12-29 14:33 . 2007-12-29 14:33 268 --ah----- C:\sqmdata11.sqm
2007-12-29 14:33 . 2007-12-29 14:33 244 --ah----- C:\sqmnoopt11.sqm
2007-12-28 23:16 . 2007-12-28 23:16 268 --ah----- C:\sqmdata10.sqm
2007-12-28 23:16 . 2007-12-28 23:16 244 --ah----- C:\sqmnoopt10.sqm
2007-12-28 02:54 . 2007-12-28 02:54 3,120 --a------ C:\WINDOWS\system32\118290.54
2007-12-28 02:54 . 2007-12-28 02:54 3,120 --a------ C:\WINDOWS\118294.78
2007-12-28 02:53 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2007-12-28 02:53 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2007-12-28 02:53 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2007-12-28 01:40 . 2007-12-28 01:40 <REP> d----c--- C:\Documents and Settings\marie-noelle\Application Data\vlc
2007-12-28 01:31 . 2007-12-28 01:31 268 --ah----- C:\sqmdata09.sqm
2007-12-28 01:31 . 2007-12-28 01:31 244 --ah----- C:\sqmnoopt09.sqm
2007-12-28 01:14 . 2004-08-05 13:00 84,992 --a--c--- C:\WINDOWS\system32\apcup.dll
2007-12-28 01:14 . 2007-12-28 01:14 268 --ah----- C:\sqmdata08.sqm
2007-12-28 01:14 . 2007-12-28 01:14 244 --ah----- C:\sqmnoopt08.sqm
2007-12-27 18:06 . 2007-12-27 18:06 <REP> d----c--- C:\Documents and Settings\marie-noelle\Application Data\Motive
2007-12-27 17:24 . 2007-12-27 17:24 268 --ah----- C:\sqmdata07.sqm
2007-12-27 17:24 . 2007-12-27 17:24 244 --ah----- C:\sqmnoopt07.sqm
2007-12-22 22:06 . 2007-12-29 21:06 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-22 20:28 . 2007-12-22 20:28 268 --ah----- C:\sqmdata06.sqm
2007-12-22 20:28 . 2007-12-22 20:28 244 --ah----- C:\sqmnoopt06.sqm
2007-12-17 18:14 . 2007-12-17 18:14 <REP> d-------- C:\Program Files\Fichiers communs\ReparateurDeSysteme
2007-12-17 18:14 . 2007-12-17 18:14 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-17 18:14 . 2007-12-17 18:14 <REP> dr---c--- C:\Documents and Settings\All Users\Application Data\reparateurdesysteme
2007-12-17 14:11 . 2007-12-17 14:11 268 --ah----- C:\sqmdata05.sqm
2007-12-17 14:11 . 2007-12-17 14:11 244 --ah----- C:\sqmnoopt05.sqm
2007-12-17 02:27 . 2007-12-22 22:13 4 --a------ C:\WINDOWS\INI2=No
2007-12-17 02:27 . 2007-12-22 22:13 4 --a------ C:\WINDOWS\INI1=No

