virus sans aucun solution

Question

Bonjour,

depuis quelque semaine j'ai un verus sur mon ordinateur que je n'arrive plus a m'en debarasser malgré l'utilisation de plusieurs utilities de scan anti virus comme spywarefoctor ou lavasoft adawre 
.

j'ai pris une snapshot de l'alert que l'anitivirus ESET NOD32 m'envoie tous les 5 minute :
http://www.4wfi.com/sshot-20.png

le problem si que dés cette alerte,  le navigateur se bloque pour 5 minute et ma connection adsl montre un voulme  de transmission de donné maximum alors que je transmis ne rien du tous.
je pense que ce virus collecte des information et  l'envoie tous les 5 minutes.
 
.

taggert · Answer

voici mon hjackthis file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:41, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AutoMate 6\AMEM.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
D:\KeYre\KeyRemapper\KeyRemapper.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\AutoMate 6\AMTS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\Arcade Classic Pack\Arcade!.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\WinSnap\WinSnap.exe
C:\Program Files\Notepad++
otepad++.exe
C:\Program Files\FileZilla\FileZilla.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {ACC51D34-1F0C-452F-AD37-6817A32DD737} - C:\WINDOWS\system32\dpla.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AutoMate6] C:\Program Files\AutoMate 6\AMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [smtpsrv] C:\Program Files\Local SMTP Server Pro\SMTPServer.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [KeyMapperStarup] D:\KeYre\KeyRemapper\KeyRemapper.exe  /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: Workspace Macro Pro Hotkeys.lnk = C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O18 - Filter hijack: text/html - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AutoMate 6 (AutoMate6) - Network Automation, Inc. - C:\Program Files\AutoMate 6\AMTS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Utilisateur anonyme · Answer

formate ton pc.sauvegarde tes donner sur dvd ou cle usb

Utilisateur anonyme · Answer

Salut 

habites tu au maroc ??

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 


-> Double clique combofix.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil. 

Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message. 

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

taggert · Answer

salut Chiquitine29 oui je vit au maroc voici le rapport de cambofix ComboFix 08-07-08.9 - Administrateur 2008-07-09 19:57:44.1 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.2.1256.965.1036.18.250 [GMT 0:00] Endroit: D:\software\ComboFix.exe * Création d'un nouveau point de restauration * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RةCUPةRATION N'EST PAS INSTALLةE SUR CETTE MACHINE !![/b][/color] . /wow section - STAGE 40 pv: No matching processes found La syntaxe de la commande est incorrecte. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\592344msHTMLEdit.html C:\WINDOWS\Downloaded Program Files\setup.inf C:\WINDOWS\system32\dpla.dll . . . . Echec de suppression . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FCI ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))))))) . 2008-07-09 19:46 . 2008-07-09 19:46 103,179 --a------ C:\TPS-2008-7-9.rar 2008-07-08 23:03 . 2008-07-08 23:04 15,517,321 --a------ C:\funny.rar 2008-07-08 22:19 . 2008-07-08 22:19 18,929,752 --a------ C:\FunnyPictures.synatex_projectw.org.rar 2008-07-07 19:08 . 2008-07-07 19:08 d-------- C:\Echosmar1240 Tps daily 2008-07-07 19:08 . 2008-07-07 19:08 103,230 --a------ C:\TPS TOOL.rar 2008-07-07 19:07 . 2008-07-07 19:07 851,501 --a------ C:\Echosmar1240 Tps daily.rar 2008-07-07 09:49 . 2008-07-07 09:49 3,951 --a------ C:\partners.php 2008-07-06 19:39 . 2008-07-06 19:39 d-------- C:\Program Files\FlickrDown 2008-07-06 19:39 . 2008-07-06 19:39 159,628 --a------ C:\WINDOWS\FlickrDown Uninstaller.exe 2008-07-06 19:32 . 2008-07-06 19:32 d-------- C:\NancyAjram 2008-07-05 16:56 . 2008-07-05 16:56 d--hs---- C:\FOUND.001 2008-07-05 12:26 . 2008-07-05 12:26 8,123,904 --a------ C:\The Fat-Burning Bible.doc 2008-07-05 12:26 . 2008-07-05 12:26 162 --ah----- C:\~$e Fat-Burning Bible.doc 2008-07-05 12:03 . 2005-05-15 19:39 4,328,230 --a------ C:\The Fat-Burning Bible.pdf 2008-07-05 12:03 . 2008-07-05 12:03 2,559,269 --a------ C: fbb_sh_ilstone.rar 2008-07-05 11:13 . 2008-07-05 11:13 567,012 --a------ C:\weight_loss.pdf 2008-07-05 10:57 . 2008-07-05 10:57 589,801 --a------ C:\Amazing_Weight_Loss_&_Health_Tips.pdf 2008-07-05 10:50 . 2008-07-05 10:50 7,118 --a------ C:\login.htm 2008-07-05 10:38 . 2008-07-05 10:38 881,339 --a------ C:\obe_brochure.pdf 2008-07-05 10:20 . 2008-07-05 09:58 392,862 --a------ C:\2264194.pdf 2008-07-05 09:32 . 2008-07-05 09:32 490,608 --a------ C:\weight_loss_secrets.pdf 2008-07-05 09:23 . 2008-07-05 09:23 37,731 --a------ C:\328.pdf 2008-07-05 09:17 . 2008-07-05 09:17 263,021 --a------ C:\Hoodia revised.pdf 2008-07-05 09:15 . 2008-07-05 09:15 14,745 --a------ C:\Rugheimer.pdf 2008-07-05 08:59 . 2008-07-05 08:59 119,177 --a------ C:\Green Tea VS Hoodia ,which is better for losing weight.pdf 2008-07-05 08:57 . 2008-07-05 08:57 40,122 --a------ C:\Hoodia 01.pdf 2008-07-05 08:53 . 2008-07-05 08:53 3,613,701 --a------ C:\5802hoodia.pdf 2008-07-05 08:46 . 2008-07-05 08:45 286,719 --a------ C:\DA10.pdf 2008-07-05 08:37 . 2008-07-05 08:37 220,148 --a------ C:\HoodiaBOQ.pdf 2008-07-05 08:36 . 2008-07-05 08:36 205,899 --a------ C:\D387.pdf 2008-07-05 08:35 . 2008-07-05 08:35 81,325 --a------ C:\Hoodia Hoodoo Lesson Plan(1).pdf 2008-07-04 09:25 . 2008-07-04 09:25 58,301 --a------ C:\msgg_VBull.zip 2008-07-02 11:42 . 2008-07-02 11:42 d-------- C:\Documents and Settings\Administrateur\Application Data\Flash Jigsaw Producer 2008-07-01 08:18 . 2008-07-01 08:18 d-------- C:\Program Files\Free Download Manager 2008-07-01 08:18 . 2008-07-01 08:18 d-------- C:\Documents and Settings\Administrateur\Application Data\Free Download Manager 2008-06-30 15:00 . 2008-06-30 15:01 5,384,192 --a------ C:\Gad Elmaleh - Arte.mpg 2008-06-30 14:57 . 2008-06-30 14:58 1,335,357 --a------ C:\Gad Elmaleh - Arte.wmv 2008-06-30 14:54 . 2008-06-30 14:55 13,991,424 --a------ C:\Gad Elmaleh - Arte.avi 2008-06-25 12:34 . 2008-06-25 12:34 d-------- C:\Program Files\Instant Article Submitter 2008-06-25 12:34 . 2008-06-25 12:35 65 --a------ C:\WINDOWS\instantarticlesubmitter.ini 2008-06-23 11:12 . 2008-06-23 11:12 d--hs---- C:\FOUND.000 2008-06-23 10:54 . 2008-06-23 10:54 d-------- C:\Program Files\SourceTec 2008-06-23 10:54 . 2008-06-23 10:55 d-------- C:\Program Files\Fichiers communs\SourceTec 2008-06-22 17:37 . 2008-06-22 17:37 d-------- C:\Documents and Settings\Administrateur\Application Data\GrabPro 2008-06-22 17:36 . 2008-06-22 17:37 d-------- C:\Documents and Settings\Administrateur\Application Data\Orbit 2008-06-22 01:06 . 2008-07-04 18:03 25 --a------ C:\WINDOWS\.prj 2008-06-20 10:41 . 1998-06-24 00:00 369,696 --a------ C:\WINDOWS\system32\Comct332.ocx 2008-06-20 10:41 . 1998-06-18 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll 2008-06-20 10:41 . 1999-05-15 00:24 97,280 --a------ C:\WINDOWS\system32\vspell32.ocx 2008-06-20 10:41 . 1998-11-18 11:40 89,600 --a------ C:\WINDOWS\system32\Leocx32.ocx 2008-06-20 10:41 . 1998-11-22 14:23 84,992 --a------ C:\WINDOWS\system32\Ledit32.dll 2008-06-20 10:41 . 1997-02-24 17:44 70,656 --a------ C:\WINDOWS\system32\vspell32.dll 2008-06-20 10:41 . 2008-07-07 15:07 1,461 --a------ C:\WINDOWS\pagebreeze.ini 2008-06-20 10:41 . 2008-06-20 10:41 44 --a------ C:\WINDOWS\formbreeze.ini 2008-06-20 10:40 . 2008-06-20 10:40 d-------- C:\Program Files\PageBreeze 2008-06-20 10:40 . 2005-01-24 12:39 503,808 --a------ C:\WINDOWS\system32\ChilkatFTPx.dll 2008-06-20 08:38 . 2008-06-20 08:38 d-------- C:\Program Files\Lavasoft 2008-06-20 08:27 . 2008-06-20 08:27 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-19 20:18 . 2008-06-19 20:18 d-------- C:\ECHOSMAR 1240 19-06-2008 (v.2.16) 2008-06-13 19:25 . 2008-06-13 19:25 d-------- C:\Program Files\Tubeinator 2008-06-13 10:34 . 2008-06-13 10:34 d-------- C:\Program Files\Image Video Machine 2008-06-11 18:32 . 2008-06-11 18:32 d-------- C:\cx24138-24142-echosmar_1240-v2.14-08.06.10 2008-06-11 10:12 . 2008-06-11 10:12 580,509 --a------ C:\ewofn1587.zip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 15:15 --------- d-----w C:\Program Files\PhotoWatermark Professional 7 2008-06-05 09:44 --------- d-----w C:\Program Files\SEclicker 2008-06-03 12:37 --------- d-----w C:\Program Files\Fichiers communs\DFX 2008-06-03 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX 2008-06-02 19:03 --------- d-----w C:\Program Files\A4Proxy 2008-05-31 14:05 1,773,568 ----a-w C:\WINDOWS\system32\msgdiplus.dll 2008-05-31 12:50 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-31 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-31 12:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com 2008-05-27 13:40 --------- d-----w C:\Program Files\%temp& 2008-05-27 12:38 --------- d-----w C:\Program Files\SlimBrowser 2008-05-26 13:13 87,040 ----a-w C:\WINDOWS\system32\scrcwu32.dll 2008-05-26 13:13 7,168 ----a-w C:\WINDOWS\system32\cmpr32.dll 2008-05-26 13:13 60,928 ----a-w C:\WINDOWS\system32\urunon.dll 2008-05-24 16:51 --------- d-----w C:\Program Files\EWP Keyword Generator 2008-05-24 15:12 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-05-24 15:10 --------- d-----w C:\Program Files\SAGEM 2008-05-23 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-05-23 11:21 --------- d-----w C:\Program Files\Yahoo! 2008-05-20 09:17 --------- d-----w C:\Program Files\Local SMTP Server Pro 2008-05-19 17:31 --------- d-----w C:\Program Files\Free SMTP Server 2008-05-18 10:34 --------- d-----w C:\Program Files\Universal Document Converter 2008-05-18 09:47 --------- d-----w C:\Program Files\LizardTech 2008-05-16 11:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe 2008-05-14 00:43 2,434 ----a-w C:\Documents and Settings\Administrateur\Application Data\WWB7_32.DAT 2008-05-11 17:58 1,372,351 ----a-w C:\wordpress-2.5.1.zip 2008-05-10 13:01 --------- d-----w C:\Program Files\RSS Wizard 2008-05-10 11:40 67,870 ----a-w C: ew22.zip 2008-05-10 09:51 --------- d-----w C:\Program Files\Arcade Classic Pack 2008-05-09 10:29 --------- d-----w C:\Program Files\Content Desk 2008-04-26 19:44 3,783,721 ----a-w C:\gmlw.zip 2008-02-25 10:51 1,024 ----a-w C:\Documents and Settings\All Users\Application Data\1doc2pdf.dll 2007-12-04 11:19 54,272 ----a-w C:\Program Files ax.exe . [code]

----a-w           299,008 2007-01-30 12:11:24  C:\ECHOSMAR 1240 19-06-2008 (v.2.16)\Upgrade V1.10 .exe

[/code] ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACC51D34-1F0C-452F-AD37-6817A32DD737}] 2008-03-05 09:47 98048 --a------ C:\WINDOWS\system32\dpla.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360] "KeyMapperStarup"="D:\KeYre\KeyRemapper\KeyRemapper.exe" [2007-06-29 22:54 110592] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:22 1667584] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2002-10-15 23:05 114688] "AutoMate6"="C:\Program Files\AutoMate 6\AMEM.exe" [2007-06-28 13:20 3321736] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472] "smtpsrv"="C:\Program Files\Local SMTP Server Pro\SMTPServer.exe" [2008-05-20 09:19 1310720] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 14:57 1443072] "SoundMan"="SOUNDMAN.EXE" [2002-09-11 02:57 46592 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Avant Browser\avant.exe"= "C:\WINDOWS\system32\svchost.exe"= C:\WINDOWS\System32\svchost.exe "C:\Program Files\eMule\EMULE.EXE"= "C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\FileZilla\FileZilla.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= "C:\Program Files\Free Download Manager\fdmwi.exe"= "C:\Program Files\Internet Explorer\IEXPLORE.EXE"= "C:\Program Files\Free SMTP Server\localsrv.exe"= "C:\Program Files\Local SMTP Server Pro\SMTPServer.exe"= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"= "C:\Program Files\Yahoo!\Messenger\YServer.exe"= "C:\Program Files\Real\RealPlayer\RealPlay.exe"= "C:\Program Files\Crazy Browser\Crazy Browser.exe"= "C:\WINDOWS\Explorer.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5804:TCP"= 5804:TCP:@xpsp2res.dll,-22008 "7742:TCP"= 7742:TCP:@xpsp2res.dll,-22008 R0 annnuguk;annnuguk;C:\WINDOWS\system32\drivers\gvvmnjrv.dat [] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-04-23 15:00] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-07-04 20:34:52 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . - - - - ORPHANS REMOVED - - - - WebBrowser-{F727E04F-2957-4DBF-88E5-23AAC17455BC} - (no file) ShellExecuteHooks-{EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - (no file) ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-09 20:04:41 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succٹs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\annnuguk] "ImagePath"="system32\drivers\gvvmnjrv.dat" . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE C:\PROGRAM FILES\AUTOMATE 6\AMTS.EXE C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\EKRN.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\WDFMGR.EXE C:\PROGRAM FILES\WORKSPACE MACRO PRO 6.5\WMPHOTKEYS.EXE C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE C:\WINDOWS\system32 askmgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-09 20:07:32 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-09 20:07:22 Pre-Run: 757,809,152 octets libres Post-Run: 1,061,617,664 octets libres 220 --- E O F --- 2007-12-25 00:11:43

Utilisateur anonyme · Answer

ok 

besoin d info connais tu ces 3 programmes :

C:\Program Files\Workspace Macro Pro 6.5\WMPHotkeys.exe
C:\Program Files\Arcade Classic Pack\Arcade!.exe
C:\Program Files\AutoMate 6\AMEM.exe

Utilisateur anonyme · Answer

oki

Copie le texte ci-dessous : 



File:: 
C:\WINDOWS\system32\lsdelete.exe 
C:\WINDOWS\system32\dpla.dll 
C:\Program Files
ax.exe 
D:\KeYre\KeyRemapper\KeyRemapper.exe

Folder:: 
D:\KeYre

Registry:: 
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACC51D34-1F0C-452F-AD37-6817A32DD737}] 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"KeyMapperStarup"=-





Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt. 

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

taggert · Answer

voici le rapport cambo ComboFix 08-07-08.9 - Administrateur 2008-07-09 21:11:46.3 - [color=red][b]FAT32[/b][/color]x86 Microsoft Windows XP Professionnel 5.1.2600.2.1256.965.1036.18.229 [GMT 0:00] Endroit: C:\ComboFix.exe Command switches used :: C:\CFScript.txt * Création d'un nouveau point de restauration * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RةCUPةRATION N'EST PAS INSTALLةE SUR CETTE MACHINE !![/b][/color] FILE :: C:\Program Files ax.exe C:\WINDOWS\system32\dpla.dll C:\WINDOWS\system32\lsdelete.exe D:\KeYre\KeyRemapper\KeyRemapper.exe . /wow section - STAGE 40 pv: No matching processes found La syntaxe de la commande est incorrecte. (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\dpla.dll . . . . Echec de suppression . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))))))) . 2008-07-09 20:52 . 2008-07-09 19:38 2,608,890 --a------ C:\ComboFix.exe 2008-07-05 16:56 . 2008-07-05 16:56 d--hs---- C:\FOUND.001 2008-07-02 11:42 . 2008-07-02 11:42 d-------- C:\Documents and Settings\Administrateur\Application Data\Flash Jigsaw Producer 2008-07-01 08:18 . 2008-07-01 08:18 d-------- C:\Program Files\Free Download Manager 2008-07-01 08:18 . 2008-07-01 08:18 d-------- C:\Documents and Settings\Administrateur\Application Data\Free Download Manager 2008-06-30 15:00 . 2008-06-30 15:01 5,384,192 --a------ C:\Gad Elmaleh - Arte.mpg 2008-06-30 14:57 . 2008-06-30 14:58 1,335,357 --a------ C:\Gad Elmaleh - Arte.wmv 2008-06-30 14:54 . 2008-06-30 14:55 13,991,424 --a------ C:\Gad Elmaleh - Arte.avi 2008-06-25 12:34 . 2008-06-25 12:34 d-------- C:\Program Files\Instant Article Submitter 2008-06-25 12:34 . 2008-06-25 12:35 65 --a------ C:\WINDOWS\instantarticlesubmitter.ini 2008-06-23 11:12 . 2008-06-23 11:12 d--hs---- C:\FOUND.000 2008-06-23 10:54 . 2008-06-23 10:54 d-------- C:\Program Files\SourceTec 2008-06-23 10:54 . 2008-06-23 10:55 d-------- C:\Program Files\Fichiers communs\SourceTec 2008-06-22 17:37 . 2008-06-22 17:37 d-------- C:\Documents and Settings\Administrateur\Application Data\GrabPro 2008-06-22 17:36 . 2008-06-22 17:37 d-------- C:\Documents and Settings\Administrateur\Application Data\Orbit 2008-06-22 01:06 . 2008-07-04 18:03 25 --a------ C:\WINDOWS\.prj 2008-06-20 10:41 . 1998-06-24 00:00 369,696 --a------ C:\WINDOWS\system32\Comct332.ocx 2008-06-20 10:41 . 1998-06-18 00:00 102,912 --a------ C:\WINDOWS\system32\Vb6stkit.dll 2008-06-20 10:41 . 1999-05-15 00:24 97,280 --a------ C:\WINDOWS\system32\vspell32.ocx 2008-06-20 10:41 . 1998-11-18 11:40 89,600 --a------ C:\WINDOWS\system32\Leocx32.ocx 2008-06-20 10:41 . 1998-11-22 14:23 84,992 --a------ C:\WINDOWS\system32\Ledit32.dll 2008-06-20 10:41 . 1997-02-24 17:44 70,656 --a------ C:\WINDOWS\system32\vspell32.dll 2008-06-20 10:41 . 2008-07-07 15:07 1,461 --a------ C:\WINDOWS\pagebreeze.ini 2008-06-20 10:41 . 2008-06-20 10:41 44 --a------ C:\WINDOWS\formbreeze.ini 2008-06-20 10:40 . 2008-06-20 10:40 d-------- C:\Program Files\PageBreeze 2008-06-20 10:40 . 2005-01-24 12:39 503,808 --a------ C:\WINDOWS\system32\ChilkatFTPx.dll 2008-06-20 08:38 . 2008-06-20 08:38 d-------- C:\Program Files\Lavasoft 2008-06-20 08:27 . 2008-06-20 08:27 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-06-19 20:18 . 2008-06-19 20:18 d-------- C:\ECHOSMAR 1240 19-06-2008 (v.2.16) 2008-06-13 19:25 . 2008-06-13 19:25 d-------- C:\Program Files\Tubeinator 2008-06-13 10:34 . 2008-06-13 10:34 d-------- C:\Program Files\Image Video Machine 2008-06-11 18:32 . 2008-06-11 18:32 d-------- C:\cx24138-24142-echosmar_1240-v2.14-08.06.10 2008-06-11 10:12 . 2008-06-11 10:12 580,509 --a------ C:\ewofn1587.zip . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-06 15:15 --------- d-----w C:\Program Files\PhotoWatermark Professional 7 2008-06-05 09:44 --------- d-----w C:\Program Files\SEclicker 2008-06-03 12:37 --------- d-----w C:\Program Files\Fichiers communs\DFX 2008-06-03 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX 2008-06-02 19:03 --------- d-----w C:\Program Files\A4Proxy 2008-05-31 14:05 1,773,568 ----a-w C:\WINDOWS\system32\msgdiplus.dll 2008-05-31 12:50 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-31 12:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com 2008-05-31 12:50 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com 2008-05-27 13:40 --------- d-----w C:\Program Files\%temp& 2008-05-27 12:38 --------- d-----w C:\Program Files\SlimBrowser 2008-05-26 13:13 87,040 ----a-w C:\WINDOWS\system32\scrcwu32.dll 2008-05-26 13:13 7,168 ----a-w C:\WINDOWS\system32\cmpr32.dll 2008-05-26 13:13 60,928 ----a-w C:\WINDOWS\system32\urunon.dll 2008-05-24 16:51 --------- d-----w C:\Program Files\EWP Keyword Generator 2008-05-24 15:12 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg 2008-05-24 15:10 --------- d-----w C:\Program Files\SAGEM 2008-05-23 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2008-05-23 11:21 --------- d-----w C:\Program Files\Yahoo! 2008-05-20 09:17 --------- d-----w C:\Program Files\Local SMTP Server Pro 2008-05-19 17:31 --------- d-----w C:\Program Files\Free SMTP Server 2008-05-18 10:34 --------- d-----w C:\Program Files\Universal Document Converter 2008-05-18 09:47 --------- d-----w C:\Program Files\LizardTech 2008-05-14 00:43 2,434 ----a-w C:\Documents and Settings\Administrateur\Application Data\WWB7_32.DAT 2008-05-11 17:58 1,372,351 ----a-w C:\wordpress-2.5.1.zip 2008-05-10 13:01 --------- d-----w C:\Program Files\RSS Wizard 2008-05-10 11:40 67,870 ----a-w C: ew22.zip 2008-05-10 09:51 --------- d-----w C:\Program Files\Arcade Classic Pack 2008-05-09 10:29 --------- d-----w C:\Program Files\Content Desk 2008-04-26 19:44 3,783,721 ----a-w C:\gmlw.zip 2008-02-25 10:51 1,024 ----a-w C:\Documents and Settings\All Users\Application Data\1doc2pdf.dll . [code]

----a-w           299,008 2007-01-30 12:11:24  C:\ECHOSMAR 1240 19-06-2008 (v.2.16)\Upgrade V1.10 .exe

[/code] ((((((((((((((((((((((((((((( snapshot@2008-07-09_20.06.51.26 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-09 20:03:54 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-07-09 21:16:10 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACC51D34-1F0C-452F-AD37-6817A32DD737}] 2008-03-05 09:47 98048 --a------ C:\WINDOWS\system32\dpla.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:09 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-19 16:22 1667584] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2002-10-15 23:05 114688] "AutoMate6"="C:\Program Files\AutoMate 6\AMEM.exe" [2007-06-28 13:20 3321736] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15 221184] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048] "SSBkgdUpdate"="C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 09:03 210472] "smtpsrv"="C:\Program Files\Local SMTP Server Pro\SMTPServer.exe" [2008-05-20 09:19 1310720] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 14:57 1443072] "SoundMan"="SOUNDMAN.EXE" [2002-09-11 02:57 46592 C:\WINDOWS\SOUNDMAN.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 16:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKEY_CURRENT_USER\software\microsoft\windows\currentversion un-] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Avant Browser\avant.exe"= "C:\WINDOWS\system32\svchost.exe"= C:\WINDOWS\System32\svchost.exe "C:\Program Files\eMule\EMULE.EXE"= "C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\FileZilla\FileZilla.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= "C:\Program Files\Free Download Manager\fdmwi.exe"= "C:\Program Files\Internet Explorer\IEXPLORE.EXE"= "C:\Program Files\Free SMTP Server\localsrv.exe"= "C:\Program Files\Local SMTP Server Pro\SMTPServer.exe"= "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"= "C:\Program Files\Yahoo!\Messenger\YServer.exe"= "C:\Program Files\Real\RealPlayer\RealPlay.exe"= "C:\Program Files\Crazy Browser\Crazy Browser.exe"= "C:\WINDOWS\Explorer.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5804:TCP"= 5804:TCP:@xpsp2res.dll,-22008 "7742:TCP"= 7742:TCP:@xpsp2res.dll,-22008 R0 annnuguk;annnuguk;C:\WINDOWS\system32\drivers\gvvmnjrv.dat [] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-04-23 15:00] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-19 16:10] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2008-07-04 20:34:52 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-09 21:16:49 Windows 5.1.2600 Service Pack 2 FAT NTAPI Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succٹs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\annnuguk] "ImagePath"="system32\drivers\gvvmnjrv.dat" . ------------------------ Other Running Processes ------------------------ . C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE C:\PROGRAM FILES\AUTOMATE 6\AMTS.EXE C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\EKRN.EXE C:\PROGRAM FILES\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE C:\WINDOWS\SYSTEM32\WDFMGR.EXE C:\PROGRAM FILES\SAGEM\SAGEM F@ST 800-840\DSLMON.EXE C:\WINDOWS\system32 askmgr.exe . ************************************************************************** . Temps d'accomplissement: 2008-07-09 21:20:14 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-09 21:20:06 ComboFix3.txt 2008-07-09 20:07:34 ComboFix2.txt 2008-07-09 21:04:28 Pre-Run: 1,095,729,152 octets libres Post-Run: 1,087,324,160 octets libres 222 --- E O F --- 2007-12-25 00:11:43

taggert · Answer

et HijackThis 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:06, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AutoMate 6\AMTS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AutoMate 6\AMEM.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32	askmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {ACC51D34-1F0C-452F-AD37-6817A32DD737} - C:\WINDOWS\system32\dpla.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AutoMate6] C:\Program Files\AutoMate 6\AMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [smtpsrv] C:\Program Files\Local SMTP Server Pro\SMTPServer.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AutoMate 6 (AutoMate6) - Network Automation, Inc. - C:\Program Files\AutoMate 6\AMTS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

taggert · Answer

et HijackThis 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:06, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AutoMate 6\AMTS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AutoMate 6\AMEM.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32	askmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {ACC51D34-1F0C-452F-AD37-6817A32DD737} - C:\WINDOWS\system32\dpla.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AutoMate6] C:\Program Files\AutoMate 6\AMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [smtpsrv] C:\Program Files\Local SMTP Server Pro\SMTPServer.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AutoMate 6 (AutoMate6) - Network Automation, Inc. - C:\Program Files\AutoMate 6\AMTS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Utilisateur anonyme · Answer

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe 

n´y touche pas 

redemarre en mode sans echec: 

Comment redémarrer en mode sans echec? 

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter. 
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
capture d´ecran : http://www.coupdepoucepc.com/ 
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal! 
Ps : si F8 ne marche pas utilise la touche F5. 

Note : en mode sans echec tu n´auras plus acces au net alors imprime ou copie les instructions ci dessous dans un fichier texte que tu pourras consulter a souhait 
une fois en mode sans echec. 


Fix.reg 

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) : 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 
REGEDIT4 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ACC51D34-1F0C-452F-AD37-6817A32DD737}] 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin. 
Puis click sur "fichier"/"enregistrer sous" : 
dans : sur le bureau 
Nom du fichier : fix.reg 
Type de fichier : "tous les fichiers" 
clique sur "enregistrer" 

ca doit ressembler a ca une fois enrregistré : 

http://img520.imageshack.us/img520/4251/screenshot005ps2.png 

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?" 
Si c'est bien le cas, clique sur "oui" 

* Double-clique sur OTMoveIt.exe pour lancer le programme, 
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" : 

C:\WINDOWS\system32\dpla.dll 


* Clique sur MoveIt! pour lancer la suppression, 
* Le résultat appraraîtra dans le cadre Results. 
* Clique sur Exit pour fermer le programme. 
* Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles 
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes. 

Redemarre normalement et post le rapport de ot_move it ici stp ainsi qu´un nouveau rapport hijack this.

taggert · Answer

lorsque je clique sur move it le program me repond  C:\WINDOWS\system32\dpla.dll  n'est pas une image windows valide 

voici un log du program apres redemarage 

File/Folder  not found.
File move failed. C:\WINDOWS\system32\dpla.dll scheduled to be moved on reboot.
File/Folder  not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07092008_221338

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\dpla.dll
C:\WINDOWS\system32\dpla.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\dpla.dll scheduled to be moved on reboot.


voici le nouveau hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:09, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AutoMate 6\AMTS.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS
otepad.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AutoMate 6\AMEM.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Local SMTP Server Pro\SMTPServer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {ACC51D34-1F0C-452F-AD37-6817A32DD737} - C:\WINDOWS\system32\dpla.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AutoMate6] C:\Program Files\AutoMate 6\AMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [smtpsrv] C:\Program Files\Local SMTP Server Pro\SMTPServer.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AutoMate 6 (AutoMate6) - Network Automation, Inc. - C:\Program Files\AutoMate 6\AMTS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Utilisateur anonyme · Answer

ok 

on continue :


Telecharge malwarebytes 

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe 

Tu l´instale; le programme va se mettre automatiquement a jour. 

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des elements on ete trouvés > click sur supprimer la selection. 

si il t´es demandé de redemarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp.

ps : les rapport sont aussi rangé dans l onglet rapport/log

taggert · Answer

je m'excuse pour le retard depuis hier

voici le log 


Malwarebytes' Anti-Malware 1.20
Database version: 935
Windows 5.1.2600 Service Pack 2

00:16:05 10/07/2008
mbam-log-7-10-2008 (00-16-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 441967
Time elapsed: 1 hour(s), 30 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
D:\software\Trial-Reset_v3[1].0_RC9\Plugins\SlySoft.dll (Spyware.OnlineGames) -> Quarantined and deleted successfully.

taggert · Answer

mais meme apres ce scan j'ai toujours ces alerte de l'antivuris

Utilisateur anonyme · Answer

OK

réouvre malewarebyte
va sur quarantaine
supprime tout


ensuite 

Télécharge clean.zip, de Malekal 
http://www.malekal.com/download/clean.zip 



(1) Dézippe-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 

(2) Ouvre le dossier clean qui se trouve sur ton bureau, et double-clic sur clean.cmd 

une fenêtre noire va apparaître pendant un instant, laisse la ouverte. 

(3) Choisis l'option 1 puis patiente 
Poste le rapport obtenu 


pour retrouver le rapport : double clique sur > C > double clique sur " rapport_clean txt. 
et copie/colle le sur ta prochaine réponse . 

Ne passe pas à l'option 2 sans notre avis !

taggert · Answer

voici le rapport 

 10/07/2008 a 13:05:29,85 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32 
 
*** Recherche des fichiers dans C:\Program Files 
C:\PROGRA~1\PERFEC~1\ FOUND

Utilisateur anonyme · Answer

-> Redémarre en mode sans échec : 

Comment redémarrer en mode sans echec? 

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter. 
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal! 
Ps : si F8 ne marche pas utilise la touche F5. 


-> Une fois en mode sans echec, ouvre le dossier que tu auvais crée et click sur clean.cmd et choisis l'option 2. 

-> Redémarre normalement et poste le rapport de clean.


ensuite je voudras que tu fasse un scan complet de ta machine avec nod32 (eset) et que tu envoi le rapport sur le forum stp 

@+

taggert · Answer

le rapport de clean

Script execute en mode sans echec 
Rapport clean par Malekal_morte - http://www.malekal.com 
Script execute en mode sans echec 10/07/2008 a 13:30:43,76 

Microsoft Windows XP [version 5.1.2600]
 
*** Suppression des fichiers dans C: 
 
*** Suppression des fichiers dans C:\WINDOWS\ 
 
*** Suppression des fichiers dans C:\WINDOWS\system32 
 
*** Suppression des fichiers dans C:\Program Files 
tentative de suppression de C:\PROGRA~1\PERFEC~1\ 
 
*** Suppression des clefs du registre effectuee..

taggert · Answer

le rapport nod32 (eset)


C:\pagefile.sys - error opening
C:\WINDOWS\system32\config\system.LOG - error opening
C:\WINDOWS\system32\config\software.LOG - error opening
C:\WINDOWS\system32\config\default.LOG - error opening
C:\WINDOWS\system32\config\SAM.LOG - error opening
C:\WINDOWS\system32\config\SECURITY.LOG - error opening
C:\WINDOWS\system32\config\SECURITY - error opening
C:\WINDOWS\system32\config\SOFTWARE - error opening
C:\WINDOWS\system32\config\SYSTEM - error opening
C:\WINDOWS\system32\config\DEFAULT - error opening
C:\WINDOWS\system32\config\SAM - error opening
C:\WINDOWS\system32\drivers\gvvmnjrv.dat - error opening
C:\WINDOWS\system32\drivers\sptd.sys - error opening
C:\WINDOWS\vf_hip\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\f3f2705b5fdfd9264b7123a2d283e06d\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\5f51a5d334ac80a2988bd8848bc695cb\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\7c43cf31471ac5c8600409a70e40c22f\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\3785f1ad0230e231b0e7dc1f4bb81cd1\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\edcc3f7164a381fb0912c47bc6b94ca4\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\d3c181d971d83bacdf1ae12100584248\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0009._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0005._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0003._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0008._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0001._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0000._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0006._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0012._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0007._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0011._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0004._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0002._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\60ed62953e03ee5bf235cba11ef6e53b\BIT7C.tmp » CAB » _sfx_0010._p - archive damaged - the file could not be extracted.
C:\WINDOWS\SoftwareDistribution\Download\06119f7f007fbf3388fb7f012fd2ce49\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\fde0566446f6dd640c536f419fe1216a\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\46faa4cd5c82200be099d1b1e8a12eed\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\SoftwareDistribution\Download\287a58cb69d3630207800fd4dd011739\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\eula.txt » MIME - is OK (internal scanning not performed)
C:\WINDOWS\$hf_mig$\KB898461\update\eula.txt » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\NetworkService
tuser.dat.LOG - error opening
C:\Documents and Settings\NetworkService\NTUSER.DAT - error opening
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Documents and Settings\LocalService
tuser.dat.LOG - error opening
C:\Documents and Settings\LocalService\NTUSER.DAT - error opening
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Documents and Settings\Administrateur
tuser.dat.LOG - error opening
C:\Documents and Settings\Administrateur
tuser.dat - error opening
C:\Documents and Settings\Administrateur\Local Settings\Temp\wutftjqn.dat - error opening
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG - error opening
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - error opening
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{7D5C7F1F-B996-4B4D-A618-E659AFA7F637}\Microsoft\Outlook Express\Boîte de réception.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{7D5C7F1F-B996-4B4D-A618-E659AFA7F637}\Microsoft\Outlook Express\Brouillons.dbx » DBX - is OK (internal scanning not performed)
C:\Documents and Settings\Administrateur\Mes documents\Computer.mht » MIME - is OK (internal scanning not performed)
C:\Documents and Settings\Administrateur\Mes documents\TigerDirect.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Fichiers communs\DFX\Skins\Obsidian\Obsidian.exe » NSIS - bad archive
C:\Program Files\Fichiers communs\DFX\Skins\Obsidian_mini\Obsidian_mini.exe » NSIS - bad archive
C:\Program Files\Fichiers communs\DFX\Skins\SoundFX\SoundFX.exe » NSIS - bad archive
C:\Program Files\Windows Media Player\eula.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\SlimBrowser\sbrowser.chm » CHM » /replace.js » MIME - is OK (internal scanning not performed)
C:\Program Files\Siber Systems\AI RoboForm\license-es.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Siber Systems\AI RoboForm\license-it.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\RSS Submit\submitok\www.poupeebarbie.com____61____StrategicBoard.HTML » MIME - is OK (internal scanning not performed)
C:\Program Files\Nvu\chrome\installed-chrome.txt » MIME - is OK (internal scanning not performed)
C:\Program Files\Nero\Nero Core\CDI\CDI_VCD.CFG » MIME - is OK (internal scanning not performed)
C:\Program Files\Free Download Manager\Firefox\extension\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\AllSubmitter\cacheallsubmitter\google.com.mht » MIME - is OK (internal scanning not performed)
C:\Program Files\Real\RealPlayer\browserrecord\chrome.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Netscape\Navigator 9\chrome\browser.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Netscape\Navigator 9\chrome\comm.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Netscape\Navigator 9\chrome\pippki.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Netscape\Navigator 9\chrome	oolkit.manifest » MIME - is OK (internal scanning not performed)
C:\Program Files\Qualcomm\Eudora\private_mails.mbx » MIME - is OK (internal scanning not performed)
C:\Program Files\Local SMTP Server Proeadme.txt » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{97145BD0-F5A6-4741-9358-52118D4BDE5C}\RP252\A0084696.manifest » MIME - is OK (internal scanning not performed)
C:\System Volume Information\_restore{97145BD0-F5A6-4741-9358-52118D4BDE5C}\RP261\A0086737.exe - probably a variant of Win32/Spy.Agent.NET trojan - cleaned by deleting - quarantined
D:\Program Files\Softomate\ToolbarStudio\schema\help\desc_button_command.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\Softomate\ToolbarStudio\schema\help\desc_commands_shellexecute_notfound.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\Softomate\ToolbarStudio\schema\help\desc_commands_webjump_newwin.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\Softomate\ToolbarStudio\schema\help\desc_commands_webjump_parseevents.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\Softomate\ToolbarStudio\schema\help\desc_item_command.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\_bounces\05def.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\_bounces\06def.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\_bounces\07def.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\_bounces\08def.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\_bounces\09def.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\_bounces\11def.txt » MIME - is OK (internal scanning not performed)
D:\Program Files\_bounces\12def.txt » MIME - is OK (internal scanning not performed)

Utilisateur anonyme · Answer

ok ça donne quoi de ton coté ??

refais un scan hijackthis et post le rapport stp

taggert · Answer

le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:29:42, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AutoMate 6\AMTS.exe
C:\Program Files\AutoMate 6\AMEM.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Notepad++
otepad++.exe
C:\PROGRA~1\MSNGAM~1\Windows\zclientm.exe
C:\Program Files\Offline Explorer Enterprise\OE.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\Program Files\FileZilla\FileZilla.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {ACC51D34-1F0C-452F-AD37-6817A32DD737} - C:\WINDOWS\system32\dpla.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AutoMate6] C:\Program Files\AutoMate 6\AMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [smtpsrv] C:\Program Files\Local SMTP Server Pro\SMTPServer.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AutoMate 6 (AutoMate6) - Network Automation, Inc. - C:\Program Files\AutoMate 6\AMTS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Utilisateur anonyme · Answer

réouvre hijackthis
fais scan only
coche ces lignes :

O2 - BHO: (no name) - {ACC51D34-1F0C-452F-AD37-6817A32DD737} - C:\WINDOWS\system32\dpla.dll 

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') 
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RESEAU') 
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

tu les coches et tu clic sur fix checked


ensuite :

double-clique sur OTMoveIt.exe pour le lancer. 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:\WINDOWS\system32\dpla.dll 

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. + un nouveau rapport hijackthis stp

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes. 


toujours des alertes ??

taggert · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:59:07, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AutoMate 6\AMTS.exe
C:\Program Files\AutoMate 6\AMEM.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Notepad++
otepad++.exe
C:\PROGRA~1\MSNGAM~1\Windows\zclientm.exe
C:\Program Files\Offline Explorer Enterprise\OE.exe
C:\Program Files\FileZilla\FileZilla.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Crazy Browser\Crazy Browser.exe
C:\WINDOWS\system32\ctfmon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {ACC51D34-1F0C-452F-AD37-6817A32DD737} - C:\WINDOWS\system32\dpla.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AutoMate6] C:\Program Files\AutoMate 6\AMEM.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [smtpsrv] C:\Program Files\Local SMTP Server Pro\SMTPServer.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\RunOnce: [OTScanIt] C:\OTMoveIt2.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - Global Startup: Action Manager 32.lnk = C:\Program Files\ScannerU\AM32.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O17 - HKLM\System\CS1\Services\Tcpip\..\{58B2C714-81CC-4F8C-8472-851B66BFF439}: NameServer = 212.217.0.3 196.217.246.210
O18 - Filter: text/plain - {DC186800-657F-11D4-B0B5-0050BABFC904} - C:\WINDOWS\system32\urunon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AutoMate 6 (AutoMate6) - Network Automation, Inc. - C:\Program Files\AutoMate 6\AMTS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

taggert · Answer

LoadLibrary failed for C:\WINDOWS\system32\dpla.dll
C:\WINDOWS\system32\dpla.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\dpla.dll scheduled to be moved on reboot.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07102008_225724

Files moved on Reboot...
LoadLibrary failed for C:\WINDOWS\system32\dpla.dll
C:\WINDOWS\system32\dpla.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\dpla.dll scheduled to be moved on reboot.

Utilisateur anonyme · Answer

ce fichier s accroche 

réouvre hijackthis
fais scan only
coches cette lignes :

O2 - BHO: (no name) - {ACC51D34-1F0C-452F-AD37-6817A32DD737} - C:\WINDOWS\system32\dpla.dll 

et clic sur fix checked

ensuite redémarre le pc (important) et refais un scan hijackthis et post le rapport stp

taggert · Answer

ouyi les alerts continue l'un deux le message est 
le site a été bloquer
http://undkredit.info/bot.php/users=01254540000000
ip adress 58.65.237.17:80

Utilisateur anonyme · Answer

ok

fais ça aussi 

Télécharge cet outil de SiRi: 

http://siri.urz.free.fr/RHosts.php 

Double cliquer dessus pour l'exécuter 

et cliquer sur " Restore original Hosts " 

ps : c est normal que rien ne se passe

et redémarre le pc

Virus sans aucun solution

27 réponses

Votre réponse

Discussions similaires

Newsletters