Attack virus virtumonde

Fermé
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009 - 12 mars 2008 à 15:45
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 23 mars 2008 à 16:04
Bonjour,
je n'arrive pas a enlever ce virus WIN32:delf-hox [trj] et est ce que je suis obliger de remettre mon pc a 0 par ce que j'ai du mal a le mettre ,donc j'ai fait quand meme un test hijackthis et un autre avec virtumondobegone ca serai gentil de m'aider par ce que je n'en peu plus merci beaucoup.
les voici:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:47, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Eurobarre\eb.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [c0f8cc65] rundll32.exe "C:\WINDOWS\system32\fctcycuj.dll",b
O4 - HKLM\..\Run: [BMc3cbfff9] Rundll32.exe "C:\WINDOWS\system32\msatnsgp.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-471990195-2333845299-1059634769-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Eurobarre.lnk = C:\Program Files\Eurobarre\eb.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

40 réponses

g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
18 mars 2008 à 22:06
Pato83,

Ne tiens pas compte de mon post ci dessus, il s´avere que ce driver que j éssaie de supprimer est un faux positif, donc legitime...

explication donnée par jalobservateur que je remerci sinon j´aurais finie chauve ;-)

Cette semaine j'ai fais beaucoup de recherches sur des dixaines de forum de toutes langues et l'objet de mes recherches était ceci : mc21.tmp, mc22.tmp, mc23.tmp fichiers.

Habituellement, les étranges 'drivers', sont situés dans Windows \ Temp :
Mc21.tmp, mc22.tmp, mc23.tmp

Note! Attention! Bien que sur plusieurs forums, des helpers se soient cassé la tête et rivé le nez sur ceux-ci, car personne n'a été capable d'en supprimer aucun...
Il s'avère que ceux-ci se recrées automatiquement au démarrage.
En fait ces drivers ne sont nullement des rootkits ou des menaces quelquonque!
Malgré que plusieurs les associent 'faussement' au trojan 'Grayware' .

En faits, ces fichiers drivers sont simplement crées par divers systèmes de protections 'temps réel'.
Et après le chargement du pilote en mémoire,ceux-ci suppriment le fichier pilote parce qu'il n'est pas nécessaire pour les système Windows.
Ainsi, ce ou ces nouveaux fichiers pilotes se réamorcent à chaque démarrage de Windows. C'est la raison pour laquelle le ou les fichiers n'existent pas dans le répertoire temporaire de Windows.
De plus, ces 'faux positifs' sont aussi faussement identifiés avec Diaghelp et tous les scanners similaires.
y compris Combofix.

Donc, j'en retrouve un moi aussi sur ma machine qui est le :C\Windows\temp\mc21.tmp et qui sur Runscanners est identifié :File not found.


par contre fais ceci :

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
* Double-clique sur OTMoveIt.exe pour lancer le programme,
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Standard List of Files/Folders to Move" :

C:\WINDOWS\system32\bccdd.ini2

* Clique sur MoveIt! pour lancer la suppression,
* Le résultat appraraîtra dans le cadre Results.
* Clique sur Exit pour fermer le programme.
* Poste le rapport qui est situé ici : C:\\\_OTMoveIt\MovedFiles
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes.

et repost egalement un nouveau hijack this

@+
1
^^Marie^^ Messages postés 113926 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 276
22 mars 2008 à 19:36
Fais un scan en ligne avec Internet explorer (merci !aur3n7=
* Rend toi sur ce site https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
- Clique sur l'image de droite Kaspersky Online scanner
-- Une notice s'affichera , clique sur le bouton j'accepte (après en avoir pris connaissance bien sur)
note: Si le scanner n'a pas encore été installé (ActivX) un message te demandera si tu accepte ou non de le faire.
-- L'installation et la mise à jour de la base antivirale se feront automatiquement.
* Clique sur Suivant
* Clique sur le bouton paramètres d'analyse
-- à l'option analyser avec la base antivirus suivant :
---- [X] étendue
-- dans les options d'analyse contrôle que les cases suivantes soient cochées
---- [X] analyser les archives
---- [X] analyser les bases de messagerie
-- Clique sur le bouton OK
* choisis Poste de travail pour lancer le scan
* Une fois le scan terminé sauvegarde le rapport Clique sur Enregistrer rapport sous
-- Pour le retrouver facilement met le sur le bureau
-- dans nom de fichier entre Kaspersky
-- A type de fichier choisis text file (*.txt) puis clique sur le bouton enregistrer
* Fais un copier coller du contenu de ce fichier dans ta prochaine réponse.

Note :
- En cas de problème vérifies ces quelques points https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId898809
- Ton antivirus résident pourrait empêcher ou perturber le déroulement du scan. Kaspersky conseille de le désactiver avant de lancer le scan. (pour la durée du scan uniquement)
- En cas de problème tu trouveras une démonstration animée sur le lien donné ou si besoin un tutoriel https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566
1
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
12 mars 2008 à 15:53
salut ,

fais ceci :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message ainsi qu´un nouveau hijack this.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
12 mars 2008 à 16:32
j'avais fait aussi un test vundofix le voici:
et les autres que tu m'a demandé sona la suite. merci




VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Scan started at 16:40:02 21/02/2008

Listing files found while scanning....

C:\windows\system32\awvvs.dll
C:\WINDOWS\system32\sffajprm.dll
C:\windows\system32\svvwa.ini
C:\windows\system32\svvwa.ini2
C:\WINDOWS\system32\vlsvqfyf.dll
C:\WINDOWS\Temp\3htxv.exe
C:\WINDOWS\Temp\54hwr.exe
C:\WINDOWS\Temp\55dg.exe

Beginning removal...

Attempting to delete C:\windows\system32\awvvs.dll
C:\windows\system32\awvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sffajprm.dll
C:\WINDOWS\system32\sffajprm.dll Has been deleted!

Attempting to delete C:\windows\system32\svvwa.ini
C:\windows\system32\svvwa.ini Has been deleted!

Attempting to delete C:\windows\system32\svvwa.ini2
C:\windows\system32\svvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vlsvqfyf.dll
C:\WINDOWS\system32\vlsvqfyf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\Temp\3htxv.exe
C:\WINDOWS\Temp\3htxv.exe Has been deleted!

Attempting to delete C:\WINDOWS\Temp\54hwr.exe
C:\WINDOWS\Temp\54hwr.exe Has been deleted!

Attempting to delete C:\WINDOWS\Temp\55dg.exe
C:\WINDOWS\Temp\55dg.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V7.0.1

Scan started at 10:54:38 10/03/2008

Listing files found while scanning....

No infected files were found.
























ComboFix 08-03-10.1 - peter 2001-12-19 16:09:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1569 [GMT 1:00]
Endroit: G:\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\peter\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\peter\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\WINDOWS\BMc3cbfff9.xml
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acviaq.dat
C:\WINDOWS\system32\acviaq_nav.dat
C:\WINDOWS\system32\acviaq_navps.dat
C:\WINDOWS\system32\eayyvuhy.dll
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\joynekdh.dll
C:\WINDOWS\system32\khffcya.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljhgfe.dll
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\nnnolkh.dll
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\ocpkvyku.dll
C:\WINDOWS\system32\opnolmn.dll
C:\WINDOWS\system32\qomjkjj.dll
C:\WINDOWS\system32\qomnonm.dll
C:\WINDOWS\system32\rltbrixk.dll
C:\WINDOWS\system32\rqrpnlj.dll
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\sadcpuswei_navtmp.dat
C:\WINDOWS\system32\svcmljaa.dll
C:\WINDOWS\system32\vmxteekf.dll
C:\WINDOWS\system32\wtyunr_navtmp.dat
C:\WINDOWS\system32\xbuvevot.dll
C:\WINDOWS\system32\xyadd.ini2

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.