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 00:56 --------- dc----w C:\Program Files\Messenger Plus! Live
2008-01-14 22:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-14 18:54 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Games
2008-01-14 18:50 --------- d-----w C:\Program Files\Microsoft Games
2008-01-10 16:29 --------- dc----w C:\Program Files\Trend Micro
2008-01-09 02:50 --------- dc----w C:\Program Files\AOL 8.0
2008-01-08 00:35 --------- dc----w C:\Program Files\AOL Toolbar
2008-01-08 00:35 --------- dc----w C:\Program Files\AOL 9.0
2008-01-08 00:33 --------- d-----w C:\Program Files\DivX
2008-01-08 00:33 --------- d-----w C:\Program Files\AIM
2008-01-03 04:30 --------- dc----w C:\Program Files\AOL 9.0a
2008-01-03 04:29 --------- dc----w C:\Program Files\GameSpy Arcade
2008-01-03 04:29 --------- d-----w C:\Program Files\SLD Codec Pack
2008-01-03 04:29 --------- d-----w C:\Program Files\JVTorrent
2007-12-31 02:46 --------- d-----w C:\Program Files\Capturino V1.3
2007-12-31 02:43 --------- d-----w C:\Program Files\Every Toolbar 1.1
2007-12-27 16:20 --------- d-----w C:\Program Files\Google
2007-12-23 14:45 --------- dc----w C:\Program Files\Dial-Messenger
2007-12-17 16:47 --------- dc----w C:\Program Files\PlayMP3z
2007-12-15 22:16 --------- dc----w C:\Program Files\Dcads Games Collection
2007-12-15 18:47 134 ----a-w C:\n.bat
2007-12-12 10:31 --------- dc----w C:\Program Files\iTunes
2007-12-12 10:31 --------- dc----w C:\Program Files\iPod
2007-12-12 10:28 --------- dc----w C:\Program Files\QuickTime
2007-12-05 19:06 --------- dc----w C:\Program Files\Samsung
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-29 19:52 --------- dc----w C:\Program Files\American Conquest
2006-03-07 17:44 560 -c--a-w C:\Program Files\Global.sw
2006-10-18 00:11 88 --sh--r C:\WINDOWS\system32\1B8B9650E2.sys
2006-10-18 00:27 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2008-01-10_21.38.27.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-09 20:21:55 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-17 01:35:58 1,409,024 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-09 20:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-17 01:35:58 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-09 20:21:55 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-17 01:35:58 1,413,120 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-09 20:21:55 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-17 01:35:58 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-09 20:21:55 1,536,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
+ 2008-01-17 01:35:58 1,822,720 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\NTUSER.DAT
- 2008-01-09 20:21:55 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-17 01:35:58 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-14 22:18:05 57,344 ----a-r C:\WINDOWS\Installer\{15292416-A464-4FBA-BB96-7298EAACFC07}\ARPPRODUCTICON.exe
- 2007-12-12 10:32:05 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
+ 2008-01-10 18:54:35 102,400 ----a-r C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe
- 2008-01-09 16:28:01 77,379 ----a-w C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
+ 2008-01-15 03:49:10 77,379 ----a-w C:\WINDOWS\system32\dcads_sidebar_uninstall.exe
- 2008-01-09 17:01:22 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-10 19:33:26 62,480 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-09 17:01:22 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-01-10 19:33:27 75,506 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-01-09 17:01:22 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-10 19:33:27 401,200 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-01-09 17:01:22 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-10 19:33:27 468,490 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-01-17 01:43:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4d0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-27 14:13 68856]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-08-09 16:05 180269]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"StartFoxie"="C:\Program Files\Foxie Suite\StartFoxie.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2005-01-20 19:04 77824 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [2005-01-04 15:54 49152 C:\WINDOWS\system32\SiSPower.dll]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43 286720]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-19 04:52 36864]
"PopUp Destroy"="C:\Program Files\PopUp Destroy\Popup-Destroy.exe" [ ]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 13:00 455168]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-01-28 10:10 110740]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [2001-07-09 11:50 155648]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2006-04-21 15:41 438359]
"LVCOMS"="C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE" [2001-11-13 14:43 98304]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2002-08-23 15:50 40960]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 10:39 53248]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 13:00 208952]
"BOOT"="C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 10:31 24576]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="lsass.exe"

S0 qqioyxbp;qqioyxbp;C:\WINDOWS\system32\drivers\rgqgrrfd.dat []
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2005-10-20 20:57]
S3 firewall;firewall;C:\Program Files\Foxie Suite\firewall.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-05 13:00]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-01-16 07:50:30 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2005-10-03 11:04:45 C:\WINDOWS\Tasks\Rappel d'enregistrement 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 02:44:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-17 2:48:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-17 01:48:21
ComboFix2.txt 2008-01-16 19:20:01
ComboFix3.txt 2008-01-10 19:22:19
ComboFix4.txt 2008-01-10 17:26:08
ComboFix5.txt 2008-01-10 17:18:02
.
2008-01-09 05:03:20 --- E O F ---
0
Réponse 7 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
17 janv. 2008 à 21:16
Bonsoir

Télécharge:
http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware

=> Installer
=> Le lancer
=> Clic : Mise à jour
------
= Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
-------
=> Dans ANALYSE ( en forme de loupe )
=> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
=> Clic : Analyse complète du système
-------
=> à la fin du scan ( qui est assez long)
=> Clic Appliquer toutes les actions <== ceci Très important
=> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
-------
En mode normal
colle le rapport

@+
0
Réponse 8 / 16
seifer
18 janv. 2008 à 03:11
re ep44
Mission accomplie : le fichier win32:bho-kd [TRJ] avast ne le detecte +
Dois je refaire une autre manipulation ? Merci encore ---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 02:42:53 18/01/2008

+ Résultat de l'analyse:



C:\Program Files\Messenger\rtesej.html -> Hijacker.IFrame.dn : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@ads.adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@adengage[1].txt -> TrackingCookie.Adengage : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@ads.adengage[2].txt -> TrackingCookie.Adengage : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@adtech[1].txt -> TrackingCookie.Adtech : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@ehg-youtube.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\cyril.h\Cookies\cyril.h@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.
C:\WINDOWS\system32\apcup.dll -> Trojan.BHO.agz : Nettoyé.


