Probleme avec un virus nomméWin32:Adware-gen
vinoduc
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,
alors voila depuis quelques jours mon cher avast se met a faire "wuuuutwuuuut" et me dit blabla adware blabla mettre en quarantaine...
alors je suis son conseil et je met en quarantaine mais dès que je réouvre mes documents sa recommence! Alors j'ai fait une analysa 'ou je ne sais trop quoi) avec HijackThis et voici le log:
Logfile of HijackThis v1.99.1
Scan saved at 21:23:59, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe /schedule 300000
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\program\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: E404Helper - {eaa34a1a-e7f5-429c-8972-a6d9defa8fc9} - e404d.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program\Spyware Doctor\swdsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Voila, tout ce que je sais est-ce que quelqu'un pourrait m'apporter son aide pls...
Merci d'avance !
bye.
alors voila depuis quelques jours mon cher avast se met a faire "wuuuutwuuuut" et me dit blabla adware blabla mettre en quarantaine...
alors je suis son conseil et je met en quarantaine mais dès que je réouvre mes documents sa recommence! Alors j'ai fait une analysa 'ou je ne sais trop quoi) avec HijackThis et voici le log:
Logfile of HijackThis v1.99.1
Scan saved at 21:23:59, on 16/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {E8249E69-A809-4544-832F-64EB65747A92} - C:\Program Files\Video Add-on\isfmdl.dll (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RavAV] C:\WINDOWS\AdobeR.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Veoh] "D:\Program\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [Exetender] C:\Program Files\Free Ride Games\GPlayer.exe /schedule 300000
O4 - HKCU\..\Run: [AlcoholAutomount] "D:\program\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Program\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.topsoftwarefeed.com/redirect.php (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: E404Helper - {eaa34a1a-e7f5-429c-8972-a6d9defa8fc9} - e404d.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program\Spyware Doctor\swdsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
Voila, tout ce que je sais est-ce que quelqu'un pourrait m'apporter son aide pls...
Merci d'avance !
bye.
A voir également:
- Probleme avec un virus nomméWin32:Adware-gen
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
7 réponses
Salut
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
# Télécharge ceci: (merci a S!RI pour ce petit programme).
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
il va générer un rapport : copie/colle le sur le poste stp.
++
SmitFraudFix v2.257
Rapport fait à 22:08:53,21, 16/01/2008
Executé à partir de C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1.PIE\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D091D2A1-7653-4465-8EF5-AE2B129645CF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D091D2A1-7653-4465-8EF5-AE2B129645CF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D091D2A1-7653-4465-8EF5-AE2B129645CF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Rapport fait à 22:08:53,21, 16/01/2008
Executé à partir de C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\UTILIS~1.PIE\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{D091D2A1-7653-4465-8EF5-AE2B129645CF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\..\{D091D2A1-7653-4465-8EF5-AE2B129645CF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{D091D2A1-7653-4465-8EF5-AE2B129645CF}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
ok,
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
ComboFix 08-01-17.1 - Utilisateur 2008-01-16 22:16:37.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.92 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Bureau\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Julien.PIERRE-CE6DBF46\ravmonlog
C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon
C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon\log.txt
C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\inst.exe
C:\Program Files\internet explorer\iekey.dll
C:\WINDOWS\system32\e404d.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.
2008-01-16 22:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 21:21 . 2008-01-16 21:23 <REP> d-------- C:\Hijackthis
2008-01-16 15:11 . 2008-01-16 15:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 15:11 . 2008-01-16 15:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-07 19:12 . 2008-01-07 19:12 <REP> d-------- C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\Sibelius Software
2008-01-07 19:11 . 2008-01-07 19:11 <REP> d-------- C:\Program Files\Musicnotes
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Program Files\Sierra On-Line
2007-12-27 17:29 . 2007-12-27 17:29 <REP> d-------- C:\Program Files\Common Files
2007-12-22 13:20 . 2007-12-22 13:20 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:13 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\OpenOffice.org2
2008-01-16 11:47 --------- d-----w C:\Documents and Settings\Papa et Maman\Application Data\OpenOffice.org2
2008-01-11 11:47 --------- d-----w C:\Program Files\Media Player Classic
2008-01-03 18:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-01-03 18:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-01-03 18:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-01-03 11:08 --------- d-----w C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Application Data\OpenOffice.org2
2008-01-02 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 10:21 --------- d-----w C:\Program Files\Dofus
2007-12-15 11:42 --------- d-----w C:\Program Files\Java
2007-12-15 11:26 --------- d-----w C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Application Data\Grisoft
2007-12-12 19:21 --------- d-----w C:\Documents and Settings\Papa et Maman\Application Data\Grisoft
2007-12-04 20:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-04 06:59 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\PC Tools
2007-11-28 15:20 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\FileFactory Turbo
2007-11-27 19:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SimCity Societies
2007-11-25 19:40 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\.ABC
2007-11-07 15:43 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 08:39 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 19:55 94,208 ----a-w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\ezplay.sys
2007-10-23 19:55 47,360 ----a-w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\pcouffin.sys
2007-10-20 21:26 998,873 ----a-w C:\WINDOWS\system32\Desperate Housewives.scr
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8249E69-A809-4544-832F-64EB65747A92}]
C:\Program Files\Video Add-on\isfmdl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-29 19:18 190024]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19 5728112]
"Veoh"="D:\Program\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 16:31 3256320]
"Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe" [ ]
"AlcoholAutomount"="D:\program\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"DAEMON Tools"="D:\Program\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 00:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 00:15 600896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\Papa et Maman\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {eaa34a1a-e7f5-429c-8972-a6d9defa8fc9} - e404d.dll [ ]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 10:50]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 04:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63aad2c1-8090-11dc-b2e6-00085409c3fe}]
\Shell\AutoRun\command - G:\Autorun.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 13:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-17 21:22:13 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2CE077E2-1E8D-47C4-B3D9-BCF59B75CFBD}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 22:35:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-17 22:43:58
ComboFix-quarantined-files.txt 2008-01-17 21:43:47
.
2008-01-10 07:40:18 --- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.92 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Bureau\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Julien.PIERRE-CE6DBF46\ravmonlog
C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon
C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService.AUTORITE NT.000\Application Data\NetMon\log.txt
C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\inst.exe
C:\Program Files\internet explorer\iekey.dll
C:\WINDOWS\system32\e404d.dll
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-17 to 2008-01-17 ))))))))))))))))))))))))))))))))))))
.
2008-01-16 22:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 21:21 . 2008-01-16 21:23 <REP> d-------- C:\Hijackthis
2008-01-16 15:11 . 2008-01-16 15:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 15:11 . 2008-01-16 15:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-07 19:12 . 2008-01-07 19:12 <REP> d-------- C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\Sibelius Software
2008-01-07 19:11 . 2008-01-07 19:11 <REP> d-------- C:\Program Files\Musicnotes
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Program Files\Sierra On-Line
2007-12-27 17:29 . 2007-12-27 17:29 <REP> d-------- C:\Program Files\Common Files
2007-12-22 13:20 . 2007-12-22 13:20 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:13 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\OpenOffice.org2
2008-01-16 11:47 --------- d-----w C:\Documents and Settings\Papa et Maman\Application Data\OpenOffice.org2
2008-01-11 11:47 --------- d-----w C:\Program Files\Media Player Classic
2008-01-03 18:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-01-03 18:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-01-03 18:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-01-03 11:08 --------- d-----w C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Application Data\OpenOffice.org2
2008-01-02 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 10:21 --------- d-----w C:\Program Files\Dofus
2007-12-15 11:42 --------- d-----w C:\Program Files\Java
2007-12-15 11:26 --------- d-----w C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Application Data\Grisoft
2007-12-12 19:21 --------- d-----w C:\Documents and Settings\Papa et Maman\Application Data\Grisoft
2007-12-04 20:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-04 06:59 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\PC Tools
2007-11-28 15:20 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\FileFactory Turbo
2007-11-27 19:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SimCity Societies
2007-11-25 19:40 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\.ABC
2007-11-07 15:43 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 08:39 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 19:55 94,208 ----a-w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\ezplay.sys
2007-10-23 19:55 47,360 ----a-w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\pcouffin.sys
2007-10-20 21:26 998,873 ----a-w C:\WINDOWS\system32\Desperate Housewives.scr
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8249E69-A809-4544-832F-64EB65747A92}]
C:\Program Files\Video Add-on\isfmdl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-29 19:18 190024]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19 5728112]
"Veoh"="D:\Program\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 16:31 3256320]
"Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe" [ ]
"AlcoholAutomount"="D:\program\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"DAEMON Tools"="D:\Program\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 00:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 00:15 600896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\Papa et Maman\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"= {eaa34a1a-e7f5-429c-8972-a6d9defa8fc9} - e404d.dll [ ]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 10:50]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 04:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63aad2c1-8090-11dc-b2e6-00085409c3fe}]
\Shell\AutoRun\command - G:\Autorun.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 13:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-17 21:22:13 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2CE077E2-1E8D-47C4-B3D9-BCF59B75CFBD}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 22:35:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-17 22:43:58
ComboFix-quarantined-files.txt 2008-01-17 21:43:47
.
2008-01-10 07:40:18 --- E O F ---
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok,
Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :
registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8249E69-A809-4544-832F-64EB65747A92}]
ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )
++
Crée un nouveau document texte et nomme le CFScript.txt ( attention très important ! ) : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes en gras :
registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"E404Helper"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E8249E69-A809-4544-832F-64EB65747A92}]
ensuite fais glisser le fichier texte sur combo.exe comme sur l'animation : http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
Dans la fenêtre qui suit, choisie l'option 1 puis valide
Patiente un peu, si le bureau disparait parfois durant le scan : c'est normal !
A la fin du scan, un rapport va s'afficher : poste le stp ( sinon il se situe dans ici : C:\ComboFix.txt )
++
ComboFix 08-01-17.5 - Utilisateur 2008-01-18 7:57:38.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.83 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Bureau\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-16 22:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 21:21 . 2008-01-16 21:23 <REP> d-------- C:\Hijackthis
2008-01-16 15:11 . 2008-01-16 15:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 15:11 . 2008-01-16 15:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-07 19:12 . 2008-01-07 19:12 <REP> d-------- C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\Sibelius Software
2008-01-07 19:11 . 2008-01-07 19:11 <REP> d-------- C:\Program Files\Musicnotes
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Program Files\Sierra On-Line
2007-12-27 17:29 . 2007-12-27 17:29 <REP> d-------- C:\Program Files\Common Files
2007-12-22 13:20 . 2007-12-22 13:20 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:13 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\OpenOffice.org2
2008-01-16 11:47 --------- d-----w C:\Documents and Settings\Papa et Maman\Application Data\OpenOffice.org2
2008-01-11 11:47 --------- d-----w C:\Program Files\Media Player Classic
2008-01-03 18:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-01-03 18:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-01-03 18:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-01-03 11:08 --------- d-----w C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Application Data\OpenOffice.org2
2008-01-02 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 10:21 --------- d-----w C:\Program Files\Dofus
2007-12-15 11:42 --------- d-----w C:\Program Files\Java
2007-12-15 11:26 --------- d-----w C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Application Data\Grisoft
2007-12-12 19:21 --------- d-----w C:\Documents and Settings\Papa et Maman\Application Data\Grisoft
2007-12-04 20:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-04 06:59 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\PC Tools
2007-11-28 15:20 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\FileFactory Turbo
2007-11-27 19:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SimCity Societies
2007-11-25 19:40 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\.ABC
2007-11-07 15:43 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 08:39 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 19:55 94,208 ----a-w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\ezplay.sys
2007-10-23 19:55 47,360 ----a-w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\pcouffin.sys
2007-10-20 21:26 998,873 ----a-w C:\WINDOWS\system32\Desperate Housewives.scr
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-17_22.42.54.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 21:14:47 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-18 06:56:20 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-16 21:14:47 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-18 06:56:20 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-16 21:14:47 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-18 06:56:20 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-16 21:14:48 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-18 06:56:21 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-16 21:14:48 1,724,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-18 06:56:21 1,724,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
- 2008-01-16 21:14:48 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-18 06:56:21 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
- 2008-01-16 21:14:48 5,713,920 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000007\ntuser.dat
+ 2008-01-18 06:56:22 5,713,920 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000007\ntuser.dat
- 2008-01-16 21:14:49 200,704 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000008\UsrClass.dat
+ 2008-01-18 06:56:22 200,704 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000008\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-29 19:18 190024]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19 5728112]
"Veoh"="D:\Program\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 16:31 3256320]
"Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe" [ ]
"AlcoholAutomount"="D:\program\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"DAEMON Tools"="D:\Program\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 00:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 00:15 600896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\Papa et Maman\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 10:50]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 04:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63aad2c1-8090-11dc-b2e6-00085409c3fe}]
\Shell\AutoRun\command - G:\Autorun.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 13:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 06:33:09 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2CE077E2-1E8D-47C4-B3D9-BCF59B75CFBD}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 08:08:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 8:13:22
ComboFix-quarantined-files.txt 2008-01-18 07:13:12
ComboFix2.txt 2008-01-17 21:43:59
.
2008-01-10 07:40:18 --- E O F ---
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.83 [GMT 1:00]
Running from: C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Bureau\CFScript.txt
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-18 to 2008-01-18 ))))))))))))))))))))))))))))))))))))
.
2008-01-16 22:14 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-16 21:21 . 2008-01-16 21:23 <REP> d-------- C:\Hijackthis
2008-01-16 15:11 . 2008-01-16 15:11 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-16 15:11 . 2008-01-16 15:11 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-07 19:12 . 2008-01-07 19:12 <REP> d-------- C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\Sibelius Software
2008-01-07 19:11 . 2008-01-07 19:11 <REP> d-------- C:\Program Files\Musicnotes
2008-01-02 17:22 . 2008-01-02 17:22 <REP> d-------- C:\Program Files\Sierra On-Line
2007-12-27 17:29 . 2007-12-27 17:29 <REP> d-------- C:\Program Files\Common Files
2007-12-22 13:20 . 2007-12-22 13:20 <REP> d-------- C:\Program Files\Fichiers communs\Blizzard Entertainment
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-16 21:13 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\OpenOffice.org2
2008-01-16 11:47 --------- d-----w C:\Documents and Settings\Papa et Maman\Application Data\OpenOffice.org2
2008-01-11 11:47 --------- d-----w C:\Program Files\Media Player Classic
2008-01-03 18:50 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-01-03 18:50 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-01-03 18:50 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-01-03 11:08 --------- d-----w C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Application Data\OpenOffice.org2
2008-01-02 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-23 10:21 --------- d-----w C:\Program Files\Dofus
2007-12-15 11:42 --------- d-----w C:\Program Files\Java
2007-12-15 11:26 --------- d-----w C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Application Data\Grisoft
2007-12-12 19:21 --------- d-----w C:\Documents and Settings\Papa et Maman\Application Data\Grisoft
2007-12-04 20:14 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Grisoft
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-12-04 06:59 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\PC Tools
2007-11-28 15:20 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\FileFactory Turbo
2007-11-27 19:18 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SimCity Societies
2007-11-25 19:40 --------- d-----w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\.ABC
2007-11-07 15:43 126,976 ----a-w C:\WINDOWS\system32\UAService7.exe
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 08:39 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-23 19:55 94,208 ----a-w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\ezplay.sys
2007-10-23 19:55 47,360 ----a-w C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Application Data\pcouffin.sys
2007-10-20 21:26 998,873 ----a-w C:\WINDOWS\system32\Desperate Housewives.scr
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 11:47 31,744 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-01-17_22.42.54.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-16 21:14:47 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
+ 2008-01-18 06:56:20 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000001\NTUSER.DAT
- 2008-01-16 21:14:47 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
+ 2008-01-18 06:56:20 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000002\UsrClass.dat
- 2008-01-16 21:14:47 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
+ 2008-01-18 06:56:20 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000003\NTUSER.DAT
- 2008-01-16 21:14:48 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
+ 2008-01-18 06:56:21 12,288 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000004\UsrClass.dat
- 2008-01-16 21:14:48 1,724,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
+ 2008-01-18 06:56:21 1,724,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000005\ntuser.dat
- 2008-01-16 21:14:48 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
+ 2008-01-18 06:56:21 151,552 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000006\UsrClass.dat
- 2008-01-16 21:14:48 5,713,920 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000007\ntuser.dat
+ 2008-01-18 06:56:22 5,713,920 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000007\ntuser.dat
- 2008-01-16 21:14:49 200,704 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000008\UsrClass.dat
+ 2008-01-18 06:56:22 200,704 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\[u]0[/u]0000008\UsrClass.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-09-29 19:18 190024]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 15:19 5728112]
"Veoh"="D:\Program\Veoh Networks\Veoh\VeohClient.exe" [2007-10-03 16:31 3256320]
"Exetender"="C:\Program Files\Free Ride Games\GPlayer.exe" [ ]
"AlcoholAutomount"="D:\program\Alcohol Soft\Alcohol 120\axcmd.exe" [ ]
"DAEMON Tools"="D:\Program\DAEMON Tools\daemon.exe" [2007-08-16 12:24 167368]
"AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" [2005-06-23 19:33 57344]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 14:13 57344]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 08:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 15:51 257088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-07-08 00:14 576320]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-07-08 00:15 600896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
C:\Documents and Settings\Julien.PIERRE-CE6DBF46\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\Utilisateur.PIERRE-CE6DBF46\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\Papa et Maman\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe [2006-07-14 20:26:34]
C:\Documents and Settings\All Users.WINDOWS\Menu D‚marrer\Programmes\D‚marrage\
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
S3 mamotou;mamotou;C:\WINDOWS\system32\DRIVERS\mamotou.sys [2005-11-07 10:50]
S3 MaRdPnp;MaRdPnp;C:\WINDOWS\system32\DRIVERS\MaRdP2K.sys [2005-08-18 04:44]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63aad2c1-8090-11dc-b2e6-00085409c3fe}]
\Shell\AutoRun\command - G:\Autorun.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-11 13:50:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-18 06:33:09 C:\WINDOWS\Tasks\User_Feed_Synchronization-{2CE077E2-1E8D-47C4-B3D9-BCF59B75CFBD}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 08:08:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-18 8:13:22
ComboFix-quarantined-files.txt 2008-01-18 07:13:12
ComboFix2.txt 2008-01-17 21:43:59
.
2008-01-10 07:40:18 --- E O F ---
ok,
1/ # Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.
++
1/ # Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus
# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.
++