2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 15:56 . 2008-03-10 16:08 354 ---hs---- C:\WINDOWS\system32\ievctvdx.ini
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-10 10:24 . 2008-03-10 13:11 954 ---hs---- C:\WINDOWS\system32\jucyctcf.ini
2008-03-09 23:12 . 2008-03-10 10:18 354 ---hs---- C:\WINDOWS\system32\xxtyxesy.ini
2008-03-09 23:04 . 2008-03-09 23:04 34,816 --a------ C:\WINDOWS\system32\vtuuvwv.dll.vir
2008-03-09 22:04 . 2008-03-09 22:53 354 ---hs---- C:\WINDOWS\system32\fhacrrnc.ini
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-06 23:14 . 2008-03-07 02:06 354 ---hs---- C:\WINDOWS\system32\bobvuiyq.ini
2008-03-06 11:25 . 2008-03-06 19:53 294 ---hs---- C:\WINDOWS\system32\miuluprx.ini
2008-03-05 20:52 . 2008-03-06 10:51 534 ---hs---- C:\WINDOWS\system32\lkwofefq.ini
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-03-05 09:26 . 2008-03-05 09:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-05 07:58 . 2008-03-05 07:59 414 ---hs---- C:\WINDOWS\system32\lgvjgswk.ini
2008-03-04 17:19 . 2008-03-05 07:53 354 ---hs---- C:\WINDOWS\system32\rodpuuik.ini
2008-03-04 11:32 . 2008-03-04 12:19 294 ---hs---- C:\WINDOWS\system32\nroqixwe.ini
2008-03-03 16:58 . 2008-03-03 16:58 294 ---hs---- C:\WINDOWS\system32\tupogqvq.ini
2008-03-03 01:47 . 2008-03-03 01:47 294 ---hs---- C:\WINDOWS\system32\cusoiiad.ini
2008-03-02 01:42 . 2008-03-02 01:42 354 ---hs---- C:\WINDOWS\system32\dhjwghau.ini
2008-03-01 11:21 . 2008-03-01 18:48 294 ---hs---- C:\WINDOWS\system32\riqdoikm.ini
2008-03-01 04:38 . 2008-03-01 04:38 714 ---hs---- C:\WINDOWS\system32\akslwdau.ini
2008-02-29 10:23 . 2008-03-01 04:35 654 ---hs---- C:\WINDOWS\system32\fwxscflc.ini
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 16:40 . 2008-03-10 10:54 <REP> d-------- C:\VundoFix Backups
2008-02-21 14:39 . 2008-02-23 13:53 474 ---hs---- C:\WINDOWS\system32\fyfqvslv.ini
2008-02-21 14:05 . 2008-03-05 08:04 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-20 18:18 . 2008-02-21 01:53 594 ---hs---- C:\WINDOWS\system32\rggclweg.ini
2008-02-20 12:53 . 2008-02-20 18:14 414 ---hs---- C:\WINDOWS\system32\dgwxxorx.ini
2008-02-19 12:49 . 2008-02-19 20:45 294 ---hs---- C:\WINDOWS\system32\rntailok.ini
2008-02-18 17:40 . 2008-02-19 11:07 354 ---hs---- C:\WINDOWS\system32\bthesymt.ini
2008-02-17 17:35 . 2008-02-17 17:35 294 ---hs---- C:\WINDOWS\system32\niycsqap.ini
2008-02-16 21:14 . 2008-02-16 21:14 1,134 ---hs---- C:\WINDOWS\system32\yihagmae.ini
2008-02-15 21:13 . 2008-02-16 21:13 1,074 ---hs---- C:\WINDOWS\system32\smdcoeng.ini
2008-02-15 00:53 . 2008-02-15 21:10 894 ---hs---- C:\WINDOWS\system32\oefefgxi.ini
2008-02-14 16:41 . 2008-02-15 00:45 774 ---hs---- C:\WINDOWS\system32\vffwfptn.ini
2008-02-14 07:55 . 2008-02-14 13:17 534 ---hs---- C:\WINDOWS\system32\tkjrcwhh.ini
2008-02-13 23:38 . 2008-02-14 03:10 414 ---hs---- C:\WINDOWS\system32\yjdieiga.ini
2008-02-11 20:32 . 2003-12-12 16:06 1,693,696 --a------ C:\WINDOWS\system32\ltclr13n.dll
2008-02-11 20:32 . 2003-11-04 15:11 155,648 --a------ C:\WINDOWS\system32\lftif13n.dll
2008-02-11 20:32 . 2003-11-04 15:10 98,304 --a------ C:\WINDOWS\system32\lffax13n.dll
2008-02-11 20:31 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-02-10 22:28 . 2008-02-10 12:46 1,466,368 --a------ C:\WINDOWS\system32\WinSpooler.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 15:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-03-02 12:03 34,816 ----a-w C:\WINDOWS\system32\WinUpdating.exe
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-29 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-11 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 00:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2007-12-14 09:09 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{021AD2FF-0B57-42D8-85A2-29CBC35158A6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{034DF249-5547-48BA-8413-2A271B1FA96E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B52C7EC-D1A3-4054-923C-DD12567F28B1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19C68DF2-978A-4B01-AFE2-63C16B4F38FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D27FB18-C8AF-4C21-A0BA-5DF54D020E28}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2718F85F-7478-4682-B43C-92429B0B384F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2105EE-F4EF-4109-B207-EBE6EFC6E68F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d405ac4-29a4-48f6-afc8-037853cfa243}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B174A1-B514-4882-8CF2-65CCC669DBF7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{327AB137-F27A-4288-94F9-023D9248E921}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377CA899-DD11-4D02-A420-4086E40986B8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42088B4F-96A4-43E5-A212-C79F718D6B0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F69E86-6007-4B42-967F-CD23DF218D21}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43a09c52-eb52-4d76-801d-fe6a6e0d5188}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A95B233-8CDF-4B7D-B5E1-029709B5FA72}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c0be003-0360-44d8-a5f9-053bf99322cb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{778CC869-4EBD-46C4-B465-3B9C226E986D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8304D498-6060-420E-B575-9B8A4A12EA5D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85412EE2-3CEF-42A3-AB63-4910EC2029F0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85ABF310-4028-4A73-9946-F8A08DE20CAC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97AC6538-6A3D-4CE6-B871-96568F278889}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98A7C3D8-C721-4589-891D-8FEA430B5ABA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2743289-31F5-4E89-AB8C-E718D46ACD0F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2C6EB27-E1BA-4827-BACF-80F4A42269FE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a75b47b5-5f07-44fd-8b9b-3ce9062f209a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad93f034-bd93-436a-96e8-35db2ce83ec1}]
2001-12-18 13:25 93248 --a------ C:\WINDOWS\system32\nulksflc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAE27F45-394F-4E0E-A211-ADC017D7E613}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBE9D779-869C-433A-B7C8-2F343F7E1F83}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA58B007-6B50-4A05-8CE4-B7AC13C4B31B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEF3DA0E-BF62-4F60-9084-FE73FA99D121}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D14ECCD1-6D41-4FB4-BDC6-E674FF35DF0E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1F0E831-8A3F-4EBE-8AC5-427DC723B36A}]
2001-12-17 20:52 35840 --a------ C:\WINDOWS\system32\iifffgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD611189-F0E6-4B3E-9E24-50E454990A7B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0EA1F31-B58F-47E8-A185-20C52DF9F168}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87337BC-BA69-4EB6-B609-48C20AC540FD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEF4454D-132C-4A50-9F4E-83EC378ED4C3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F193A2D5-F1AB-470B-B1D9-4A69001F1C5A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8364AF8-5937-4E61-A361-0A4A050A36C7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"c0f8cc65"="C:\WINDOWS\system32\vyrpsoqd.dll" [2001-12-18 13:27 86592]
"BMc3cbfff9"="C:\WINDOWS\system32\vetutsmf.dll" [2001-12-18 13:25 90688]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 17:43 69632 C:\WINDOWS\Alcmtr.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"WinUpdating"= WinUpdating.exe
"Windows Printing Driver"= WinSpooler.exe
"prov"= prov.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{D1F0E831-8A3F-4EBE-8AC5-427DC723B36A}"= C:\WINDOWS\system32\iifffgh.dll [2001-12-17 20:52 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwtsr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayxu]
gebayxu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffgh]
iifffgh.dll 2001-12-17 20:52 35840 C:\WINDOWS\system32\iifffgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhecb]
mljhecb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopqp]
opnopqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppqpmj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnonm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmnn]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuvwv]
vtuuvwv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-11-29 18:49]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-26 12:59:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-10 15:14:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-07 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-10 15:16:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-07 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 16:14:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\iifffgh.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\vyrpsoqd.dll
-> C:\WINDOWS\system32\vetutsmf.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 16:18:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 15:18:44
.
2008-02-29 00:50:20 --- E O F ---








































Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:56, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: {1ce38ec2-bd53-8e69-a634-39db430f39da} - {ad93f034-bd93-436a-96e8-35db2ce83ec1} - C:\WINDOWS\system32\nulksflc.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D1F0E831-8A3F-4EBE-8AC5-427DC723B36A} - C:\WINDOWS\system32\iifffgh.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [c0f8cc65] rundll32.exe "C:\WINDOWS\system32\vyrpsoqd.dll",b
O4 - HKLM\..\Run: [BMc3cbfff9] Rundll32.exe "C:\WINDOWS\system32\vetutsmf.dll",s
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-471990195-2333845299-1059634769-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxwtsr - C:\WINDOWS\
O20 - Winlogon Notify: gebayxu - gebayxu.dll (file missing)
O20 - Winlogon Notify: iifffgh - C:\WINDOWS\SYSTEM32\iifffgh.dll
O20 - Winlogon Notify: mljhecb - mljhecb.dll (file missing)
O20 - Winlogon Notify: opnopqp - opnopqp.dll (file missing)
O20 - Winlogon Notify: oppqpmj - C:\WINDOWS\
O20 - Winlogon Notify: qomnonm - C:\WINDOWS\
O20 - Winlogon Notify: urqnmnn - C:\WINDOWS\
O20 - Winlogon Notify: vtuuvwv - vtuuvwv.dll (file missing)
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
12 mars 2008 à 16:32
j'avais fait aussi un test vundofix le voici:
et les autres que tu m'a demandé sona la suite. merci




VundoFix V6.7.8

Checking Java version...

Java version is 1.5.0.7
Old versions of java are exploitable and should be removed.

Scan started at 16:40:02 21/02/2008

Listing files found while scanning....

C:\windows\system32\awvvs.dll
C:\WINDOWS\system32\sffajprm.dll
C:\windows\system32\svvwa.ini
C:\windows\system32\svvwa.ini2
C:\WINDOWS\system32\vlsvqfyf.dll
C:\WINDOWS\Temp\3htxv.exe
C:\WINDOWS\Temp\54hwr.exe
C:\WINDOWS\Temp\55dg.exe

Beginning removal...

Attempting to delete C:\windows\system32\awvvs.dll
C:\windows\system32\awvvs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sffajprm.dll
C:\WINDOWS\system32\sffajprm.dll Has been deleted!

Attempting to delete C:\windows\system32\svvwa.ini
C:\windows\system32\svvwa.ini Has been deleted!

Attempting to delete C:\windows\system32\svvwa.ini2
C:\windows\system32\svvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vlsvqfyf.dll
C:\WINDOWS\system32\vlsvqfyf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\Temp\3htxv.exe
C:\WINDOWS\Temp\3htxv.exe Has been deleted!

Attempting to delete C:\WINDOWS\Temp\54hwr.exe
C:\WINDOWS\Temp\54hwr.exe Has been deleted!

Attempting to delete C:\WINDOWS\Temp\55dg.exe
C:\WINDOWS\Temp\55dg.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V7.0.1

Scan started at 10:54:38 10/03/2008

Listing files found while scanning....

No infected files were found.
























ComboFix 08-03-10.1 - peter 2001-12-19 16:09:20.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1569 [GMT 1:00]
Endroit: G:\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\peter\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\peter\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\WINDOWS\BMc3cbfff9.xml
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\pack.epk
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\acviaq.dat
C:\WINDOWS\system32\acviaq_nav.dat
C:\WINDOWS\system32\acviaq_navps.dat
C:\WINDOWS\system32\eayyvuhy.dll
C:\WINDOWS\system32\hhhkj.ini
C:\WINDOWS\system32\hhhkj.ini2
C:\WINDOWS\system32\ilkkj.ini2
C:\WINDOWS\system32\jjkmp.ini
C:\WINDOWS\system32\jjkmp.ini2
C:\WINDOWS\system32\joynekdh.dll
C:\WINDOWS\system32\khffcya.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mljhgfe.dll
C:\WINDOWS\system32\mpqss.ini
C:\WINDOWS\system32\mpqss.ini2
C:\WINDOWS\system32\nnnolkh.dll
C:\WINDOWS\system32\nqtss.ini
C:\WINDOWS\system32\nqtss.ini2
C:\WINDOWS\system32\ocpkvyku.dll
C:\WINDOWS\system32\opnolmn.dll
C:\WINDOWS\system32\qomjkjj.dll
C:\WINDOWS\system32\qomnonm.dll
C:\WINDOWS\system32\rltbrixk.dll
C:\WINDOWS\system32\rqrpnlj.dll
C:\WINDOWS\system32\rqtss.ini
C:\WINDOWS\system32\sadcpuswei_navtmp.dat
C:\WINDOWS\system32\svcmljaa.dll
C:\WINDOWS\system32\vmxteekf.dll
C:\WINDOWS\system32\wtyunr_navtmp.dat
C:\WINDOWS\system32\xbuvevot.dll
C:\WINDOWS\system32\xyadd.ini2

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.

2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 15:56 . 2008-03-10 16:08 354 ---hs---- C:\WINDOWS\system32\ievctvdx.ini
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-10 10:24 . 2008-03-10 13:11 954 ---hs---- C:\WINDOWS\system32\jucyctcf.ini
2008-03-09 23:12 . 2008-03-10 10:18 354 ---hs---- C:\WINDOWS\system32\xxtyxesy.ini
2008-03-09 23:04 . 2008-03-09 23:04 34,816 --a------ C:\WINDOWS\system32\vtuuvwv.dll.vir
2008-03-09 22:04 . 2008-03-09 22:53 354 ---hs---- C:\WINDOWS\system32\fhacrrnc.ini
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-06 23:14 . 2008-03-07 02:06 354 ---hs---- C:\WINDOWS\system32\bobvuiyq.ini
2008-03-06 11:25 . 2008-03-06 19:53 294 ---hs---- C:\WINDOWS\system32\miuluprx.ini
2008-03-05 20:52 . 2008-03-06 10:51 534 ---hs---- C:\WINDOWS\system32\lkwofefq.ini
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-03-05 09:26 . 2008-03-05 09:27 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-05 07:58 . 2008-03-05 07:59 414 ---hs---- C:\WINDOWS\system32\lgvjgswk.ini
2008-03-04 17:19 . 2008-03-05 07:53 354 ---hs---- C:\WINDOWS\system32\rodpuuik.ini
2008-03-04 11:32 . 2008-03-04 12:19 294 ---hs---- C:\WINDOWS\system32\nroqixwe.ini
2008-03-03 16:58 . 2008-03-03 16:58 294 ---hs---- C:\WINDOWS\system32\tupogqvq.ini
2008-03-03 01:47 . 2008-03-03 01:47 294 ---hs---- C:\WINDOWS\system32\cusoiiad.ini
2008-03-02 01:42 . 2008-03-02 01:42 354 ---hs---- C:\WINDOWS\system32\dhjwghau.ini
2008-03-01 11:21 . 2008-03-01 18:48 294 ---hs---- C:\WINDOWS\system32\riqdoikm.ini
2008-03-01 04:38 . 2008-03-01 04:38 714 ---hs---- C:\WINDOWS\system32\akslwdau.ini
2008-02-29 10:23 . 2008-03-01 04:35 654 ---hs---- C:\WINDOWS\system32\fwxscflc.ini
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 16:40 . 2008-03-10 10:54 <REP> d-------- C:\VundoFix Backups
2008-02-21 14:39 . 2008-02-23 13:53 474 ---hs---- C:\WINDOWS\system32\fyfqvslv.ini
2008-02-21 14:05 . 2008-03-05 08:04 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-20 18:18 . 2008-02-21 01:53 594 ---hs---- C:\WINDOWS\system32\rggclweg.ini
2008-02-20 12:53 . 2008-02-20 18:14 414 ---hs---- C:\WINDOWS\system32\dgwxxorx.ini
2008-02-19 12:49 . 2008-02-19 20:45 294 ---hs---- C:\WINDOWS\system32\rntailok.ini
2008-02-18 17:40 . 2008-02-19 11:07 354 ---hs---- C:\WINDOWS\system32\bthesymt.ini
2008-02-17 17:35 . 2008-02-17 17:35 294 ---hs---- C:\WINDOWS\system32\niycsqap.ini
2008-02-16 21:14 . 2008-02-16 21:14 1,134 ---hs---- C:\WINDOWS\system32\yihagmae.ini
2008-02-15 21:13 . 2008-02-16 21:13 1,074 ---hs---- C:\WINDOWS\system32\smdcoeng.ini
2008-02-15 00:53 . 2008-02-15 21:10 894 ---hs---- C:\WINDOWS\system32\oefefgxi.ini
2008-02-14 16:41 . 2008-02-15 00:45 774 ---hs---- C:\WINDOWS\system32\vffwfptn.ini
2008-02-14 07:55 . 2008-02-14 13:17 534 ---hs---- C:\WINDOWS\system32\tkjrcwhh.ini
2008-02-13 23:38 . 2008-02-14 03:10 414 ---hs---- C:\WINDOWS\system32\yjdieiga.ini
2008-02-11 20:32 . 2003-12-12 16:06 1,693,696 --a------ C:\WINDOWS\system32\ltclr13n.dll
2008-02-11 20:32 . 2003-11-04 15:11 155,648 --a------ C:\WINDOWS\system32\lftif13n.dll
2008-02-11 20:32 . 2003-11-04 15:10 98,304 --a------ C:\WINDOWS\system32\lffax13n.dll
2008-02-11 20:31 . 2003-11-04 15:11 159,744 --a------ C:\WINDOWS\system32\lfpng13n.dll
2008-02-10 22:28 . 2008-02-10 12:46 1,466,368 --a------ C:\WINDOWS\system32\WinSpooler.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 15:15 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-03-02 12:03 34,816 ----a-w C:\WINDOWS\system32\WinUpdating.exe
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-29 14:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-11 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 00:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2007-12-14 09:09 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{021AD2FF-0B57-42D8-85A2-29CBC35158A6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{034DF249-5547-48BA-8413-2A271B1FA96E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B52C7EC-D1A3-4054-923C-DD12567F28B1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19C68DF2-978A-4B01-AFE2-63C16B4F38FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D27FB18-C8AF-4C21-A0BA-5DF54D020E28}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2718F85F-7478-4682-B43C-92429B0B384F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2105EE-F4EF-4109-B207-EBE6EFC6E68F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d405ac4-29a4-48f6-afc8-037853cfa243}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B174A1-B514-4882-8CF2-65CCC669DBF7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{327AB137-F27A-4288-94F9-023D9248E921}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377CA899-DD11-4D02-A420-4086E40986B8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42088B4F-96A4-43E5-A212-C79F718D6B0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F69E86-6007-4B42-967F-CD23DF218D21}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43a09c52-eb52-4d76-801d-fe6a6e0d5188}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A95B233-8CDF-4B7D-B5E1-029709B5FA72}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c0be003-0360-44d8-a5f9-053bf99322cb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{778CC869-4EBD-46C4-B465-3B9C226E986D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8304D498-6060-420E-B575-9B8A4A12EA5D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85412EE2-3CEF-42A3-AB63-4910EC2029F0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85ABF310-4028-4A73-9946-F8A08DE20CAC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97AC6538-6A3D-4CE6-B871-96568F278889}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98A7C3D8-C721-4589-891D-8FEA430B5ABA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2743289-31F5-4E89-AB8C-E718D46ACD0F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2C6EB27-E1BA-4827-BACF-80F4A42269FE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a75b47b5-5f07-44fd-8b9b-3ce9062f209a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad93f034-bd93-436a-96e8-35db2ce83ec1}]
2001-12-18 13:25 93248 --a------ C:\WINDOWS\system32\nulksflc.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAE27F45-394F-4E0E-A211-ADC017D7E613}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBE9D779-869C-433A-B7C8-2F343F7E1F83}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA58B007-6B50-4A05-8CE4-B7AC13C4B31B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEF3DA0E-BF62-4F60-9084-FE73FA99D121}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D14ECCD1-6D41-4FB4-BDC6-E674FF35DF0E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1F0E831-8A3F-4EBE-8AC5-427DC723B36A}]
2001-12-17 20:52 35840 --a------ C:\WINDOWS\system32\iifffgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD611189-F0E6-4B3E-9E24-50E454990A7B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0EA1F31-B58F-47E8-A185-20C52DF9F168}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87337BC-BA69-4EB6-B609-48C20AC540FD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEF4454D-132C-4A50-9F4E-83EC378ED4C3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F193A2D5-F1AB-470B-B1D9-4A69001F1C5A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8364AF8-5937-4E61-A361-0A4A050A36C7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"c0f8cc65"="C:\WINDOWS\system32\vyrpsoqd.dll" [2001-12-18 13:27 86592]
"BMc3cbfff9"="C:\WINDOWS\system32\vetutsmf.dll" [2001-12-18 13:25 90688]
"Alcmtr"="ALCMTR.EXE" [2005-05-03 17:43 69632 C:\WINDOWS\Alcmtr.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"WinUpdating"= WinUpdating.exe
"Windows Printing Driver"= WinSpooler.exe
"prov"= prov.exe

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{D1F0E831-8A3F-4EBE-8AC5-427DC723B36A}"= C:\WINDOWS\system32\iifffgh.dll [2001-12-17 20:52 35840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwtsr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayxu]
gebayxu.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffgh]
iifffgh.dll 2001-12-17 20:52 35840 C:\WINDOWS\system32\iifffgh.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhecb]
mljhecb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopqp]
opnopqp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppqpmj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnonm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmnn]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuvwv]
vtuuvwv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" [2006-11-29 18:49]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-26 12:59:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-10 15:14:02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-07 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-10 15:16:32 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-03-07 14:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 16:14:42
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\iifffgh.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\vyrpsoqd.dll
-> C:\WINDOWS\system32\vetutsmf.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 16:18:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 15:18:44
.
2008-02-29 00:50:20 --- E O F ---








































Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:22:56, on 10/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: {1ce38ec2-bd53-8e69-a634-39db430f39da} - {ad93f034-bd93-436a-96e8-35db2ce83ec1} - C:\WINDOWS\system32\nulksflc.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {D1F0E831-8A3F-4EBE-8AC5-427DC723B36A} - C:\WINDOWS\system32\iifffgh.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [c0f8cc65] rundll32.exe "C:\WINDOWS\system32\vyrpsoqd.dll",b
O4 - HKLM\..\Run: [BMc3cbfff9] Rundll32.exe "C:\WINDOWS\system32\vetutsmf.dll",s
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - HKCU\..\Policies\Explorer\Run: [prov] prov.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-471990195-2333845299-1059634769-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbxwtsr - C:\WINDOWS\
O20 - Winlogon Notify: gebayxu - gebayxu.dll (file missing)
O20 - Winlogon Notify: iifffgh - C:\WINDOWS\SYSTEM32\iifffgh.dll
O20 - Winlogon Notify: mljhecb - mljhecb.dll (file missing)
O20 - Winlogon Notify: opnopqp - opnopqp.dll (file missing)
O20 - Winlogon Notify: oppqpmj - C:\WINDOWS\
O20 - Winlogon Notify: qomnonm - C:\WINDOWS\
O20 - Winlogon Notify: urqnmnn - C:\WINDOWS\
O20 - Winlogon Notify: vtuuvwv - vtuuvwv.dll (file missing)
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
12 mars 2008 à 17:23
ok

la suite :

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\vlsvqfyf.dll
C:\WINDOWS\system32\ievctvdx.ini
C:\WINDOWS\system32\jucyctcf.ini
C:\WINDOWS\system32\xxtyxesy.ini
C:\WINDOWS\system32\vtuuvwv.dll.vir
C:\WINDOWS\system32\fhacrrnc.ini
C:\Program Files\The Cleaner Free
C:\WINDOWS\system32\bobvuiyq.ini
C:\WINDOWS\system32\miuluprx.ini
C:\WINDOWS\system32\lkwofefq.ini
C:\WINDOWS\system32\lgvjgswk.ini
C:\WINDOWS\system32\rodpuuik.ini
C:\WINDOWS\system32\nroqixwe.ini
C:\WINDOWS\system32\tupogqvq.ini
C:\WINDOWS\system32\cusoiiad.ini
C:\WINDOWS\system32\dhjwghau.ini
C:\WINDOWS\system32\riqdoikm.ini
C:\WINDOWS\system32\akslwdau.ini
C:\WINDOWS\system32\fwxscflc.ini
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\fyfqvslv.ini
C:\WINDOWS\system32\rggclweg.ini
C:\WINDOWS\system32\dgwxxorx.ini
C:\WINDOWS\system32\rntailok.ini
C:\WINDOWS\system32\bthesymt.ini
C:\WINDOWS\system32\niycsqap.ini
C:\WINDOWS\system32\yihagmae.ini
C:\WINDOWS\system32\smdcoeng.ini
C:\WINDOWS\system32\oefefgxi.ini
C:\WINDOWS\system32\vffwfptn.ini
C:\WINDOWS\system32\tkjrcwhh.ini
C:\WINDOWS\system32\yjdieiga.ini
C:\WINDOWS\system32\ltclr13n.dll
C:\WINDOWS\system32\lftif13n.dll
C:\WINDOWS\system32\lffax13n.dll
C:\WINDOWS\system32\lfpng13n.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\iifffgh.dll
C:\WINDOWS\Tasks\Norton Security Scan.job
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
C:\WINDOWS\system32\vyrpsoqd.dll
C:\WINDOWS\system32\vetutsmf.dll

Folder::
C:\VundoFix Backups
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Norton Security Scan

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{021AD2FF-0B57-42D8-85A2-29CBC35158A6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{034DF249-5547-48BA-8413-2A271B1FA96E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B52C7EC-D1A3-4054-923C-DD12567F28B1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19C68DF2-978A-4B01-AFE2-63C16B4F38FC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D27FB18-C8AF-4C21-A0BA-5DF54D020E28}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2718F85F-7478-4682-B43C-92429B0B384F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2105EE-F4EF-4109-B207-EBE6EFC6E68F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d405ac4-29a4-48f6-afc8-037853cfa243}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B174A1-B514-4882-8CF2-65CCC669DBF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{327AB137-F27A-4288-94F9-023D9248E921}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377CA899-DD11-4D02-A420-4086E40986B8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAE27F45-394F-4E0E-A211-ADC017D7E613}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBE9D779-869C-433A-B7C8-2F343F7E1F83}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA58B007-6B50-4A05-8CE4-B7AC13C4B31B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEF3DA0E-BF62-4F60-9084-FE73FA99D121}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D14ECCD1-6D41-4FB4-BDC6-E674FF35DF0E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1F0E831-8A3F-4EBE-8AC5-427DC723B36A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD611189-F0E6-4B3E-9E24-50E454990A7B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0EA1F31-B58F-47E8-A185-20C52DF9F168}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42088B4F-96A4-43E5-A212-C79F718D6B0D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F69E86-6007-4B42-967F-CD23DF218D21}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43a09c52-eb52-4d76-801d-fe6a6e0d5188}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad93f034-bd93-436a-96e8-35db2ce83ec1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87337BC-BA69-4EB6-B609-48C20AC540FD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEF4454D-132C-4A50-9F4E-83EC378ED4C3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F193A2D5-F1AB-470B-B1D9-4A69001F1C5A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8364AF8-5937-4E61-A361-0A4A050A36C7}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c0f8cc65"=-
"BMc3cbfff9"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{D1F0E831-8A3F-4EBE-8AC5-427DC723B36A}"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"WinUpdating"=-
"Windows Printing Driver"=-
"prov"=-
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwtsr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayxu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffgh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopqp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppqpmj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnonm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmnn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuvwv]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhecb]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A95B233-8CDF-4B7D-B5E1-029709B5FA72}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c0be003-0360-44d8-a5f9-053bf99322cb}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{778CC869-4EBD-46C4-B465-3B9C226E986D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8304D498-6060-420E-B575-9B8A4A12EA5D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85412EE2-3CEF-42A3-AB63-4910EC2029F0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85ABF310-4028-4A73-9946-F8A08DE20CAC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97AC6538-6A3D-4CE6-B871-96568F278889}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98A7C3D8-C721-4589-891D-8FEA430B5ABA}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2743289-31F5-4E89-AB8C-E718D46ACD0F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2C6EB27-E1BA-4827-BACF-80F4A42269FE}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a75b47b5-5f07-44fd-8b9b-3ce9062f209a}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad93f034-bd93-436a-96e8-35db2ce83ec1}]

Driver::
Boonty Games

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
12 mars 2008 à 18:36
voilà le resultat :






ComboFix 08-03-10.1 - peter 2008-03-10 18:14:09.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1336 [GMT 1:00]
Endroit: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt..txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color

FILE ::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
C:\Program Files\The Cleaner Free
C:\WINDOWS\system32\akslwdau.ini
C:\WINDOWS\system32\bobvuiyq.ini
C:\WINDOWS\system32\bthesymt.ini
C:\WINDOWS\system32\cusoiiad.ini
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\dgwxxorx.ini
C:\WINDOWS\system32\dhjwghau.ini
C:\WINDOWS\system32\fhacrrnc.ini
C:\WINDOWS\system32\fwxscflc.ini
C:\WINDOWS\system32\fyfqvslv.ini
C:\WINDOWS\system32\ievctvdx.ini
C:\WINDOWS\system32\iifffgh.dll
C:\WINDOWS\system32\jucyctcf.ini
C:\WINDOWS\system32\lffax13n.dll
C:\WINDOWS\system32\lfpng13n.dll
C:\WINDOWS\system32\lftif13n.dll
C:\WINDOWS\system32\lgvjgswk.ini
C:\WINDOWS\system32\lkwofefq.ini
C:\WINDOWS\system32\ltclr13n.dll
C:\WINDOWS\system32\miuluprx.ini
C:\WINDOWS\system32\niycsqap.ini
C:\WINDOWS\system32\nroqixwe.ini
C:\WINDOWS\system32\oefefgxi.ini
C:\WINDOWS\system32\rggclweg.ini
C:\WINDOWS\system32\riqdoikm.ini
C:\WINDOWS\system32\rntailok.ini
C:\WINDOWS\system32\rodpuuik.ini
C:\WINDOWS\system32\smdcoeng.ini
C:\WINDOWS\system32\tkjrcwhh.ini
C:\WINDOWS\system32\tupogqvq.ini
C:\WINDOWS\system32\vetutsmf.dll
C:\WINDOWS\system32\vffwfptn.ini
C:\WINDOWS\system32\vlsvqfyf.dll
C:\WINDOWS\system32\vtuuvwv.dll.vir
C:\WINDOWS\system32\vyrpsoqd.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\xxtyxesy.ini
C:\WINDOWS\system32\yihagmae.ini
C:\WINDOWS\system32\yjdieiga.ini
C:\WINDOWS\Tasks\Norton Security Scan.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\peter\err.log
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Norton Security Scan
C:\Program Files\Norton Security Scan\ccL70U.dll
C:\Program Files\Norton Security Scan\ccScanw.dll
C:\Program Files\Norton Security Scan\ccVrTrst.dll
C:\Program Files\Norton Security Scan\dec_abi.dll
C:\Program Files\Norton Security Scan\DefUtDCD.dll
C:\Program Files\Norton Security Scan\ecmldr32.dll
C:\Program Files\Norton Security Scan\help.htm
C:\Program Files\Norton Security Scan\Microsoft.VC80.CRT.manifest
C:\Program Files\Norton Security Scan\msl.dll
C:\Program Files\Norton Security Scan\msvcp80.dll
C:\Program Files\Norton Security Scan\msvcr80.dll
C:\Program Files\Norton Security Scan\Nss.exe
C:\Program Files\Norton Security Scan\patch25d.dll
C:\Program Files\Norton Security Scan\SAUpdt.dll
C:\Program Files\Norton Security Scan\ScanCore.dll
C:\Program Files\Norton Security Scan\ScanRes.dll
C:\Program Files\Norton Security Scan\SKURes.dll
C:\VundoFix Backups
C:\VundoFix Backups\3htxv.exe.bad
C:\VundoFix Backups\54hwr.exe.bad
C:\VundoFix Backups\55dg.exe.bad
C:\VundoFix Backups\awvvs.dll.bad
C:\VundoFix Backups\sffajprm.dll.bad
C:\VundoFix Backups\svvwa.ini.bad
C:\VundoFix Backups\svvwa.ini2.bad
C:\VundoFix Backups\vlsvqfyf.dll.bad
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akslwdau.ini
C:\WINDOWS\system32\bobvuiyq.ini
C:\WINDOWS\system32\bthesymt.ini
C:\WINDOWS\system32\cusoiiad.ini
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\dgwxxorx.ini
C:\WINDOWS\system32\dhjwghau.ini
C:\WINDOWS\system32\fhacrrnc.ini
C:\WINDOWS\system32\fwxscflc.ini
C:\WINDOWS\system32\fyfqvslv.ini
C:\WINDOWS\system32\ievctvdx.ini
C:\WINDOWS\system32\iifffgh.dll
C:\WINDOWS\system32\jjycyxha.dll
C:\WINDOWS\system32\jucyctcf.ini
C:\WINDOWS\system32\lffax13n.dll
C:\WINDOWS\system32\lfpng13n.dll
C:\WINDOWS\system32\lftif13n.dll
C:\WINDOWS\system32\lgvjgswk.ini
C:\WINDOWS\system32\lkwofefq.ini
C:\WINDOWS\system32\ltclr13n.dll
C:\WINDOWS\system32\miuluprx.ini
C:\WINDOWS\system32\mqctekrv.ini
C:\WINDOWS\system32\niycsqap.ini
C:\WINDOWS\system32\nroqixwe.ini
C:\WINDOWS\system32\oefefgxi.ini
C:\WINDOWS\system32\qefcrrbx.dll
C:\WINDOWS\system32\rggclweg.ini
C:\WINDOWS\system32\riqdoikm.ini
C:\WINDOWS\system32\rntailok.ini
C:\WINDOWS\system32\rodpuuik.ini
C:\WINDOWS\system32\smdcoeng.ini
C:\WINDOWS\system32\tkjrcwhh.ini
C:\WINDOWS\system32\tupogqvq.ini
C:\WINDOWS\system32\vetutsmf.dll
C:\WINDOWS\system32\vffwfptn.ini
C:\WINDOWS\system32\vrketcqm.dll
C:\WINDOWS\system32\vtuuvwv.dll.vir
C:\WINDOWS\system32\vyrpsoqd.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\xxtyxesy.ini
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\yihagmae.ini
C:\WINDOWS\system32\yjdieiga.ini
C:\WINDOWS\Tasks\Norton Security Scan.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_BOONTY_GAMES
-------\Boonty Games


((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.