Fin du rapport
0
Réponse 9 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
18 janv. 2008 à 20:04
Bonsoir

oui maintenant fais un scan antivirus en ligne avec Internet Explorer
https://www.bitdefender.fr/


=> En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
=> Dans la nouvelle fenêtre, clique sur I agree
=> La fenêtre change encore, clique sur Click here to scan
=> Les signatures se chargent, etc.
=> copie colle le résultat ici

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

et
reposte un nouveau rapport hijackthis

@+
0
Réponse 10 / 16
SOFI
21 janv. 2008 à 20:57
bonsoir,

désoler de m'inserrer dans votre fenetre mais je n'arrive plus a retrouver mon ancienne, je voulais remercier ep44 pour sont aide j'ai reformater mon pc et tout va mieu encore merci! et dsl
0
Réponse 11 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
21 janv. 2008 à 21:08
Bonsoir SOFI,

Désolé mais je ne te retrouve pas dans mes sujets traités 


 j'ai reformater mon pc et tout va mieu encore merci! et ds


je ne pense pas avoir conseillé de formater un pc

mais bon si ton soucis est résolu

content pour toi

bon courage pour la suite
@+ ;-)
0
Réponse 12 / 16
seifer02
30 janv. 2008 à 00:11
bonsoir ep44 dsl du retare de ma reponse voila le rapport : Temps
01:01:31

Fichiers
347892

Directoires
7349

Secteurs de boot
3

Archives
7488

Paquets programmes
13137




Résultats

Virus identifiés
4

Fichiers infectés
11

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
11




Info sur les moteurs

Définition virus
894459

Version des moteurs
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
7

E-mail plugins
6

Système plugins
1




Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions


Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui




Fichier analysé
Statut

C:\QooBox\Quarantine\C\WINDOWS\system32\dsdsefwd.dll.vir
Infecté par: Trojan.Vundo.DUP

C:\QooBox\Quarantine\C\WINDOWS\system32\dsdsefwd.dll.vir
Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\dsdsefwd.dll.vir
Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\fdinecir.dll.vir
Infecté par: Trojan.Vundo.DUP

C:\QooBox\Quarantine\C\WINDOWS\system32\fdinecir.dll.vir
Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\fdinecir.dll.vir
Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\pcotxctg.dll.vir
Infecté par: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\system32\pcotxctg.dll.vir
Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\pcotxctg.dll.vir
Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\rjhilrxu.dll.vir
Infecté par: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\system32\rjhilrxu.dll.vir
Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\rjhilrxu.dll.vir
Supprimé

C:\QooBox\Quarantine\C\WINDOWS\system32\wtbikyhx.dll.vir
Infecté par: Trojan.Vundo.DVC

C:\QooBox\Quarantine\C\WINDOWS\system32\wtbikyhx.dll.vir
Echec de la désinfection

C:\QooBox\Quarantine\C\WINDOWS\system32\wtbikyhx.dll.vir
Supprimé

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>bxwiuxjx.dll
Infecté par: Trojan.Vundo.DVA

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>bxwiuxjx.dll
Echec de la désinfection

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>bxwiuxjx.dll
Supprimé

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip
Mis à jour

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>nvdbnmya.dll
Infecté par: Trojan.Vundo.DUP

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>nvdbnmya.dll
Echec de la désinfection

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>nvdbnmya.dll
Supprimé

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip
Mis à jour

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>osojcntr.dll
Infecté par: Trojan.Vundo.DVC

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>osojcntr.dll
Echec de la désinfection

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip=>osojcntr.dll
Supprimé

C:\QooBox\Quarantine\catchme2008-01-17_ 24400.60.zip
Mis à jour

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000239.dll
Infecté par: Trojan.Vundo.DVC

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000239.dll
Echec de la désinfection

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000239.dll
Supprimé

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000241.dll
Infecté par: Trojan.Vundo.DVC

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000241.dll
Echec de la désinfection

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0000241.dll
Supprimé

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0002323.dll
Infecté par: Trojan.Spy.Bzub.NGP

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0002323.dll
Echec de la désinfection

C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP5\A0002323.dll
Supprimé
0
Réponse 13 / 16
seifer02
30 janv. 2008 à 00:21
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:39, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [StartFoxie] C:\Program Files\Foxie Suite\StartFoxie.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe
O4 - HKLM\..\Run: [Lexmark X84-X85 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [BOOT] C:\Program Files\ISSENDIS\ISSENDIS WebUpdate v6\issendiswebupdatev6.exe /BOOT
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\apps\skype\phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab47946.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - http://motive.club-internet.fr:2112/lwp/static/installers/WebflowActiveXInstaller_4-0-0.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A37407C0-03D9-460C-9CC5-52907F4DE565}: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
0
Réponse 14 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
30 janv. 2008 à 21:14
relance hijack et coche ceci
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
ensuite clic sur fix checked

ensuite va ici et supprime
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

redémarre ton pc et dit moi si tu as encore des soucis
@+
0
Réponse 15 / 16
seifer02
11 févr. 2008 à 23:18
bonsoir non ya plus de probleme tous et nikel merci beaucoup pour ton aide ep44
0
Réponse 16 / 16
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
11 févr. 2008 à 23:34
Bonsoir très bien donc Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier



ensuite fait ceci (IMPORTANT)

=démarrer
=panneau de configuration
=système
=onglet Restauration système
=coche la case (Désactiver la restauration système)
=redémarre l'ordinateur
=réactive la ensuite
@+
0

Discussions similaires

Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses