Sujet Précédent Sujet Suivant

Virus

asstractor -  
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Bonjour,

J'ai choppé un virus que je n'identifie pas et j'aurais besoin d'aide. J'ai fait quelques analyses et nettoyage,voici les logs:

Logfile of HijackThis v1.99.1
Scan saved at 22:32:53, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Eroca\Eroca.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\Excentrix\Excentrix.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\Documents and Settings\David Marchand\Bureau\hijack\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {97d73d82-ae10-b5c2-119b-a18f07567a92} - C:\WINDOWS\system32\rgiiyc.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run2
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Eroca] C:\Program Files\Eroca\Eroca.exe
O4 - HKCU\..\Run: [Numpczrf] "C:\Program Files\s?stem32\w?aclt.exe"
O4 - HKCU\..\Run: [Eetr] "C:\PROGRA~1\SSTEM~1\cmd.exe" -vt yazb
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Excentrix.lnk = C:\WINDOWS\Excentrix\Excentrix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

ComboFix 08-05-27.4 - David Marchand 2008-05-27 22:15:23.1 - [color=red][b]FAT32/b/colorx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.114 [GMT -4:00]
Endroit: C:\Documents and Settings\David Marchand\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\David Marchand\Application Data\SpeedRunner
C:\Documents and Settings\David Marchand\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\David Marchand\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\David Marchand\Menu Démarrer\Programmes\Outerinfo
C:\Documents and Settings\David Marchand\Menu Démarrer\Programmes\Outerinfo\Terms.lnk
C:\Documents and Settings\David Marchand\Menu Démarrer\Programmes\Outerinfo\Uninstall.lnk
C:\Program Files\sstem~1
C:\Program Files\sstem~1\cmd.exe
C:\Program Files\sstem~1\s?stem\
C:\Program Files\sstem3~1
C:\WINDOWS\BM04aabe31.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cmrtxhyw.dll
C:\WINDOWS\system32\fccaWolJ.dll
C:\WINDOWS\system32\hgGxXQiG.dll
C:\WINDOWS\system32\hjmshrhv.exe
C:\WINDOWS\system32\ibqrnspo.dll
C:\WINDOWS\system32\igrjccdk.exe
C:\WINDOWS\system32\JloWaccf.ini
C:\WINDOWS\system32\tgwjbtfv.exe
C:\WINDOWS\system32\wbvjdkjo.ini
C:\WINDOWS\system32\yemdwvro.dll
C:\Program Files\sstem3~1\w?aclt.exe . . . . Echec de suppression
C:\WINDOWS\system32\bqzpas.sys . . . . Echec de suppression

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_cmdservice
-------\Legacy_network_monitor
-------\Service_bqzpas

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-28 to 2008-05-28 ))))))))))))))))))))))))))))))))))))
.

2008-05-27 21:09 . 2008-05-27 21:09 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-05-27 20:24 . 2008-05-27 20:24 <REP> d-------- C:\Documents and Settings\David Marchand\Application Data\Malwarebytes
2008-05-27 20:23 . 2008-05-27 20:23 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-27 20:23 . 2008-05-27 20:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-27 20:23 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-27 20:23 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-05-27 20:21 . 2008-05-27 20:21 <REP> d--hs---- C:\WINDOWS\RGF2aWQgTWFyY2hhbmQ
2008-05-27 20:04 . 2008-05-27 20:04 <REP> d-------- C:\WINDOWS\LastGood.Tmp
2008-05-27 20:00 . 2008-05-27 20:00 <REP> d-------- C:\Program Files\Eroca
2008-05-25 17:39 . 2008-05-25 19:45 4,982 --a------ C:\WINDOWS\system32\tmp.reg
2008-05-25 16:49 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-05-25 16:49 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-05-25 16:49 . 2008-05-15 23:22 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-05-25 16:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-05-25 16:49 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\404Fix.exe
2008-05-25 16:49 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-05-25 16:49 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-05-25 16:49 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-05-11 19:11 . 2008-05-11 19:11 <REP> d--hs---- C:\FOUND.001
2008-05-04 19:16 . 57,776 C:\WINDOWS\system32\bqzpas.sys
2008-05-04 19:16 . 2008-05-27 20:57 27,136 --------- C:\WINDOWS\system32\winzoa32.dll
2008-05-04 19:16 . 2008-05-04 19:16 13,824 --a------ C:\uieqr.exe
2008-05-04 19:16 . 2008-05-04 19:21 2 --a------ C:\127503618

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2007-09-18 15:41 41,392 ----a-w C:\Documents and Settings\David Marchand\Application Data\GDIPFONTCACHEV1.DAT
2007-07-14 17:26 15,831,317 ----a-w C:\Program Files\YamiPod.exe
2007-04-27 20:36 781 ----a-w C:\Program Files\Readme.txt
2007-01-13 22:55 13,880 ----a-w C:\Program Files\googletoolbardownloader_fr_signed.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97d73d82-ae10-b5c2-119b-a18f07567a92}]
C:\WINDOWS\system32\rgiiyc.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 20:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-04 19:23 68856]
"Eroca"="C:\Program Files\Eroca\Eroca.exe" [2008-05-27 20:00 125952]
"Numpczrf"="C:\Program Files\s?stem32\w?aclt.exe" [ ]
"Eetr"="C:\PROGRA~1\SSTEM~1\cmd.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 13:34 64512]
"LaunchApp"="" []
"RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20 53248]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-07-31 21:02 346112]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-07-28 10:40 208896]
"eLockMonitor"="C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 20:00 455168]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-30 09:57 442368]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-08-15 20:34 766041]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 13:08 61440]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-15 03:10 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 09:18 270648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 20:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\ABC\\ABC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\uieqr.exe"=

R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3983490b-d40b-11dc-b332-0016368d819e}]
\shell\autorun\command - F:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-27 22:19:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ACER.EMPOWERING.FRAMEWORK.LAUNCHER.EXE
C:\WINDOWS\EXCENTRIX\EXCENTRIX.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\WINDOWS\EHOME\EHRECVR.EXE
C:\WINDOWS\EHOME\EHSCHED.EXE
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\PROGRAM FILES\SYMANTEC\LIVEUPDATE\ALUSCHEDULERSVC.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\ACER\EMPOWERING TECHNOLOGY\ELOCK\SERVICE\ELOCKSERV.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-27 22:22:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 02:22:20

Pre-Run: 9,487,810,560 octets libres
Post-Run: 9,679,339,520 octets libres

176 --- E O F --- 2008-05-26 02:53:35

SmitFraudFix v2.322

Rapport fait à 17:38:33,75, 25/05/2008
Executé à partir de C:\Documents and Settings\David Marchand\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est FAT32
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\uieqr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\Excentrix\Excentrix.exe
C:\WINDOWS\mrofinu.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\TEMP\D83E.tmp
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David Marchand

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\David Marchand\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\DAVIDM~1\FAVORIS

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Helper\ PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="http://join2day.com/abc/S/shishkin/shishkin14.JPG"
"SubscribedURL"="http://join2day.com/abc/S/shishkin/shishkin14.JPG"
"FriendlyName"=""

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="http://join2day.com/abc/S/shishkin/shishkin34.JPG"
"SubscribedURL"="http://join2day.com/abc/S/shishkin/shishkin34.JPG"
"FriendlyName"=""
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="http://join2day.com/abc/S/shishkin/shishkin23.JPG"
"SubscribedURL"="http://join2day.com/abc/S/shishkin/shishkin23.JPG"
"FriendlyName"=""

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Atheros AR5005G Wireless Network Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 24.200.241.37
DNS Server Search Order: 24.201.245.77
DNS Server Search Order: 24.200.243.189

HKLM\SYSTEM\CCS\Services\Tcpip\..\{0480DBCB-1C00-4B84-9A6D-35ED9C262EEA}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0480DBCB-1C00-4B84-9A6D-35ED9C262EEA}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{0480DBCB-1C00-4B84-9A6D-35ED9C262EEA}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0480DBCB-1C00-4B84-9A6D-35ED9C262EEA}: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=24.200.241.37 24.201.245.77 24.200.243.189

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

BitDefender Online Scanner

Scan report generated at: Tue, May 27, 2008 - 21:55:50

Scan path: C:\;D:\;E:\;

Statistics

Time
00:43:34

Files
179763

Folders
6331

Boot Sectors
4

Archives
7798

Packed Files
11914

Results

Identified Viruses
16

Infected Files
39

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
36

Engines Info

Virus Definitions
1246895

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
42

Unpack plugins
7

E-mail plugins
6

System plugins
5

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\WINDOWS\system32\crypts.dll
Infected with: Trojan.Downloader.Agent.ZJM

C:\WINDOWS\system32\crypts.dll
Deleted

C:\WINDOWS\system32\kcaqjwxm.dll
Infected with: Trojan.Vundo.EOG

C:\WINDOWS\system32\kcaqjwxm.dll
Deleted

C:\WINDOWS\system32\rbyfxdif.dll
Infected with: Trojan.Vundo.EOL

C:\WINDOWS\system32\rbyfxdif.dll
Deleted

C:\WINDOWS\system32\wukndfsk.dll
Infected with: Trojan.Vundo.EOG

C:\WINDOWS\system32\wukndfsk.dll
Deleted

C:\WINDOWS\system32\rynwnsaj.dll
Infected with: Trojan.Vundo.EOI

C:\WINDOWS\system32\rynwnsaj.dll
Deleted

C:\WINDOWS\system32\nojynmvi.dll
Infected with: Trojan.Vundo.EOL

C:\WINDOWS\system32\nojynmvi.dll
Deleted

C:\WINDOWS\Temp\D83E.tmp
Infected with: Trojan.Patched.BR

C:\WINDOWS\Temp\D83E.tmp
Disinfection failed

C:\WINDOWS\Temp\D83E.tmp
Deleted

C:\WINDOWS\Temp\A2CE.tmp
Infected with: Trojan.Patched.BR

C:\WINDOWS\Temp\A2CE.tmp
Disinfection failed

C:\WINDOWS\Temp\A2CE.tmp
Deleted

C:\WINDOWS\Temp\C02C.tmp
Infected with: Trojan.Patched.BR

C:\WINDOWS\Temp\C02C.tmp
Disinfection failed

C:\WINDOWS\Temp\C02C.tmp
Deleted

C:\WINDOWS\RGF2aWQgTWFyY2hhbmQ\asappsrv.dll
Detected with: Adware.CommAd.A

C:\WINDOWS\RGF2aWQgTWFyY2hhbmQ\asappsrv.dll
Deleted

C:\WINDOWS\RGF2aWQgTWFyY2hhbmQ\command.exe
Infected with: Trojan.Generic.107114

C:\WINDOWS\RGF2aWQgTWFyY2hhbmQ\command.exe
Deleted

C:\WINDOWS\RGF2aWQgTWFyY2hhbmQ\l3IZuqk0nqIVsZ11vAk.vbs
Detected with: Adware.Isearch.D

C:\WINDOWS\RGF2aWQgTWFyY2hhbmQ\l3IZuqk0nqIVsZ11vAk.vbs
Deleted

C:\Documents and Settings\David Marchand\Local Settings\Temp\NDR7.tmp
Infected with: Trojan.Downloader.JJRL

C:\Documents and Settings\David Marchand\Local Settings\Temp\NDR7.tmp
Deleted

C:\Documents and Settings\David Marchand\Local Settings\Temp\!update.exe
Infected with: Trojan.Downloader.JJRL

C:\Documents and Settings\David Marchand\Local Settings\Temp\!update.exe
Deleted

C:\Documents and Settings\David Marchand\Local Settings\Temporary Internet Files\Content.IE5\C9QR0L6N\!update-4495[1].0000
Infected with: Trojan.Downloader.JJRL

C:\Documents and Settings\David Marchand\Local Settings\Temporary Internet Files\Content.IE5\C9QR0L6N\!update-4495[1].0000
Deleted

C:\Documents and Settings\David Marchand\Local Settings\Temporary Internet Files\Content.IE5\ORXZEU71\wssl62_c[1].exe
Infected with: Trojan.Patched.BR

C:\Documents and Settings\David Marchand\Local Settings\Temporary Internet Files\Content.IE5\ORXZEU71\wssl62_c[1].exe
Disinfection failed

C:\Documents and Settings\David Marchand\Local Settings\Temporary Internet Files\Content.IE5\ORXZEU71\wssl62_c[1].exe
Deleted

C:\Documents and Settings\David Marchand\Application Data\Microsoft\Windows\xktvhmx.exe
Infected with: Backdoor.Generic.48098

C:\Documents and Settings\David Marchand\Application Data\Microsoft\Windows\xktvhmx.exe
Disinfection failed

C:\Documents and Settings\David Marchand\Application Data\Microsoft\Windows\xktvhmx.exe
Delete failed

C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16768
Detected with: Adware.CommAd.A

C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.16768
Deleted

C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.49717
Infected with: Trojan.Downloader.Matcash.J

C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.49717
Disinfection failed

C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.49717
Deleted

C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76306
Infected with: Trojan.Generic.107114

C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.76306
Deleted

C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83694
Detected with: Adware.Purityscan.JA

C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.83694
Deleted

C:\Program Files\SSTEM~1\cmd.exe
Detected with: Adware.Purityscan.JA

C:\Program Files\SSTEM~1\cmd.exe
Disinfection failed

C:\Program Files\SSTEM~1\cmd.exe
Delete failed

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047650.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047650.ini
Disinfection failed

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047650.ini
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047667.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047667.ini
Disinfection failed

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047667.ini
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047709.ini
Infected with: Trojan.Vundo.DVS

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047709.ini
Disinfection failed

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047709.ini
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047906.exe
Infected with: Trojan.Downloader.Matcash.J

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047906.exe
Disinfection failed

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047906.exe
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047907.exe
Infected with: Backdoor.Rustock.NDI

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047907.exe
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047913.exe
Infected with: Trojan.Packed.EK

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047913.exe
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047935.dll
Infected with: Trojan.Downloader.Agent.ZJM

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047935.dll
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047936.dll
Infected with: Trojan.Vundo.EOG

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047936.dll
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047937.dll
Infected with: Trojan.Vundo.EOL

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047937.dll
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047938.dll
Infected with: Trojan.Vundo.EOG

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047938.dll
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047939.dll
Infected with: Trojan.Vundo.EOI

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047939.dll
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047940.dll
Infected with: Trojan.Vundo.EOL

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047940.dll
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047941.dll
Detected with: Adware.CommAd.A

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047941.dll
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047942.exe
Infected with: Trojan.Generic.107114

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047942.exe
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047943.vbs
Detected with: Adware.Isearch.D

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047943.vbs
Deleted

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047944.exe
Infected with: Backdoor.Generic.48098

C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047944.exe
Deleted

C:\uieqr.exe
Infected with: Trojan.Spy.ZBot.CB

C:\uieqr.exe
Disinfection failed

C:\uieqr.exe
Delete failed

MERCI!
A voir également:

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
asstractor
 
Précédemment vous m'aviez dit que nous nous occuperions d'installer un antivirus plus tard. Pour l'instant voici le log highjackthis suite au fix effectué. Merci encore.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47:31, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.wikipedia.org/wiki/Accueil
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Excentrix.lnk = C:\WINDOWS\Excentrix\Excentrix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O24 - Desktop Component 2: (no name) - http://join2day.com/abc/S/shishkin/shishkin23.JPG
O24 - Desktop Component 3: (no name) - http://join2day.com/abc/S/shishkin/shishkin6.JPG
0
Réponse 22 / 28
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Ok, on y va pour l'antivirus, il est plus que temps :

1)Télécharge Avira antivir

-- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien :
https://www.avira.com/ sur ton Bureau.

2) Installe et paramètre puis mets a jour Antivir

Double-clique sur son set up sur ton Bureau pour lancer l’installation.

Une fois celui ci installé, ferme le scan qui s'est lancé de manière automatique et paramètre le comme indiqué ici :

http://speedweb1.free.fr/frames2.php?page=tuto5
ou la : https://www.malekal.com/avira-free-security-antivirus-gratuit/

3) Redémarre en mode sans échec

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionne "Mode sans échec" et appuyer sur [Entrée]
Il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

Voir si besoin C) https://forum.pcastuces.com/sujet.asp?f=25&s=3902

4) Scan Antivirus et nettoyage avec Avira Antivir

Lance Avira antivir en faisant un double-clic sur le raccourci d’Antivir sur ton Bureau (ou via Démarrer /tous les programmes /Antivir) puis « start Antivir »
Clique sur Local protection (colonne à gauche) puis sur « Scanner » puis vérifie à RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
Mets tout ce qu il trouve en "quarantine"
Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport qui vient d'apparaître sur ton Bureau..

5) Rapport

Redémarre en mode normal puis poste le rapport d'Antivir (que tu as sauvegardé sur ton Bureau).

Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php

@ suivre
0
Réponse 23 / 28
asstractor
 
Voici le rapport fait avec Avira conformément aux indications données:

Avira AntiVir Personal
Report file date: mardi 17 juin 2008 20:16

Scanning for 1340302 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: David Marchand
Computer name: DAVID

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 15:02:58
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 14:43:38
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 14:41:24
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 14:28:42
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 23:51:20
ANTIVIR3.VDF : 7.0.4.210 116736 Bytes 17/06/2008 23:51:22
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 15:58:22
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 17/06/2008 23:51:42
AESCN.DLL : 8.1.0.21 119156 Bytes 17/06/2008 23:51:40
AERDL.DLL : 8.1.0.20 418165 Bytes 17/06/2008 23:51:40
AEPACK.DLL : 8.1.1.5 364918 Bytes 17/06/2008 23:51:38
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 17/06/2008 23:51:34
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 17/06/2008 23:51:34
AEHELP.DLL : 8.1.0.15 115063 Bytes 17/06/2008 23:51:28
AEGEN.DLL : 8.1.0.28 307572 Bytes 17/06/2008 23:51:28
AEEMU.DLL : 8.1.0.6 430451 Bytes 17/06/2008 23:51:24
AECORE.DLL : 8.1.0.31 168310 Bytes 17/06/2008 23:51:22
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 23:07:54
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 16:37:52
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:26:48
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 23:07:50
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 14:29:24
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 14:31:32
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 23:28:04
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 23:08:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 18:05:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 20:37:26
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 18:02:12

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mardi 17 juin 2008 20:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\QooBox\Quarantine\C\uieqr.exe.vir
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.dnw Backdoor server programs
[NOTE] The file was moved to '48bd591c.qua'!
C:\QooBox\Quarantine\C\Program Files\SSTEM~1\cmd.exe.vir
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '48bc592e.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\cmrtxhyw.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '48ca593c.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\fccaWolJ.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48bb5933.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGxXQiG.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '489f5937.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\hjmshrhv.exe.vir
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '48c5593a.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\igrjccdk.exe.vir
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '48ca5938.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\tgwjbtfv.exe.vir
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '48cf5938.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\yemdwvro.dll.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48c55937.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\winzoa32.dll.vir
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was moved to '48c6593b.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\David Marchand\Application Data\SpeedRunner\SpeedRunner.exe.vir
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48bd5947.qua'!
C:\Documents and Settings\David Marchand\Bureau\ComboFix.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[NOTE] The file was moved to '48c561b5.qua'!
C:\Documents and Settings\David Marchand\Bureau\SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[NOTE] The file was moved to '48ba61bc.qua'!
C:\Documents and Settings\David Marchand\Bureau\SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48cb61bc.qua'!
C:\Documents and Settings\David Marchand\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine\QUAR1.36177
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was moved to '489961f8.qua'!
C:\Program Files\Microsoft Office\media\cagcat10\J0234687.GIF
[DETECTION] Is the Trojan horse TR/BHO.ecl
[NOTE] The file was moved to '488a64c7.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047779.dll
[DETECTION] Is the Trojan horse TR/Monder.KG
[NOTE] The file was moved to '488867d5.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047908.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867dd.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047909.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49296c8e.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047910.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867df.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047911.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867de.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047912.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49296c8f.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047914.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867c0.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP244\A0047915.DLL
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was moved to '49296cb0.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047953.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '488867e3.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047957.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[NOTE] The file was moved to '49296cb4.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047958.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867e4.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047959.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49296cb5.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047960.exe
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '488867e6.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047962.exe
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '488867e5.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047963.exe
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[NOTE] The file was moved to '49296cb6.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047964.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488867e7.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP245\A0047967.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '49296cb7.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP249\A0049291.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.dnw Backdoor server programs
[NOTE] The file was moved to '48886805.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP249\A0049292.dll
[DETECTION] Is the Trojan horse TR/Drop.Softomat.AN
[NOTE] The file was moved to '49296356.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP253\A0049787.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.NirCmd.D
[DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072
[DETECTION] Contains detection pattern of the SPR/Tool.PV program
[NOTE] The file was moved to '48886837.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP253\A0049788.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[NOTE] The file was moved to '49296368.qua'!
C:\System Volume Information\_restore{685E8917-F4C2-4917-B853-9933DBB20427}\RP253\A0049789.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48886839.qua'!
C:\Rustbfix\avenger.exe
[DETECTION] Contains detection pattern of the SPR/Avenger program
[NOTE] The file was moved to '48bd68d1.qua'!
Begin scan in 'D:\' <ACERDATA>

End of the scan: mardi 17 juin 2008 22:23
Used time: 2:06:42 min

The scan has been done completely.