2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-05 08:04 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-11 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 00:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-10 17:17:49 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5a4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{021AD2FF-0B57-42D8-85A2-29CBC35158A6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{034DF249-5547-48BA-8413-2A271B1FA96E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B52C7EC-D1A3-4054-923C-DD12567F28B1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19C68DF2-978A-4B01-AFE2-63C16B4F38FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D27FB18-C8AF-4C21-A0BA-5DF54D020E28}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2718F85F-7478-4682-B43C-92429B0B384F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2105EE-F4EF-4109-B207-EBE6EFC6E68F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d405ac4-29a4-48f6-afc8-037853cfa243}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B174A1-B514-4882-8CF2-65CCC669DBF7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{327AB137-F27A-4288-94F9-023D9248E921}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377CA899-DD11-4D02-A420-4086E40986B8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42088B4F-96A4-43E5-A212-C79F718D6B0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F69E86-6007-4B42-967F-CD23DF218D21}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43a09c52-eb52-4d76-801d-fe6a6e0d5188}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{596F2542-A5F6-488A-8B7F-3930CACE1E80}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A95B233-8CDF-4B7D-B5E1-029709B5FA72}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c0be003-0360-44d8-a5f9-053bf99322cb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{778CC869-4EBD-46C4-B465-3B9C226E986D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8304D498-6060-420E-B575-9B8A4A12EA5D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85412EE2-3CEF-42A3-AB63-4910EC2029F0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85ABF310-4028-4A73-9946-F8A08DE20CAC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97AC6538-6A3D-4CE6-B871-96568F278889}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98A7C3D8-C721-4589-891D-8FEA430B5ABA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2743289-31F5-4E89-AB8C-E718D46ACD0F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2C6EB27-E1BA-4827-BACF-80F4A42269FE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a75b47b5-5f07-44fd-8b9b-3ce9062f209a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAE27F45-394F-4E0E-A211-ADC017D7E613}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBE9D779-869C-433A-B7C8-2F343F7E1F83}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA58B007-6B50-4A05-8CE4-B7AC13C4B31B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEF3DA0E-BF62-4F60-9084-FE73FA99D121}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D14ECCD1-6D41-4FB4-BDC6-E674FF35DF0E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1F0E831-8A3F-4EBE-8AC5-427DC723B36A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5ef94ab-7d2a-47a3-9a1d-ef708f4b6fe3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD611189-F0E6-4B3E-9E24-50E454990A7B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0EA1F31-B58F-47E8-A185-20C52DF9F168}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87337BC-BA69-4EB6-B609-48C20AC540FD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEF4454D-132C-4A50-9F4E-83EC378ED4C3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F193A2D5-F1AB-470B-B1D9-4A69001F1C5A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8364AF8-5937-4E61-A361-0A4A050A36C7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwtsr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayxu]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffgh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhecb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopqp]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppqpmj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnonm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmnn]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuvwv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-26 12:59:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-10 17:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-07 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-10 17:20:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:17:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 18:23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 17:23:09
ComboFix2.txt 2008-03-10 15:18:48
.
2008-02-29 00:50:20 --- E O F ---
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
12 mars 2008 à 18:37
voilà le resultat :






ComboFix 08-03-10.1 - peter 2008-03-10 18:14:09.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1336 [GMT 1:00]
Endroit: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt..txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
C:\Program Files\The Cleaner Free
C:\WINDOWS\system32\akslwdau.ini
C:\WINDOWS\system32\bobvuiyq.ini
C:\WINDOWS\system32\bthesymt.ini
C:\WINDOWS\system32\cusoiiad.ini
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\dgwxxorx.ini
C:\WINDOWS\system32\dhjwghau.ini
C:\WINDOWS\system32\fhacrrnc.ini
C:\WINDOWS\system32\fwxscflc.ini
C:\WINDOWS\system32\fyfqvslv.ini
C:\WINDOWS\system32\ievctvdx.ini
C:\WINDOWS\system32\iifffgh.dll
C:\WINDOWS\system32\jucyctcf.ini
C:\WINDOWS\system32\lffax13n.dll
C:\WINDOWS\system32\lfpng13n.dll
C:\WINDOWS\system32\lftif13n.dll
C:\WINDOWS\system32\lgvjgswk.ini
C:\WINDOWS\system32\lkwofefq.ini
C:\WINDOWS\system32\ltclr13n.dll
C:\WINDOWS\system32\miuluprx.ini
C:\WINDOWS\system32\niycsqap.ini
C:\WINDOWS\system32\nroqixwe.ini
C:\WINDOWS\system32\oefefgxi.ini
C:\WINDOWS\system32\rggclweg.ini
C:\WINDOWS\system32\riqdoikm.ini
C:\WINDOWS\system32\rntailok.ini
C:\WINDOWS\system32\rodpuuik.ini
C:\WINDOWS\system32\smdcoeng.ini
C:\WINDOWS\system32\tkjrcwhh.ini
C:\WINDOWS\system32\tupogqvq.ini
C:\WINDOWS\system32\vetutsmf.dll
C:\WINDOWS\system32\vffwfptn.ini
C:\WINDOWS\system32\vlsvqfyf.dll
C:\WINDOWS\system32\vtuuvwv.dll.vir
C:\WINDOWS\system32\vyrpsoqd.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\xxtyxesy.ini
C:\WINDOWS\system32\yihagmae.ini
C:\WINDOWS\system32\yjdieiga.ini
C:\WINDOWS\Tasks\Norton Security Scan.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\peter\err.log
C:\Program Files\Fichiers communs\BOONTY Shared
C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
C:\Program Files\Norton Security Scan
C:\Program Files\Norton Security Scan\ccL70U.dll
C:\Program Files\Norton Security Scan\ccScanw.dll
C:\Program Files\Norton Security Scan\ccVrTrst.dll
C:\Program Files\Norton Security Scan\dec_abi.dll
C:\Program Files\Norton Security Scan\DefUtDCD.dll
C:\Program Files\Norton Security Scan\ecmldr32.dll
C:\Program Files\Norton Security Scan\help.htm
C:\Program Files\Norton Security Scan\Microsoft.VC80.CRT.manifest
C:\Program Files\Norton Security Scan\msl.dll
C:\Program Files\Norton Security Scan\msvcp80.dll
C:\Program Files\Norton Security Scan\msvcr80.dll
C:\Program Files\Norton Security Scan\Nss.exe
C:\Program Files\Norton Security Scan\patch25d.dll
C:\Program Files\Norton Security Scan\SAUpdt.dll
C:\Program Files\Norton Security Scan\ScanCore.dll
C:\Program Files\Norton Security Scan\ScanRes.dll
C:\Program Files\Norton Security Scan\SKURes.dll
C:\VundoFix Backups
C:\VundoFix Backups\3htxv.exe.bad
C:\VundoFix Backups\54hwr.exe.bad
C:\VundoFix Backups\55dg.exe.bad
C:\VundoFix Backups\awvvs.dll.bad
C:\VundoFix Backups\sffajprm.dll.bad
C:\VundoFix Backups\svvwa.ini.bad
C:\VundoFix Backups\svvwa.ini2.bad
C:\VundoFix Backups\vlsvqfyf.dll.bad
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\akslwdau.ini
C:\WINDOWS\system32\bobvuiyq.ini
C:\WINDOWS\system32\bthesymt.ini
C:\WINDOWS\system32\cusoiiad.ini
C:\WINDOWS\system32\d3d9caps.dat
C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\dgwxxorx.ini
C:\WINDOWS\system32\dhjwghau.ini
C:\WINDOWS\system32\fhacrrnc.ini
C:\WINDOWS\system32\fwxscflc.ini
C:\WINDOWS\system32\fyfqvslv.ini
C:\WINDOWS\system32\ievctvdx.ini
C:\WINDOWS\system32\iifffgh.dll
C:\WINDOWS\system32\jjycyxha.dll
C:\WINDOWS\system32\jucyctcf.ini
C:\WINDOWS\system32\lffax13n.dll
C:\WINDOWS\system32\lfpng13n.dll
C:\WINDOWS\system32\lftif13n.dll
C:\WINDOWS\system32\lgvjgswk.ini
C:\WINDOWS\system32\lkwofefq.ini
C:\WINDOWS\system32\ltclr13n.dll
C:\WINDOWS\system32\miuluprx.ini
C:\WINDOWS\system32\mqctekrv.ini
C:\WINDOWS\system32\niycsqap.ini
C:\WINDOWS\system32\nroqixwe.ini
C:\WINDOWS\system32\oefefgxi.ini
C:\WINDOWS\system32\qefcrrbx.dll
C:\WINDOWS\system32\rggclweg.ini
C:\WINDOWS\system32\riqdoikm.ini
C:\WINDOWS\system32\rntailok.ini
C:\WINDOWS\system32\rodpuuik.ini
C:\WINDOWS\system32\smdcoeng.ini
C:\WINDOWS\system32\tkjrcwhh.ini
C:\WINDOWS\system32\tupogqvq.ini
C:\WINDOWS\system32\vetutsmf.dll
C:\WINDOWS\system32\vffwfptn.ini
C:\WINDOWS\system32\vrketcqm.dll
C:\WINDOWS\system32\vtuuvwv.dll.vir
C:\WINDOWS\system32\vyrpsoqd.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\xxtyxesy.ini
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\yihagmae.ini
C:\WINDOWS\system32\yjdieiga.ini
C:\WINDOWS\Tasks\Norton Security Scan.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_BOONTY_GAMES
-------\Boonty Games


((((((((((((((((((((((((((((( Fichiers créés 2008-02-10 to 2008-03-10 ))))))))))))))))))))))))))))))))))))
.

2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-05 08:04 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 17:18 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-10 15:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-11 00:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-11 00:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-10 17:17:49 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_5a4.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{021AD2FF-0B57-42D8-85A2-29CBC35158A6}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{034DF249-5547-48BA-8413-2A271B1FA96E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B52C7EC-D1A3-4054-923C-DD12567F28B1}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19C68DF2-978A-4B01-AFE2-63C16B4F38FC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D27FB18-C8AF-4C21-A0BA-5DF54D020E28}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2718F85F-7478-4682-B43C-92429B0B384F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2105EE-F4EF-4109-B207-EBE6EFC6E68F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d405ac4-29a4-48f6-afc8-037853cfa243}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B174A1-B514-4882-8CF2-65CCC669DBF7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{327AB137-F27A-4288-94F9-023D9248E921}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377CA899-DD11-4D02-A420-4086E40986B8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42088B4F-96A4-43E5-A212-C79F718D6B0D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F69E86-6007-4B42-967F-CD23DF218D21}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43a09c52-eb52-4d76-801d-fe6a6e0d5188}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{596F2542-A5F6-488A-8B7F-3930CACE1E80}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5A95B233-8CDF-4B7D-B5E1-029709B5FA72}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c0be003-0360-44d8-a5f9-053bf99322cb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{778CC869-4EBD-46C4-B465-3B9C226E986D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8304D498-6060-420E-B575-9B8A4A12EA5D}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85412EE2-3CEF-42A3-AB63-4910EC2029F0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85ABF310-4028-4A73-9946-F8A08DE20CAC}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97AC6538-6A3D-4CE6-B871-96568F278889}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98A7C3D8-C721-4589-891D-8FEA430B5ABA}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2743289-31F5-4E89-AB8C-E718D46ACD0F}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2C6EB27-E1BA-4827-BACF-80F4A42269FE}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a75b47b5-5f07-44fd-8b9b-3ce9062f209a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAE27F45-394F-4E0E-A211-ADC017D7E613}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBE9D779-869C-433A-B7C8-2F343F7E1F83}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA58B007-6B50-4A05-8CE4-B7AC13C4B31B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEF3DA0E-BF62-4F60-9084-FE73FA99D121}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D14ECCD1-6D41-4FB4-BDC6-E674FF35DF0E}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1F0E831-8A3F-4EBE-8AC5-427DC723B36A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d5ef94ab-7d2a-47a3-9a1d-ef708f4b6fe3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD611189-F0E6-4B3E-9E24-50E454990A7B}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0EA1F31-B58F-47E8-A185-20C52DF9F168}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87337BC-BA69-4EB6-B609-48C20AC540FD}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEF4454D-132C-4A50-9F4E-83EC378ED4C3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F193A2D5-F1AB-470B-B1D9-4A69001F1C5A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8364AF8-5937-4E61-A361-0A4A050A36C7}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwtsr]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayxu]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffgh]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhecb]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopqp]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppqpmj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnonm]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmnn]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuvwv]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-02-26 12:59:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-10 17:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-07 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-10 17:20:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-10 18:17:57
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
C:\WINDOWS\eHome\ehmsas.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-10 18:23:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-10 17:23:09
ComboFix2.txt 2008-03-10 15:18:48
.
2008-02-29 00:50:20 --- E O F ---
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
12 mars 2008 à 19:40
re,

peux tu poster un nouveau hijack this stp

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
13 mars 2008 à 09:27
bonjour, je te remet un test hijackthis :





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:23:46, on 11/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Documents and Settings\peter\Bureau\LOGICIEL 2008\emule\eMule.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: download-boosters Toolbar - {e4000b62-fa5d-4b39-b254-0a4c485aaf11} - C:\Program Files\download-boosters\tbdown.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [Adobe] "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe"
O4 - HKLM\..\Run: [AntivirusRegistration] C:\Program Files\CA\Etrust Antivirus\Register.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3200] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P19 "EPSON Stylus CX3200" /O6 "USB001" /M "Stylus CX3200"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-471990195-2333845299-1059634769-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'IUSR_NMPR')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2472DCCC-68CE-49DA-AA81-E7E6D83C1DFA} - http://acces.blonde.com/package/PackageHtmlCab.CAB
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase370.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} (CamfrogWEB Advanced Unicode Control) - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Intel(R) Alert Service (AlertService) - Intel Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: Serveur Média Intel(R) Viiv(TM) (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
13 mars 2008 à 15:57
Pato83,

j´ai l´impression que l´infection a patché des logiciels pour reanimer l´infection ;-(

on va proceder comme suit :

Copie le texte ci-dessous :

File::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp

Folder::


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{021AD2FF-0B57-42D8-85A2-29CBC35158A6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{034DF249-5547-48BA-8413-2A271B1FA96E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0B52C7EC-D1A3-4054-923C-DD12567F28B1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{19C68DF2-978A-4B01-AFE2-63C16B4F38FC}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D27FB18-C8AF-4C21-A0BA-5DF54D020E28}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2718F85F-7478-4682-B43C-92429B0B384F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2D2105EE-F4EF-4109-B207-EBE6EFC6E68F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d405ac4-29a4-48f6-afc8-037853cfa243}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B174A1-B514-4882-8CF2-65CCC669DBF7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{327AB137-F27A-4288-94F9-023D9248E921}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{377CA899-DD11-4D02-A420-4086E40986B8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BAE27F45-394F-4E0E-A211-ADC017D7E613}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BBE9D779-869C-433A-B7C8-2F343F7E1F83}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CA58B007-6B50-4A05-8CE4-B7AC13C4B31B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CEF3DA0E-BF62-4F60-9084-FE73FA99D121}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D14ECCD1-6D41-4FB4-BDC6-E674FF35DF0E}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D1F0E831-8A3F-4EBE-8AC5-427DC723B36A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DD611189-F0E6-4B3E-9E24-50E454990A7B}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0EA1F31-B58F-47E8-A185-20C52DF9F168}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42088B4F-96A4-43E5-A212-C79F718D6B0D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42F69E86-6007-4B42-967F-CD23DF218D21}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43a09c52-eb52-4d76-801d-fe6a6e0d5188}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ad93f034-bd93-436a-96e8-35db2ce83ec1}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E87337BC-BA69-4EB6-B609-48C20AC540FD}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEF4454D-132C-4A50-9F4E-83EC378ED4C3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F193A2D5-F1AB-470B-B1D9-4A69001F1C5A}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F8364AF8-5937-4E61-A361-0A4A050A36C7}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxwtsr]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebayxu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifffgh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljhecb]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnopqp]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\oppqpmj]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qomnonm]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqnmnn]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuuvwv]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"=-

Renv::
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

Driver::
mchInjDrv

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
14 mars 2008 à 13:19
voilà le rapport:







ComboFix 08-03-10.1 - peter 2008-03-12 13:04:29.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1496 [GMT 1:00]
Endroit: G:\ComboFix.exe
Command switches used :: G:\CFScript..txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-12 to 2008-03-12 ))))))))))))))))))))))))))))))))))))
.

2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-05 08:04 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 12:04 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-11 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2007-12-14 09:09 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-12 12:08:35 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_55c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-12 11:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-07 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-12 12:11:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-12 13:09:14
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-12 13:12:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-12 12:12:50
ComboFix2.txt 2008-03-10 17:23:13
ComboFix3.txt 2008-03-10 15:18:48
.
2008-03-11 20:28:09 --- E O F ---
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
15 mars 2008 à 00:41
salut pato83,

C´est mieux,

j´ai pas reussie a supprimer un service, on va recommencer encore une fois...

Copie le texte ci-dessous :

File::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp

Driver::
MCHINJDRV

Registry::
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt4 accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
16 mars 2008 à 22:15
voici le resultat:









ComboFix 08-03-10.1 - peter 2008-03-14 21:57:56.4 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1395 [GMT 1:00]
Endroit: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt..txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
.
/wow section - STAGE 7

((((((((((((((((((((((((((((( Fichiers créés 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))))))))
.

2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-05 08:04 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 21:05 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-14 01:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-10 18:19 --------- d-----w C:\Program Files\Yahoo!
2008-03-10 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-10 18:13 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-07 15:09 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-03-07 14:46 --------- d-----w C:\Program Files\Fichiers communs\BitDefender
2008-03-07 14:46 --------- d-----w C:\Program Files\BitDefender
2008-02-29 18:44 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-02-27 10:36 --------- d-----w C:\Program Files\Vstplugins
2008-02-21 22:40 --------- d-----w C:\Program Files\LimeWire
2008-02-21 13:04 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-02-21 12:33 --------- d-----w C:\Documents and Settings\peter\Application Data\Skype
2008-02-20 18:13 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-20 17:09 --------- d-----w C:\Program Files\BitComet
2008-02-11 11:52 --------- d-----w C:\Documents and Settings\peter\Application Data\Slide
2008-02-10 21:30 37,888 ----a-w C:\WINDOWS\system32\rar.exe
2008-02-06 23:35 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-01-29 10:08 --------- d-----w C:\Program Files\Lavasoft
2008-01-25 17:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Pok3d
2008-01-20 01:36 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\PC Tools
2007-12-14 09:09 147,456 ----a-w C:\WINDOWS\system32\vbzip10.dll
2001-12-19 10:30 174,747 --sha-w C:\WINDOWS\system32\bccdd.ini2
.

((((((((((((((((((((((((((((( snapshot@2008-03-10_16.18.30.67 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-02-04 23:09:46 18,214,008 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-05 16:30:54 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-03-14 21:03:10 16,384 ----atw C:\WINDOWS\TEMP\Perflib_Perfdata_598.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [ ]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - MCHINJDRV
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-14 20:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-14 21:06:13 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-14 22:03:59
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\WlanCU.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.10\SiSWLSvc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\rsvp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-03-14 22:08:59 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-14 21:08:48
ComboFix2.txt 2008-03-12 12:12:53
ComboFix3.txt 2008-03-10 17:23:13
ComboFix4.txt 2008-03-10 15:18:48
.
2008-03-11 20:28:09 --- E O F ---
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
16 mars 2008 à 22:19
salut pato83,

passe ceci stp :

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
17 mars 2008 à 14:24
bonjour, par contre quand j'ai fait ce test apres avoir cliqué sur Y et entrer, bien j'ai attendu au moins une heure et rien ne sais passé donc j'ai redemarré et voila le resultat du test:




[b]SDFix: Version 1.158 [/b]

Run by peter on 15/03/2008 at 13:07

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Windows Registry Values
Restoring Windows Default Hosts File
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
17 mars 2008 à 19:22
salut pato.

peux tu faire ceci :

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe
- Enregistre le sur ton bureau

Double clique sur le OAD pour le lancer

- nom de fichier à rechercher tape ou fais un copier coller de :

mchInjDrv

- Type de recherche : sélectionne l'option 6 puis valide


OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé.
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé.

- Fais un copier / coller de ce rapport dans ton prochain post.

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
17 mars 2008 à 20:39
voila le resultat du test:




15/03/2008 ---- 20:35:47,35

----------------------------------
§§§§§§ [mchInjDrv] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete


********************
[Registre]
********************


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]
"DeviceDesc"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
"ActiveService"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]
"0"="Root\\LEGACY_MCHINJDRV\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000]
"DeviceDesc"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]
"DeviceDesc"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
"ActiveService"="mchInjDrv"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum]
"0"="Root\\LEGACY_MCHINJDRV\\0000"

*******************
[Fichier]
*******************



*********************
[Même date]
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
17 mars 2008 à 23:13
re,

merci ;-)

Copie le texte ci-dessous :

File::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp

Driver::
MCHINJDRV

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
"ActiveService"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]
"0"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]
"Service"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]
"DeviceDesc"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
"ActiveService"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum]
"0"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt5 accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0
pato83 Messages postés 23 Date d'inscription lundi 10 mars 2008 Statut Membre Dernière intervention 12 novembre 2009
18 mars 2008 à 13:10
voici le resultat :





ComboFix 08-03-10.1 - peter 2008-03-16 13:00:30.5 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1371 [GMT 1:00]
Endroit: G:\ComboFix.exe
Command switches used :: G:\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp
.
/wow section - STAGE 7
/wow section non terminée

((((((((((((((((((((((((((((( Fichiers créés 2008-02-16 to 2008-03-16 ))))))))))))))))))))))))))))))))))))
.

2008-03-15 12:16 . 2008-03-15 12:16 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-15 12:10 . 2008-03-15 13:07 <REP> d-------- C:\SDFix
2008-03-10 19:00 . 2008-03-10 18:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-10 19:00 . 2008-03-10 19:00 2,546 --a------ C:\WINDOWS\unins000.dat
2008-03-10 18:56 . 2008-03-10 20:15 <REP> d-------- C:\Program Files\splus
2008-03-10 10:28 . 2008-03-10 10:28 <REP> d-------- C:\Program Files\Trend Micro
2008-03-08 13:01 . 2008-03-08 13:01 5,376 --a------ C:\WINDOWS\system32\drivers\MS1000.sys
2008-03-08 12:58 . 2008-03-08 16:48 <REP> d-------- C:\Program Files\The Cleaner Free
2008-03-05 09:26 . 2008-03-05 09:26 <REP> dr------- C:\Documents and Settings\LocalService\Mes documents
2008-03-05 09:26 . 2008-03-05 09:26 <REP> d-------- C:\Documents and Settings\LocalService\Bureau
2008-02-26 19:52 . 2008-02-27 13:23 <REP> d-------- C:\Documents and Settings\peter\Application Data\Steinberg
2008-02-25 15:42 . 2008-02-27 13:42 <REP> d-------- C:\Program Files\Steinberg
2008-02-21 14:05 . 2008-03-15 14:25 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\peter\Application Data\SUPERAntiSpyware.com
2008-02-21 14:05 . 2008-02-21 14:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]
2007-12-10 13:46 1510424 --a------ C:\Program Files\download-boosters\tbdown.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= "C:\Program Files\download-boosters\tbdown.dll" [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{E4000B62-FA5D-4B39-B254-0A4C485AAF11}"= C:\Program Files\download-boosters\tbdown.dll [2007-12-10 13:46 1510424]

[HKEY_CLASSES_ROOT\clsid\{e4000b62-fa5d-4b39-b254-0a4c485aaf11}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-24 13:00 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"slide.exe"="C:\Program Files\Slide\Slide.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-28 23:37 68856]
"BitComet"="C:\Program Files\BitComet\BitComet.exe" [2008-02-01 08:20 2194744]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 09:59 204288]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-05 08:04 1481968]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-07-10 20:48 303104]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 06:15 151552]
"Adobe"="C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [ ]
"AntivirusRegistration"="C:\Program Files\CA\Etrust Antivirus\Register.exe" [2005-08-22 22:05 258048]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-10-05 22:54 180269]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40 2577632]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe" [2007-03-16 11:45 63712]
"EPSON Stylus CX3200"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.exe" [2002-07-01 04:05 74752]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-24 13:00 15360]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-11-28 23:37:11 126136]
Wireless Configuration Utility HW.32.lnk - C:\WINDOWS\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2007-09-23 03:03:46 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\Conf.exe"=
"C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MaxTV\\maxtv.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Ahead\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Documents and Settings\\peter\\Bureau\\LOGICIEL 2008\\emule\\eMule.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"20832:TCP"= 20832:TCP:BitComet 20832 TCP
"20832:UDP"= 20832:UDP:BitComet 20832 UDP

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2006-03-24 13:00]
R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-28 15:34]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 09:45]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys []
S3 RDID1003;EDIROL UM-2;C:\WINDOWS\system32\Drivers\rdwm1003.sys [2005-06-03 19:35]
S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2004-12-31 16:46]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-11 12:59:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-03-16 11:14:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-03-14 16:15:00 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-03-16 11:56:58 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-16 13:01:41
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\peter\LOCALS~1\Temp\mc21.tmp"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Temps d'accomplissement: 2008-03-16 13:03:58
ComboFix-quarantined-files.txt 2008-03-16 12:03:47
ComboFix2.txt 2008-03-14 21:09:00
ComboFix3.txt 2008-03-12 12:12:53
ComboFix4.txt 2008-03-10 17:23:13
ComboFix5.txt 2008-03-10 15:18:48
.
2008-03-11 20:28:09 --- E O F ---
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
18 mars 2008 à 17:40
bonjour pato83,

Je ne comprends pas pourquoi je n´arrive pas a bout de ce foutu fichier, je vais demander de l aide et reviendrais...

@+
0
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 407
18 mars 2008 à 18:14
Pato83;

On va retenter comme ceci, apres demande d´un autre avis...

Copie le texte ci-dessous :

File::
C:\DOCUME~1\peter\LOCALS~1\Temp\mc22.tmp

Driver::
MCHINJDRV

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mchInjDrv\Enum]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MCHINJDRV\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MCHINJDRV\0000\Control]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mchInjDrv\Enum]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt5 accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+
0