Sujet Précédent Sujet Suivant

Pb windows firewall et security center

Résolu
arnaud -  
 Utilisateur anonyme -
Bonjour,

j'ai deux messages qui s'affichent tout le tps sur mon ordi: "Excessive SMTP email traffic has been detected. Probable Spambot infection. Do you wish to scan spambot type malware now? (recommended)" et un message de Windows security center me disant qu'il faut absolument que j'installe un antivirus, et ils me renvoient sur le site de SpyShredder.

j'ai vu que qq'1 avait deja eu le meme type de pb (cf http://www.commentcamarche.net/forum/affich 6477861 help need somebody) donc j'ai essayé de le résoudre en suivant les indications, cad en installant COMBOFIX, mais rien ne passe. je vous mets le rapport:

ComboFix 08-06-16.2 - nono 2008-06-17 12:04:32.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1120 [GMT 2:00]
Endroit: C:\Users\nono\Desktop\ComboFix.exe
Command switches used :: C:\Users\nono\Desktop\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\WINDOWS\epfg.exe
C:\WINDOWS\esta.exe
C:\WINDOWS\mdtgkswr.exe
C:\WINDOWS\nldfmtappek.dll
C:\WINDOWS\oadkxrts.exe
C:\WINDOWS\pxgdslro.dll
C:\WINDOWS\system32\wvUoNfcD.dll
C:\WINDOWS\unins001.dat
C:\WINDOWS\unins001.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 09:10 --------- d-----w C:\Users\nono\AppData\Roaming\Nvu
2008-06-17 09:09 --------- d-----w C:\Program Files\Nvu
2008-06-17 08:36 --------- d-----w C:\Program Files\PCHealthCenter
2008-06-16 22:36 94,208 ----a-w C:\Windows\exwd.exe
2008-06-16 22:36 81,920 ----a-w C:\Windows\neltabxw.exe
2008-06-16 22:36 229,376 ----a-w C:\Windows\wpvmqosg.dll
2008-06-16 22:36 180,224 ----a-w C:\Windows\xvorfwbd.dll
2008-06-16 17:58 42,174 ----a-w C:\Users\nono\AppData\Roaming\nvModes.dat
2008-06-16 15:18 31,744 ----a-w C:\Sys96DE.exe
2008-06-16 15:18 31,744 ----a-w C:\Sys9642.exe
2008-06-16 15:18 30,720 ----a-w C:\Sys9825.exe
2008-06-16 15:18 30,208 ----a-w C:\Sys977A.exe
2008-06-16 10:22 18,944 ----a-w C:\Windows\eraser.exe
2008-06-16 10:22 --------- d-----w C:\Program Files\LeechFTP
2008-05-31 08:01 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-31 08:01 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-31 08:01 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-31 08:01 --------- d-----w C:\Program Files\Symantec
2008-05-26 21:34 --------- d-----w C:\Users\nono\AppData\Roaming\gtk-2.0
2008-05-08 21:33 --------- d-----w C:\ProgramData\Symantec
2008-04-29 14:25 --------- d-----w C:\Users\nono\AppData\Roaming\Skype
2008-04-18 10:41 --------- d-----w C:\Users\nono\AppData\Roaming\dvdcss
2007-09-06 13:45 92,064 ----a-w C:\Users\nono\mqdmmdm.sys
2007-09-06 13:45 9,232 ----a-w C:\Users\nono\mqdmmdfl.sys
2007-09-06 13:45 79,328 ----a-w C:\Users\nono\mqdmserd.sys
2007-09-06 13:45 66,656 ----a-w C:\Users\nono\mqdmbus.sys
2007-09-06 13:45 6,208 ----a-w C:\Users\nono\mqdmcmnt.sys
2007-09-06 13:45 5,936 ----a-w C:\Users\nono\mqdmwhnt.sys
2007-09-06 13:45 4,048 ----a-w C:\Users\nono\mqdmcr.sys
2007-09-06 13:45 25,600 ----a-w C:\Users\nono\usbsermptxp.sys
2007-09-06 13:45 22,768 ----a-w C:\Users\nono\usbsermpt.sys
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
2007-12-02 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-02 13:25 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-02 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-17_11.49.15.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 09:41:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-17 10:19:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-17 10:19:47 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-17 08:57:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-17 10:17:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-17 08:57:09 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-17 10:17:49 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-17 08:57:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-17 10:17:49 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-16 07:29:57 43,378 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-17 10:00:13 43,664 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{778DC3F7-1699-4A2F-8D32-143C0D00854C}"= "C:\Windows\vrmdtneg.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{778dc3f7-1699-4a2f-8d32-143c0d00854c}]
[HKEY_CLASSES_ROOT\vrmdtneg.1]
[HKEY_CLASSES_ROOT\TypeLib\{8BE255A8-2C24-4969-A642-1BE88EFD6986}]
[HKEY_CLASSES_ROOT\vrmdtneg]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"e"="\exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:07 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:17 22696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-28 13:04 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-28 13:04 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-28 13:04 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 22:37 174872]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-07-26 02:12 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-07-26 02:12 33136]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Sys9642.exe"="C:\Sys9642.exe" [2008-06-16 17:18 31744]
"Sys96DE.exe"="C:\Sys96DE.exe" [2008-06-16 17:18 31744]
"Sys977A.exe"="C:\Sys977A.exe" [2008-06-16 17:18 30208]
"Sys9825.exe"="C:\Sys9825.exe" [2008-06-16 17:18 30720]
"Antivirus"="C:\Program Files\VAV\vav.exe" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3B62CA4B-3794-4A44-88D8-2AEE76E79727}"= C:\Windows\system32\opnnkjiG.dll [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"xvorfwbd"= {7A4D84AF-70CD-46FD-86B2-23CE9B37D6E3} - C:\Windows\xvorfwbd.dll [2008-06-17 00:36 180224]
"wpvmqosg"= {CF4F3434-D12B-4816-A1CD-A26DE9425B31} - C:\Windows\wpvmqosg.dll [2008-06-17 00:36 229376]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
--a------ 2007-09-12 18:27 492912 C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-26 20:42 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-26 21:12 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a------ 2007-01-16 00:17 778240 C:\Program Files\PowerForPhone\PowerForPhone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-11-22 11:31 630784 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-06 11:42 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
C:\Program Files\WeatherCast\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3353BEB9-1330-4950-BB23-92888E82212C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A68657CA-791D-41C8-82E5-4A0B7CD7B10A}"= UDP:C:\Novell\GroupWise\grpwise.exe:Novell GroupWise
"{E33B9339-780D-4FEA-B3D3-3DA315ED2E33}"= TCP:C:\Novell\GroupWise\grpwise.exe:Novell GroupWise
"{AF9030DC-15FA-462F-A0DE-CC68F2B13801}"= UDP:C:\Novell\GroupWise\notify.exe:Novell Notify
"{FDD1B18C-1BE0-48B1-BAE6-BCB2AC96FAA8}"= TCP:C:\Novell\GroupWise\notify.exe:Novell Notify
"{FF1CA7BC-211A-43BB-9427-D3A29C7774EE}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{DBE15304-DCB5-42D0-8717-07CCD2566B11}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{C9DCCC6B-9FEF-4E33-B398-03AF7DD3987B}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{FF4E9386-55BE-44B3-B23A-90D51ED93DC8}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{FDA6D3B3-0EFB-4098-A84C-AB8CC7EA2487}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B0A9105F-5778-4C00-9690-CCD7073FA528}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E7EAC69A-E5E0-4EC2-BF5F-358B987B003D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F4967F72-278C-4A44-9884-7D9F5E02D5CB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BD6AFBB0-0A10-47EB-A61C-037FB9F3BD89}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071127.002\IDSvix86.sys [2007-11-06 18:07]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 09:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7553c1d5-c35f-11dc-9441-000000000000}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\delautorun.bat
\shell\ɱ¶¾(&K)\command - F:\delautorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdc4eaa8-00e9-11dd-b2ae-000000000000}]
\shell\AutoRun\command - copetttt.com
\shell\explore\Command - copetttt.com
\shell\open\Command - copetttt.com

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-18 15:15:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-13 18:05:12 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - nono.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 12:19:44
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\ADSM_PData_0150

Scan terminé avec succès
Les fichiers cachés: 1

Merci de votre aide !!!
A voir également:

36 réponses

Précédent
  • 1
  • 2
Réponse 21 / 36
Utilisateur anonyme
 
ok cool mais il me faut un rapport hijackthis pour voir si toutes les saloperies ont disparues ou pa
0
Réponse 22 / 36
arnaud
 
le voila

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:57:15, on 17/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ASScrPro.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Nvu\nvu.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\notepad.exe
C:\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:\Windows\vrmdtneg.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [e] \exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 23 / 36
Utilisateur anonyme
 
IL TE RESTE des merdes :

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

0
Réponse 24 / 36
arnaud
 
ComboFix 08-06-16.2 - nono 2008-06-17 16:03:45.3 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1287 [GMT 2:00]
Endroit: C:\Users\nono\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 12:09 --------- d-----w C:\Users\nono\AppData\Roaming\Malwarebytes
2008-06-17 12:09 --------- d-----w C:\ProgramData\Malwarebytes
2008-06-17 12:09 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 12:01 691 ----a-w C:\Users\nono\AppData\Roaming\GetValue.vbs
2008-06-17 12:01 35 ----a-w C:\Users\nono\AppData\Roaming\SetValue.bat
2008-06-17 11:32 --------- d-----w C:\Users\nono\AppData\Roaming\gtk-2.0
2008-06-17 09:10 --------- d-----w C:\Users\nono\AppData\Roaming\Nvu
2008-06-17 09:09 --------- d-----w C:\Program Files\Nvu
2008-06-17 08:36 --------- d-----w C:\Program Files\PCHealthCenter
2008-06-16 17:58 42,174 ----a-w C:\Users\nono\AppData\Roaming\nvModes.dat
2008-06-16 10:22 18,944 ----a-w C:\Windows\eraser.exe
2008-06-16 10:22 --------- d-----w C:\Program Files\LeechFTP
2008-06-10 17:02 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-10 17:02 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-31 08:01 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-31 08:01 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-31 08:01 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-31 08:01 --------- d-----w C:\Program Files\Symantec
2008-05-08 21:33 --------- d-----w C:\ProgramData\Symantec
2008-04-29 14:25 --------- d-----w C:\Users\nono\AppData\Roaming\Skype
2008-04-18 10:41 --------- d-----w C:\Users\nono\AppData\Roaming\dvdcss
2007-09-06 13:45 92,064 ----a-w C:\Users\nono\mqdmmdm.sys
2007-09-06 13:45 9,232 ----a-w C:\Users\nono\mqdmmdfl.sys
2007-09-06 13:45 79,328 ----a-w C:\Users\nono\mqdmserd.sys
2007-09-06 13:45 66,656 ----a-w C:\Users\nono\mqdmbus.sys
2007-09-06 13:45 6,208 ----a-w C:\Users\nono\mqdmcmnt.sys
2007-09-06 13:45 5,936 ----a-w C:\Users\nono\mqdmwhnt.sys
2007-09-06 13:45 4,048 ----a-w C:\Users\nono\mqdmcr.sys
2007-09-06 13:45 25,600 ----a-w C:\Users\nono\usbsermptxp.sys
2007-09-06 13:45 22,768 ----a-w C:\Users\nono\usbsermpt.sys
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
2007-12-02 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-02 13:25 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-02 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-17_11.49.15.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 09:40:32 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-06-17 13:34:10 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-06-17 09:40:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-06-17 13:34:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-06-17 09:40:34 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-06-17 13:34:12 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-06-17 09:41:14 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-17 13:36:14 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
+ 2008-06-17 13:36:14 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-06-17 09:41:09 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-17 14:21:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-17 14:21:39 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-06-17 12:17:34 4,642 ----a-w C:\Windows\SoftwareDistribution\EventCache\{170CBC76-E95B-4C19-A44D-7986183843B7}.bin
+ 2008-06-17 11:42:06 81,920 ----a-w C:\Windows\System32\404Fix.exe
- 2008-06-17 09:40:56 45,056 ----a-w C:\Windows\System32\acovcnt.exe
+ 2008-06-17 13:34:33 45,056 ----a-w C:\Windows\System32\acovcnt.exe
- 2008-06-17 08:57:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-17 13:39:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-17 08:57:09 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-17 13:39:53 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-17 08:57:09 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-17 13:39:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-17 11:42:06 51,200 ----a-w C:\Windows\System32\dumphive.exe
+ 2008-06-17 11:42:07 81,920 ----a-w C:\Windows\System32\IEDFix.C.exe
+ 2008-06-17 11:42:07 82,944 ----a-w C:\Windows\System32\IEDFix.exe
- 2008-06-13 17:48:22 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-17 13:58:37 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-13 17:48:22 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-17 13:58:37 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-13 17:48:22 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-17 13:58:37 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-13 17:48:22 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-17 13:58:37 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-17 11:42:07 53,248 ----a-w C:\Windows\System32\Process.exe
- 2008-06-17 09:39:25 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-06-17 12:13:51 6,029,312 ----a-w C:\Windows\System32\SMI\Store\Machine\schema.dat
+ 2008-06-17 11:42:07 288,417 ----a-w C:\Windows\System32\SrchSTS.exe
+ 2008-06-17 11:42:08 86,528 ----a-w C:\Windows\System32\VACFix.exe
+ 2008-06-17 11:42:09 289,144 ----a-w C:\Windows\System32\VCCLSID.exe
- 2008-06-17 09:44:36 11,784 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2729305298-1900189080-1592704056-1000_UserData.bin
+ 2008-06-17 13:36:48 12,070 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2729305298-1900189080-1592704056-1000_UserData.bin
- 2008-06-17 09:44:34 72,942 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-06-17 13:36:45 73,068 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-06-16 07:29:57 43,378 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-17 13:36:37 43,806 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-06-17 11:42:09 25,600 ----a-w C:\Windows\System32\WS2Fix.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{778DC3F7-1699-4A2F-8D32-143C0D00854C}"= "C:\Windows\vrmdtneg.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{778dc3f7-1699-4a2f-8d32-143c0d00854c}]
[HKEY_CLASSES_ROOT\vrmdtneg.1]
[HKEY_CLASSES_ROOT\TypeLib\{8BE255A8-2C24-4969-A642-1BE88EFD6986}]
[HKEY_CLASSES_ROOT\vrmdtneg]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"e"="\exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:07 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:17 22696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-28 13:04 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-28 13:04 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-28 13:04 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 22:37 174872]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-07-26 02:12 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-07-26 02:12 33136]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Antivirus"="C:\Program Files\VAV\vav.exe" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3B62CA4B-3794-4A44-88D8-2AEE76E79727}"= C:\Windows\system32\opnnkjiG.dll [ ]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
--a------ 2007-09-12 18:27 492912 C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-26 20:42 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-26 21:12 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a------ 2007-01-16 00:17 778240 C:\Program Files\PowerForPhone\PowerForPhone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-11-22 11:31 630784 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-06 11:42 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
C:\Program Files\WeatherCast\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3353BEB9-1330-4950-BB23-92888E82212C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A68657CA-791D-41C8-82E5-4A0B7CD7B10A}"= UDP:C:\Novell\GroupWise\grpwise.exe:Novell GroupWise
"{E33B9339-780D-4FEA-B3D3-3DA315ED2E33}"= TCP:C:\Novell\GroupWise\grpwise.exe:Novell GroupWise
"{AF9030DC-15FA-462F-A0DE-CC68F2B13801}"= UDP:C:\Novell\GroupWise\notify.exe:Novell Notify
"{FDD1B18C-1BE0-48B1-BAE6-BCB2AC96FAA8}"= TCP:C:\Novell\GroupWise\notify.exe:Novell Notify
"{FF1CA7BC-211A-43BB-9427-D3A29C7774EE}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{DBE15304-DCB5-42D0-8717-07CCD2566B11}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{C9DCCC6B-9FEF-4E33-B398-03AF7DD3987B}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{FF4E9386-55BE-44B3-B23A-90D51ED93DC8}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{FDA6D3B3-0EFB-4098-A84C-AB8CC7EA2487}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B0A9105F-5778-4C00-9690-CCD7073FA528}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E7EAC69A-E5E0-4EC2-BF5F-358B987B003D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F4967F72-278C-4A44-9884-7D9F5E02D5CB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BD6AFBB0-0A10-47EB-A61C-037FB9F3BD89}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071127.002\IDSvix86.sys [2007-11-06 18:07]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 09:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7553c1d5-c35f-11dc-9441-000000000000}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\delautorun.bat
\shell\ɱ¶¾(&K)\command - F:\delautorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdc4eaa8-00e9-11dd-b2ae-000000000000}]
\shell\AutoRun\command - copetttt.com
\shell\explore\Command - copetttt.com
\shell\open\Command - copetttt.com

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-18 15:15:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-13 18:05:12 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - nono.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 16:21:29
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\ADSM_PData_0150

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
Temps d'accomplissement: 2008-06-17 16:26:55
ComboFix-quarantined-files.txt 2008-06-17 14:26:44
ComboFix2.txt 2008-06-17 10:23:20
ComboFix3.txt 2008-06-17 09:49:54

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

229 --- E O F --- 2008-06-16 07:34:14
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 36
Utilisateur anonyme
 
Copie le texte ci-dessous :

File::
C:\Windows\System32\404Fix.exe
C:\Windows\System32\dumphive.exe
C:\Windows\System32\IEDFix.C.exe
C:\Windows\System32\IEDFix.exe
C:\Windows\System32\perfc009.dat
C:\Windows\System32\perfc009.dat
C:\Windows\System32\perfc00C.dat
C:\Windows\System32\perfc00C.dat
C:\Windows\System32\perfh009.dat
C:\Windows\System32\perfh009.dat
C:\Windows\System32\perfh00C.dat
C:\Windows\System32\perfh00C.dat
C:\Windows\System32\Process.exe
C:\Windows\System32\SrchSTS.exe
C:\Windows\System32\VACFix.exe
C:\Windows\System32\VCCLSID.exe
C:\Windows\System32\WS2Fix.exe
C:\Windows\vrmdtneg.dll

Folder::
C:\Program Files\VAV

Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{778DC3F7-1699-4A2F-8D32-143C0D00854C}"=-
[-HKEY_CLASSES_ROOT\clsid\{778dc3f7-1699-4a2f-8d32-143c0d00854c}]
[HKEY_CLASSES_ROOT\vrmdtneg.1]
[-HKEY_CLASSES_ROOT\TypeLib\{8BE255A8-2C24-4969-A642-1BE88EFD6986}]
[HKEY_CLASSES_ROOT\vrmdtneg]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
0
Réponse 26 / 36
arnaud
 
rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:26:37, on 17/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ASScrPro.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\System32\mobsync.exe
C:\Hijackthis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: vrmdtneg - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - C:\Windows\vrmdtneg.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Antivirus] C:\Program Files\VAV\vav.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [e] \exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 27 / 36
arnaud
 
et le rapport combo

ComboFix 08-06-16.2 - nono 2008-06-17 16:53:33.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1212 [GMT 2:00]
Endroit: C:\Users\nono\Desktop\ComboFix.exe
Command switches used :: C:\Users\nono\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((( Fichiers créés 2008-05-17 to 2008-06-17 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-17 12:09 --------- d-----w C:\Users\nono\AppData\Roaming\Malwarebytes
2008-06-17 12:09 --------- d-----w C:\ProgramData\Malwarebytes
2008-06-17 12:09 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-17 12:01 691 ----a-w C:\Users\nono\AppData\Roaming\GetValue.vbs
2008-06-17 12:01 35 ----a-w C:\Users\nono\AppData\Roaming\SetValue.bat
2008-06-17 11:32 --------- d-----w C:\Users\nono\AppData\Roaming\gtk-2.0
2008-06-17 09:10 --------- d-----w C:\Users\nono\AppData\Roaming\Nvu
2008-06-17 09:09 --------- d-----w C:\Program Files\Nvu
2008-06-17 08:36 --------- d-----w C:\Program Files\PCHealthCenter
2008-06-16 17:58 42,174 ----a-w C:\Users\nono\AppData\Roaming\nvModes.dat
2008-06-16 10:22 18,944 ----a-w C:\Windows\eraser.exe
2008-06-16 10:22 --------- d-----w C:\Program Files\LeechFTP
2008-06-10 17:02 34,296 ----a-w C:\Windows\system32\drivers\mbamcatchme.sys
2008-06-10 17:02 15,864 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-05-31 08:01 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-31 08:01 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-31 08:01 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-31 08:01 --------- d-----w C:\Program Files\Symantec
2008-05-08 21:33 --------- d-----w C:\ProgramData\Symantec
2008-04-29 14:25 --------- d-----w C:\Users\nono\AppData\Roaming\Skype
2008-04-18 10:41 --------- d-----w C:\Users\nono\AppData\Roaming\dvdcss
2007-09-06 13:45 92,064 ----a-w C:\Users\nono\mqdmmdm.sys
2007-09-06 13:45 9,232 ----a-w C:\Users\nono\mqdmmdfl.sys
2007-09-06 13:45 79,328 ----a-w C:\Users\nono\mqdmserd.sys
2007-09-06 13:45 66,656 ----a-w C:\Users\nono\mqdmbus.sys
2007-09-06 13:45 6,208 ----a-w C:\Users\nono\mqdmcmnt.sys
2007-09-06 13:45 5,936 ----a-w C:\Users\nono\mqdmwhnt.sys
2007-09-06 13:45 4,048 ----a-w C:\Users\nono\mqdmcr.sys
2007-09-06 13:45 25,600 ----a-w C:\Users\nono\usbsermptxp.sys
2007-09-06 13:45 22,768 ----a-w C:\Users\nono\usbsermpt.sys
2006-11-02 12:50 174 --sha-w C:\Program Files\desktop.ini
2007-12-02 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-02 13:25 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-02 13:25 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-06-17_16.26.28,24 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-17 14:21:39 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-17 15:10:44 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
+ 2008-06-17 15:10:44 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-06-17 13:39:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-06-17 14:39:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-06-17 13:39:53 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-06-17 14:39:08 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-17 13:39:53 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-06-17 14:39:08 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-06-17 13:58:37 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-06-17 14:48:14 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-06-17 13:58:37 117,572 ----a-w C:\Windows\System32\perfc00C.dat
+ 2008-06-17 14:48:14 117,572 ----a-w C:\Windows\System32\perfc00C.dat
- 2008-06-17 13:58:37 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-06-17 14:48:14 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-17 13:58:37 690,832 ----a-w C:\Windows\System32\perfh00C.dat
+ 2008-06-17 14:48:14 690,832 ----a-w C:\Windows\System32\perfh00C.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{778DC3F7-1699-4A2F-8D32-143C0D00854C}"= "C:\Windows\vrmdtneg.dll" [ ]

[HKEY_CLASSES_ROOT\clsid\{778dc3f7-1699-4a2f-8d32-143c0d00854c}]
[HKEY_CLASSES_ROOT\vrmdtneg.1]
[HKEY_CLASSES_ROOT\TypeLib\{8BE255A8-2C24-4969-A642-1BE88EFD6986}]
[HKEY_CLASSES_ROOT\vrmdtneg]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:36 201728]
"e"="\exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-24 23:07 107112]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 01:17 22696]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-28 13:04 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-28 13:04 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-28 13:04 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 11:07 4390912 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 15:24 857648]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 22:37 174872]
"ASUS Camera ScreenSaver"="C:\Windows\ASScrProlog.exe" [2007-07-26 02:12 37232]
"ASUS Screen Saver Protector"="C:\Windows\ASScrPro.exe" [2007-07-26 02:12 33136]
"ATKMEDIA"="C:\Program Files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 17:27 61440]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 15:18 267048]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"Antivirus"="C:\Program Files\VAV\vav.exe" [ ]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{3B62CA4B-3794-4A44-88D8-2AEE76E79727}"= C:\Windows\system32\opnnkjiG.dll [ ]

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALUAlert]
--a------ 2007-09-12 18:27 492912 C:\Program Files\Symantec\LiveUpdate\ALuNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-03-26 20:42 1057328 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-26 21:12 161328 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a------ 2007-01-16 00:17 778240 C:\Program Files\PowerForPhone\PowerForPhone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
--a------ 2006-11-22 11:31 630784 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-09-06 11:42 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherCast]
C:\Program Files\WeatherCast\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhenUSave]
C:\Program Files\Save\Save.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3353BEB9-1330-4950-BB23-92888E82212C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{A68657CA-791D-41C8-82E5-4A0B7CD7B10A}"= UDP:C:\Novell\GroupWise\grpwise.exe:Novell GroupWise
"{E33B9339-780D-4FEA-B3D3-3DA315ED2E33}"= TCP:C:\Novell\GroupWise\grpwise.exe:Novell GroupWise
"{AF9030DC-15FA-462F-A0DE-CC68F2B13801}"= UDP:C:\Novell\GroupWise\notify.exe:Novell Notify
"{FDD1B18C-1BE0-48B1-BAE6-BCB2AC96FAA8}"= TCP:C:\Novell\GroupWise\notify.exe:Novell Notify
"{FF1CA7BC-211A-43BB-9427-D3A29C7774EE}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{DBE15304-DCB5-42D0-8717-07CCD2566B11}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16\spss.exe:SPSS 16.0 for Windows (1033:exe)
"{C9DCCC6B-9FEF-4E33-B398-03AF7DD3987B}"= Disabled:UDP:C:\Program Files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{FF4E9386-55BE-44B3-B23A-90D51ED93DC8}"= Disabled:TCP:C:\Program Files\SPSSInc\SPSS16\spss.com:SPSS 16.0 for Windows (1033:com)
"{FDA6D3B3-0EFB-4098-A84C-AB8CC7EA2487}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B0A9105F-5778-4C00-9690-CCD7073FA528}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{E7EAC69A-E5E0-4EC2-BF5F-358B987B003D}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{F4967F72-278C-4A44-9884-7D9F5E02D5CB}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BD6AFBB0-0A10-47EB-A61C-037FB9F3BD89}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20071127.002\IDSvix86.sys [2007-11-06 18:07]
R3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 09:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7553c1d5-c35f-11dc-9441-000000000000}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\delautorun.bat
\shell\ɱ¶¾(&K)\command - F:\delautorun.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bdc4eaa8-00e9-11dd-b2ae-000000000000}]
\shell\AutoRun\command - copetttt.com
\shell\explore\Command - copetttt.com
\shell\open\Command - copetttt.com

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-18 15:15:00 C:\Windows\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-06-13 18:05:12 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - nono.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-17 17:10:45
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

C:\ADSM_PData_0150

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
Temps d'accomplissement: 2008-06-17 17:16:09
ComboFix-quarantined-files.txt 2008-06-17 15:15:59
ComboFix2.txt 2008-06-17 14:26:56
ComboFix3.txt 2008-06-17 10:23:20
ComboFix4.txt 2008-06-17 09:49:54

Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

200 --- E O F --- 2008-06-16 07:34:14
0
Réponse 28 / 36
Utilisateur anonyme
 
télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en gras ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

C:\Windows\System32\perfc009.dat
C:\Windows\System32\perfc009.dat
C:\Windows\System32\perfc00C.dat
C:\Windows\System32\perfc00C.dat
C:\Windows\System32\perfh009.dat
C:\Windows\System32\perfh009.dat
C:\Windows\System32\perfh00C.dat
C:\Windows\System32\perfh00C.dat
C:\Windows\vrmdtneg.dll
C:\Program Files\VAV\

clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
0
Réponse 29 / 36
arnaud
 
voila ce que ca donne

C:\Windows\System32\perfc009.dat moved successfully.
File/Folder C:\Windows\System32\perfc009.dat not found.
C:\Windows\System32\perfc00C.dat moved successfully.
File/Folder C:\Windows\System32\perfc00C.dat not found.
C:\Windows\System32\perfh009.dat moved successfully.
File/Folder C:\Windows\System32\perfh009.dat not found.
C:\Windows\System32\perfh00C.dat moved successfully.
File/Folder C:\Windows\System32\perfh00C.dat not found.
File/Folder C:\Windows\vrmdtneg.dll not found.
Folder C:\Program Files\VAV\ not found.

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06172008_195723
0
Réponse 30 / 36
Utilisateur anonyme
 
on va devoir refaire combofix

Copie le texte ci-dessous :

File::
C:\Windows\vrmdtneg.dll

Folder::
C:\Program Files\VAV

Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{778DC3F7-1699-4A2F-8D32-143C0D00854C}"=-
[-HKEY_CLASSES_ROOT\clsid\{778dc3f7-1699-4a2f-8d32-143c0d00854c}]
[HKEY_CLASSES_ROOT\vrmdtneg.1]
[-HKEY_CLASSES_ROOT\TypeLib\{8BE255A8-2C24-4969-A642-1BE88EFD6986}]
[HKEY_CLASSES_ROOT\vrmdtneg]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"e"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Antivirus"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

0
Réponse 31 / 36
arnaud
 
resultats

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:06, on 17/06/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\ASScrPro.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: (no name) - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - (no file)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
0
Réponse 32 / 36
Utilisateur anonyme
 
cette fois le fix est passé

réouvre hijackthis
fais scan only
coche cette ligne

O3 - Toolbar: (no name) - {778DC3F7-1699-4A2F-8D32-143C0D00854C} - (no file)

et clic sur fix checked

ensuite désinstal java car pas a jours et telecharge et instal cette version :

https://www.java.com/fr/download/manual.jsp

ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

ensuite :

telecharge et instal regcleaner:

http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html

tutorial :

https://forums.cnetfrance.fr

http://www.softastuces.com/tuto/maint/regcleaner/

ensuite :

Télecharge et instal AVG anti spyware:

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

instal le et met le a jours

ensuite lance le scan et supprime

puis poste le rapport sur le forum stp

et pour finir ;

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe
http://a-rothstein.changelog.fr/TC/ToolsCleaner2.exe

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

0
Réponse 33 / 36
arnaud
 
-->- Recherche:

C:\Combofix: trouvé !
C:\HijackThis: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Hijackthis\HijackThis.exe: trouvé !
C:\Users\nono\Desktop\OtMoveIt2.exe: trouvé !
C:\Users\nono\Desktop\ComboFix.exe: trouvé !
C:\Users\nono\Desktop\SmitFraudfix: trouvé !
C:\Users\nono\Desktop\SmitfraudFix\SmitFraudfix: trouvé !

---------------------------------
-->- Suppression:

C:\Hijackthis\HijackThis.exe: supprimé !
C:\Users\nono\Desktop\OtMoveIt2.exe: supprimé !
C:\Users\nono\Desktop\ComboFix.exe: supprimé !
C:\Combofix: ERREUR DE SUPPRESSION !!
C:\HijackThis: supprimé !
C:\Qoobox: ERREUR DE SUPPRESSION !!
C:\_OtMoveIt: supprimé !
C:\Users\nono\Desktop\SmitFraudfix: supprimé !
0
Réponse 34 / 36
Utilisateur anonyme
 
va dans ordinateur
entre dans le disque C

Supprime : C:\Combofix et : C:\Qoobox

si tu n as pas d autres soucis change le statut du sujet en resolu stp
0
Réponse 35 / 36
arnaud
 
merci bcp pour ton aide !!!
0
Réponse 36 / 36
Utilisateur anonyme
 
de rien ciao et bon surf !!
0