6443 Scanning directories
205090 Files were scanned
43 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
39 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
205047 Files not concerned
7525 Archives were scanned
1 Warnings
39 Notes

Merci
0
Réponse 24 / 28
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonjour Asstractor

Vide la quarantaine d'Antivir

* Clique droit sur Antivir dans la barre des taches (en bas a droite) puis "Start Antivir", clique sur « Administration » puis sur "Quarantine", clique sur une des lignes des détections qui y sont présentes puis ctrl-a afin de sélectionner l'ensemble du contenu de la quarantaine puis clique sur le symbole poubelle, une fenêtre va s'ouvrir "Are you sure you want to delete the selected object(s) from quarantine". Confirme la suppression par oui.
Ferme Antivir.

Vide la quarantaine de Malwarebytes' Anti-Malware

Clique sur le raccourci de Malwarebytes' Anti-Malware , puis sur Quarantaine, clique sur "Tout supprimer"

Peux tu me poster un nouveau rapport HijackThis stp.

@ suivre.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
asstractor
 
voici le log hijackthisthis suite à la suppression des éléments en quarantaine dans Malwarebytes et Avira.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:28, on 19/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.wikipedia.org/wiki/Accueil
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Excentrix.lnk = C:\WINDOWS\Excentrix\Excentrix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O24 - Desktop Component 2: (no name) - http://join2day.com/abc/S/shishkin/shishkin23.JPG
O24 - Desktop Component 3: (no name) - http://join2day.com/abc/S/shishkin/shishkin6.JPG
0
Réponse 26 / 28
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonjour asstractor

C'est du bon boulot .

Il reste deux services de Norton/ Symantec

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

Démarrer / Paramètres / Panneau de configuration et dans Ajout/Suppression de programmes , clique sur la ligne du programme à désinstaller Planificateur LiveUpdate automatique ou LiveUpdate puis clique sur supprimer et suis les demandes de la boite de dialogue qui s'ouvrira afin d'amener la désinstallation à son terme.
(S'il ne figure pas dans la liste des programmes va voir dans C:\Program Files\Symantec\LiveUpdateet cherche un Uninstall afin de lancer la désinstallation de ce programme.)

Par la suite supprime le dossier C:\Program Files\Symantec <-- Ce dossier en gras.

Tu peux utiliser cet outils pour supprimer le reste des traces de Symantec :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Fais redémarrer ton PC après tout cela et poste un autre rapport HijackThis en réponse.

@ suivre.
0
Réponse 27 / 28
asstractor
 
je crois avoir enlevé toute trace de Norton. Voici le log Hijackthis, merci.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:31, on 27/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\DOCUME~1\DAVIDM~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.wikipedia.org/wiki/Accueil
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Excentrix.lnk = C:\WINDOWS\Excentrix\Excentrix.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5d86ddb5-bdf9-441b-9e9e-d4730f4ee499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O24 - Desktop Component 2: (no name) - http://join2day.com/abc/S/shishkin/shishkin23.JPG
O24 - Desktop Component 3: (no name) - http://join2day.com/abc/S/shishkin/shishkin6.JPG
0
Réponse 28 / 28
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Hello asstractor

Bien joué.

Derniers efforts avant conclusion :

1) ToolsCleaner de A.Rothstein

On va supprimer toutes les traces des logiciels que nous avons utilisés qui traitent des infections spécifiques et ceci grâce a ToolsCleaner de A.Rothstein

Télécharge le http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe sur ton Bureau.
* Double-clique sur ToolsCleaner2.exe et laisse-le travailler
* Clique sur Recherche et laisse-le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.

--> Poste moi le rapport de ToolsCleaner ( qui se trouve à la racine de ton disque dur (C:\TCleaner.txt)

2) Scan en ligne chez Bitdefender

Aide toi de ce Tuto (merci Morgane) http://pageperso.aol.fr/loraline60/bitdefender_scan.htm

* Fais un scan antivirus en ligne https://www.bitdefender.fr/ avec IE et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

Poste en réponse le rapport de scan qui se trouve ici C:\windows\bdoscan8\scanres.txt ou scanres.html

@ suivre car il restera des conseils de sécurité à appliquer.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses