Sujet Précédent Sujet Suivant

SOS win 32

Résolu
mylene22 Messages postés 5 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
Mon portable est infecté par un virus win 32 détecté par mon antivirus Avast. J'ai téléchargé le Vundofix qui n'a détecté aucun fichier infecté. Je joins le rapport Hijack. Pouvez-vous m'aider svp ? Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:33:28, on 11.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lematin.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 www.aujoy.cn
O1 - Hosts: 203.208.35.101 www.hao601.cn
O1 - Hosts: 203.208.35.101 www.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 www.xdj2008.com
O1 - Hosts: 63.175.76.152 www.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 www.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 72.14.235.147 www.infomt.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 www.haoaoao.cn
O1 - Hosts: ence.net
O2 - BHO: (no name) - {18093456-9012-4568-9076-908765467181} - (no file)
O2 - BHO: (no name) - {1A698452-C5D8-C584-C256-C264C987C5A1} - (no file)
O2 - BHO: (no name) - {20618412-C528-C784-C056-C164D1F7C502} - (no file)
O2 - BHO: (no name) - {20909876-4567-3908-4056-909834565102} - (no file)
O2 - BHO: (no name) - {22596546-2036-9451-6058-658402589722} - (no file)
O2 - BHO: (no name) - {25FD6584-698F-BCD2-602C-698745210352} - (no file)
O2 - BHO: (no name) - {2A698452-C5D8-C584-C256-C264C987C5A2} - (no file)
O2 - BHO: (no name) - {2B69874A-C58C-458D-69F0-698F874E41B2} - (no file)
O2 - BHO: skqncbib.dll - {32023698-6984-8541-9654-698745012523} - (no file)
O2 - BHO: (no name) - {35671234-7890-ABCD-CDEF-567801237653} - (no file)
O2 - BHO: (no name) - {37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73} - (no file)
O2 - BHO: (no name) - {37AC9076-C898-B098-D098-A18319080973} - (no file)
O2 - BHO: (no name) - {3A908760-8000-4000-A000-9000322145A3} - (no file)
O2 - BHO: (no name) - {3C954872-1230-6541-9548-6541025884C3} - (no file)
O2 - BHO: (no name) - {43512378-9874-5641-1025-985420368734} - (no file)
O2 - BHO: (no name) - {45694105-5108-9405-3695-954187462154} - (no file)
O2 - BHO: (no name) - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - (no file)
O2 - BHO: (no name) - {50940F85-F015-14F1-A05F-F69858AC6D05} - (no file)
O2 - BHO: (no name) - {528DF602-9541-A985-210A-984A698C6F25} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - (no file)
O2 - BHO: (no name) - {55694105-5108-9405-3695-954187462155} - (no file)
O2 - BHO: (no name) - {5A069845-2036-6084-9054-6087502480A5} - (no file)
O2 - BHO: (no name) - {5D098345-6785-1098-5413-678067AE03D5} - (no file)
O2 - BHO: (no name) - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - (no file)
O2 - BHO: (no name) - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - (no file)
O2 - BHO: (no name) - {6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6} - (no file)
O2 - BHO: (no name) - {6C648541-1025-9650-9057-6541258720C6} - (no file)
O2 - BHO: (no name) - {6C69034A-F45F-D34D-A33A-C33C4D324FC6} - (no file)
O2 - BHO: (no name) - {6FD45A54-9875-698F-E56E-65102358FDF6} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7319A1F1-9410-9654-3201-345FFA349137} - (no file)
O2 - BHO: (no name) - {77FD640A-158F-48AC-FD14-1597F14A9777} - (no file)
O2 - BHO: (no name) - {7A041F13-A111-12A3-B0CF-F99818AA68A7} - (no file)
O2 - BHO: (no name) - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - (no file)
O2 - BHO: (no name) - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - (no file)
O2 - BHO: (no name) - {7FD45A54-9875-698F-E56E-65102358FDF7} - (no file)
O2 - BHO: (no name) - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - (no file)
O2 - BHO: (no name) - {8629FF4F-ACDB-5C90-A098-FACB3456A268} - (no file)
O2 - BHO: (no name) - {91954FAC-1023-154F-895A-1458258AD819} - (no file)
O2 - BHO: (no name) - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - (no file)
O2 - BHO: (no name) - {A629FF4F-ACDB-5C90-A098-FACB3456A26A} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AA59145F-315D-BC23-AC1F-145DF81A34AA} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - (no file)
O2 - BHO: (no name) - {B629FF4F-ACDB-5C90-A098-FACB3456A26B} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: tisqatyu.dll,nhmxcjkl.dll,skqncbib.dll,akjsckaq.dll,yzztkmsn.dll,arjreler.dll
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Host Process for Win32 Services - Unknown owner - C:\WINDOWS\system\\svchost.exe (file missing)
O23 - Service: Micr0s0ft Agent - Unknown owner - C:\WINDOWS\System32\dllcache\sxch0st.exe (file missing)
O23 - Service: Microsoft Dir32 - Unknown owner - C:\WINDOWS\System32\dllcache\Dirhost.com (file missing)
O23 - Service: Microsoft Newss - Unknown owner - C:\WINDOWS\System32\dllcache\newhost.exe (file missing)
O23 - Service: Microsoft Visual Basic - Unknown owner - C:\WINDOWS\system\\MSVCRT.exe (file missing)
O23 - Service: Network helper Service (MSDisk) - Unknown owner - C:\WINDOWS\System32\irdvxc.exe (file missing)
O23 - Service: Spool SubSystem App - Unknown owner - C:\WINDOWS\system\Spool.exe (file missing)
A voir également:

12 réponses

Réponse 1 / 12
Utilisateur anonyme
 
salut mylene

Télécharge cet outil de SiRi:

http://siri.urz.free.fr/RHosts.php

Double cliquer dessus pour l'exécuter

et cliquer sur " Restore original Hosts "

ps : c est normal que rien ne se passe

et redémarre le pc

ensuite :

Telecharge malwarebytes

-> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

ps : les rapport sont aussi rangé dans l onglet rapport/log

pendant le scan reviens sur le forum je te dirais de faire un autre truc
0
Réponse 2 / 12
sheva55 Messages postés 1719 Statut Membre 267
 
utilise AVG 8.0
0
Réponse 3 / 12
Utilisateur anonyme
 
pendant le scan malewarebyte

réouvre hijackthis
fais scan only
coche toutes ces lignes :

O2 - BHO: (no name) - {45694105-5108-9405-3695-954187462154} - (no file)
O2 - BHO: (no name) - {4A698102-5904-AFD0-20DF-CD1A65829CA4} - (no file)
O2 - BHO: (no name) - {50940F85-F015-14F1-A05F-F69858AC6D05} - (no file)
O2 - BHO: (no name) - {528DF602-9541-A985-210A-984A698C6F25} - (no file)

O2 - BHO: (no name) - {54FAE856-AD58-20CB-A025-CD4895FA6E45} - (no file)
O2 - BHO: (no name) - {55694105-5108-9405-3695-954187462155} - (no file)
O2 - BHO: (no name) - {5A069845-2036-6084-9054-6087502480A5} - (no file)
O2 - BHO: (no name) - {5D098345-6785-1098-5413-678067AE03D5} - (no file)
O2 - BHO: (no name) - {60A345CD-ABCD-EFAB-CDEF-ABCD01020306} - (no file)
O2 - BHO: (no name) - {6A041F13-A111-12A3-B0CF-F99818AA68A6} - (no file)
O2 - BHO: (no name) - {6B1AEF69-DDAE-FDAD-DCAB-698F026ABDB6} - (no file)
O2 - BHO: (no name) - {6C648541-1025-9650-9057-6541258720C6} - (no file)
O2 - BHO: (no name) - {6C69034A-F45F-D34D-A33A-C33C4D324FC6} - (no file)
O2 - BHO: (no name) - {6FD45A54-9875-698F-E56E-65102358FDF6} - (no file)

O2 - BHO: (no name) - {7319A1F1-9410-9654-3201-345FFA349137} - (no file)
O2 - BHO: (no name) - {77FD640A-158F-48AC-FD14-1597F14A9777} - (no file)
O2 - BHO: (no name) - {7A041F13-A111-12A3-B0CF-F99818AA68A7} - (no file)
O2 - BHO: (no name) - {7C69034A-F45F-D34D-A33A-C33C4D324FC7} - (no file)
O2 - BHO: (no name) - {7C8D1401-A58D-A81C-CD24-A5915C4517C7} - (no file)
O2 - BHO: (no name) - {7FD45A54-9875-698F-E56E-65102358FDF7} - (no file)
O2 - BHO: (no name) - {83BA45AF-FAAA-CDDD-BEEE-BCDE1234AB38} - (no file)
O2 - BHO: (no name) - {8629FF4F-ACDB-5C90-A098-FACB3456A268} - (no file)
O2 - BHO: (no name) - {91954FAC-1023-154F-895A-1458258AD819} - (no file)
O2 - BHO: (no name) - {A490415F-65F8-B5C5-D8BA-9405FB12054A} - (no file)
O2 - BHO: (no name) - {A629FF4F-ACDB-5C90-A098-FACB3456A26A} - (no file)

O2 - BHO: (no name) - {AA59145F-315D-BC23-AC1F-145DF81A34AA} - (no file)

O2 - BHO: (no name) - {B490415F-65F8-B5C5-D8BA-9405FB12054B} - (no file)
O2 - BHO: (no name) - {B629FF4F-ACDB-5C90-A098-FACB3456A26B} - (no file)

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

tu les coches toutes et tu clic sur fix checked

ensuite fais ça :

Démarrer > executer > tape : services.msc

- Clic droit sur le service cité - Host Process for Win32 Services
- propriétés
- et dans "type de démarrage" et mets le sur « désactivé ».
- Ensuite si le "Status du service" est sur "Démarré" faire : « arrêté »

Tutorial : https://www.zebulon.fr/dossiers/windows/31-services.html

fais la meme chose pour :

Micr0s0ft Agent
Microsoft Dir32
Microsoft Newss
Microsoft Visual Basic
Network helper Service
Spool SubSystem App

0
mylene22
 
Merci de ton aide Chiquitine29 j'ai fait tout le procédé et voici le rapport de malewarebyte :

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 938
Windows 5.1.2600 Service Pack 3

01:32:17 11.07.2008
mbam-log-7-11-2008 (01-32-17).txt

Type de recherche: Examen rapide
Eléments examinés: 37352
Temps écoulé: 10 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 21
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 51

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mnmhhsrv.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\detxeiua.dll (Spyware.OnlineGames) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{8c8d1401-a58d-a81c-cd24-a5915c4517c8} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50618412-c528-c784-c056-c164d1f7c505} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80af1289-f140-a140-d012-c1458759fc08} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22596546-2036-9451-6058-658402589722} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18093456-9012-4568-9076-908765467181} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32023698-6984-8541-9654-698745012523} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spool SubSystem App (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Host Process for Win32 Services (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8c8d1401-a58d-a81c-cd24-a5915c4517c8} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50618412-c528-c784-c056-c164d1f7c505} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{22596546-2036-9451-6058-658402589722} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{18093456-9012-4568-9076-908765467181} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32023698-6984-8541-9654-698745012523} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\mnmhhsrv.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\detxeiua.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\fdtxaiua.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ismhasrv.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zscqahlp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxfhajpg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y96BA1U9\msd[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNK1W525\msd[4].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\11[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\16[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\21[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\2[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\5[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\8[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\11[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\17[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\21[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\4[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\8[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\13[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\15[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\20[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\24[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\28[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\3[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\4[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\6[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\12[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\18[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\22[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\26[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\5[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\9[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\10[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\17[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\22[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\26[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\9[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\10[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\15[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\19[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\23[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\27[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\2[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\6[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\16[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\20[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\24[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\28[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\3[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\7[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
0
mylene22
 
Merci de ton aide Chiquitine29 j'ai fait tout le procédé et voici le rapport de malewarebyte :

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 938
Windows 5.1.2600 Service Pack 3

01:32:17 11.07.2008
mbam-log-7-11-2008 (01-32-17).txt

Type de recherche: Examen rapide
Eléments examinés: 37352
Temps écoulé: 10 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 21
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 51

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\mnmhhsrv.dll (Spyware.OnlineGames) -> Unloaded module successfully.
C:\WINDOWS\system32\detxeiua.dll (Spyware.OnlineGames) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{8c8d1401-a58d-a81c-cd24-a5915c4517c8} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{50618412-c528-c784-c056-c164d1f7c505} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{80af1289-f140-a140-d012-c1458759fc08} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22596546-2036-9451-6058-658402589722} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18093456-9012-4568-9076-908765467181} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32023698-6984-8541-9654-698745012523} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spool SubSystem App (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Host Process for Win32 Services (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{8c8d1401-a58d-a81c-cd24-a5915c4517c8} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50618412-c528-c784-c056-c164d1f7c505} (Spyware.OnlineGames) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{17dfd111-bf3a-4cb4-adb0-88fcbfe69821} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{35671234-7890-abcd-cdef-567801237653} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{37ac9076-c898-b098-d098-a18319080973} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45aadfaa-dd36-42ab-83ad-0521bbf58c24} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{50940f85-f015-14f1-a05f-f69858ac6d05} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{55694105-5108-9405-3695-954187462155} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6a041f13-a111-12a3-b0cf-f99818aa68a6} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{7c8d1401-a58d-a81c-cd24-a5915c4517c7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{83ba45af-faaa-cddd-beee-bcde1234ab38} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{84143967-b645-4bff-b873-da1dc886e9a7} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{aa59145f-315d-bc23-ac1f-145df81a34aa} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{45694105-5108-9405-3695-954187462154} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{22596546-2036-9451-6058-658402589722} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6b1aef69-ddae-fdad-dcab-698f026abdb6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6c648541-1025-9650-9057-6541258720c6} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{528df602-9541-a985-210a-984a698c6f25} (Spyware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{18093456-9012-4568-9076-908765467181} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{32023698-6984-8541-9654-698745012523} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{4a698102-5904-afd0-20df-cd1a65829ca4} (Trojan.Vundo) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\mnmhhsrv.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\detxeiua.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\fdtxaiua.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ismhasrv.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zscqahlp.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\zxfhajpg.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y96BA1U9\msd[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YNK1W525\msd[4].exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\11[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\16[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\21[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\2[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\5[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0STCSRGA\8[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\11[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\17[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\21[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\4[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\0XR9K3IQ\8[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\13[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\15[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\20[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\24[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\28[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\3[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\4[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\7AMO35GX\6[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\12[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\18[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\22[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\26[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\5[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\8FUHJAHE\9[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\10[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\17[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\22[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\26[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\DZ316XN2\9[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\10[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\15[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\19[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\23[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\27[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\2[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\N1MYLY4B\6[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\16[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\20[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\24[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\28[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\3[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\eko\Local Settings\Temporary Internet Files\Content.IE5\R3SRNHVD\7[1].gif (Spyware.OnlineGames) -> Quarantined and deleted successfully.
0
Réponse 4 / 12
Utilisateur anonyme
 
ok réouvre malewarebyte
va sur quarantaine
supprime tout

ensuite refais un scan hijackthis et post le rapport stp
0
mylene22
 
Hello, voilà le nouveau rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:48, on 11.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\IncrediMail\bin\ImNotfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lematin.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {1A698452-C5D8-C584-C256-C264C987C5A1} - (no file)
O2 - BHO: (no name) - {20618412-C528-C784-C056-C164D1F7C502} - (no file)
O2 - BHO: (no name) - {20909876-4567-3908-4056-909834565102} - (no file)
O2 - BHO: (no name) - {25FD6584-698F-BCD2-602C-698745210352} - (no file)
O2 - BHO: (no name) - {2A698452-C5D8-C584-C256-C264C987C5A2} - (no file)
O2 - BHO: (no name) - {2B69874A-C58C-458D-69F0-698F874E41B2} - (no file)
O2 - BHO: (no name) - {37A924AF-1A5F-CF21-AB1D-1D5CF82A8A73} - (no file)
O2 - BHO: (no name) - {3A908760-8000-4000-A000-9000322145A3} - (no file)
O2 - BHO: (no name) - {3C954872-1230-6541-9548-6541025884C3} - (no file)
O2 - BHO: (no name) - {43512378-9874-5641-1025-985420368734} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: tisqatyu.dll,nhmxcjkl.dll,skqncbib.dll,akjsckaq.dll,yzztkmsn.dll,arjreler.dll,
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
Utilisateur anonyme
 
Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

0
mylene22
 
Hello, voilà le rapport de combofix :
ComboFix 08-07-11.1 - eko 2008-07-12 9:26:16.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.276 [GMT 2:00]
Endroit: C:\Documents and Settings\eko\Mes documents\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\cgsqatyu.sys
C:\WINDOWS\system32\ciwdaapi.sys
C:\WINDOWS\system32\dtzfajke.sys
C:\WINDOWS\system32\fassaplo.sys
C:\WINDOWS\system32\fstlbsys.sys
C:\WINDOWS\system32\fxcbbime.sys
C:\WINDOWS\system32\fxwlbime.sys
C:\WINDOWS\system32\fxwmbime.sys
C:\WINDOWS\system32\fxzxbime.sys
C:\WINDOWS\system32\fzmsbwin.sys
C:\WINDOWS\system32\gajzalit.sys
C:\WINDOWS\system32\gpsgajba.sys
C:\WINDOWS\system32\gsdhadwd.sys
C:\WINDOWS\system32\hgfhk.cfg
C:\WINDOWS\system32\ijsgajba.sys
C:\WINDOWS\system32\ismhasrv.exe
C:\WINDOWS\system32\jashbbty.sys
C:\WINDOWS\system32\lariytrz.cfg
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\mnmhhsrv.dll
C:\WINDOWS\system32\newxbttb.sys
C:\WINDOWS\system32\njritc.cfg
C:\WINDOWS\system32\oqrthc.cfg
C:\WINDOWS\system32\pmjhbhlp.sys
C:\WINDOWS\system32\pzdyapaw.sys
C:\WINDOWS\system32\pzwlaime.sys
C:\WINDOWS\system32\pzwmaime.sys
C:\WINDOWS\system32\rnmxajkl.sys
C:\WINDOWS\system32\sdjsakaq.sys
C:\WINDOWS\system32\smhxbbyt.sys
C:\WINDOWS\system32\smmhbsrv.sys
C:\WINDOWS\system32\spmybapi.sys
C:\WINDOWS\system32\spwdbapi.sys
C:\WINDOWS\system32\sqjsakaq.sys
C:\WINDOWS\system32\tiwxattb.sys
C:\WINDOWS\system32\toqnabib.sys
C:\WINDOWS\system32\wymxajkl.sys
C:\WINDOWS\system32\xfztbmsn.sys
C:\WINDOWS\system32\xsdjbbmp.sys
C:\WINDOWS\system32\xzcsbhlp.sys
C:\WINDOWS\system32\xzfhbjpg.sys
C:\WINDOWS\system32\ysjxbdwd.sys
C:\WINDOWS\system32\zdbdb.cfg
C:\WINDOWS\system32\zgxfdx.dll.LoG
C:\WINDOWS\win32t4.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MICR0S0FT_AGENT
-------\Legacy_MICROSOFT_DIR32
-------\Legacy_MICROSOFT_MEDIA
-------\Service_Micr0s0ft Agent
-------\Service_Microsoft Dir32


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-12 to 2008-07-12 ))))))))))))))))))))))))))))))))))))
.

2008-07-11 01:03 . 2008-07-11 01:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 01:03 . 2008-07-11 01:03 <REP> d-------- C:\Documents and Settings\eko\Application Data\Malwarebytes
2008-07-11 01:03 . 2008-07-11 01:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 01:03 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 01:03 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 23:37 . 2008-07-10 23:37 <REP> d-------- C:\VundoFix Backups
2008-07-10 22:45 . 2008-07-10 22:45 <REP> d-------- C:\Program Files\Trend Micro
2008-07-05 08:43 . 2008-07-05 08:43 20,280 --a------ C:\Documents and Settings\eko\Application Data\GDIPFONTCACHEV1.DAT
2008-07-05 08:04 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-05 08:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-05 08:04 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-05 08:04 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-05 08:04 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-05 08:04 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-05 08:04 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-05 08:04 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-05 08:04 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-05 01:47 . 2008-07-05 01:47 <REP> d-------- C:\Program Files\Yahoo!
2008-07-05 01:47 . 2008-07-05 01:48 <REP> d-------- C:\Program Files\CCleaner
2008-07-04 10:01 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-04 10:00 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-04 09:56 . 2008-07-10 12:45 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-04 09:41 . 2008-07-04 09:41 <REP> d--hs---- C:\Documents and Settings\eko\UserData
2008-07-04 09:30 . 2008-07-04 09:33 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-03 23:21 . 2008-07-05 10:06 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\peernet
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-03 23:12 . 2008-07-03 23:22 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-03 23:12 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-07-03 23:03 . 2008-04-13 11:23 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-07-03 22:56 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\[u]0[/u]02713_.tmp
2008-07-03 22:54 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-03 22:48 . 2008-07-03 23:21 <REP> d-------- C:\WINDOWS\EHome
2008-07-03 21:17 . 2008-07-03 21:17 <REP> d-------- C:\Program Files\HD Tune
2008-07-03 19:15 . 2008-04-13 19:34 1,037,824 --a------ C:\WINDOWS\explorer.exe
2008-07-03 19:14 . 2008-07-03 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-07-03 18:58 . 2008-07-03 19:17 <REP> d-------- C:\SMCLpav
2008-07-03 18:45 . 2008-07-03 18:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-03 18:45 . 2008-07-05 01:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-03 18:36 . 2008-07-03 18:36 26 --a------ C:\WINDOWS\DGcounter.ini
2008-07-03 18:19 . 2008-07-04 14:48 <REP> d-------- C:\Program Files\Panda Security
2008-07-03 17:59 . 2008-07-04 14:48 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-07-03 17:09 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-03 17:09 . 2006-02-03 10:00 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-07-03 17:09 . 2006-02-03 10:00 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2008-07-03 17:08 . 2008-07-03 17:08 <REP> d-------- C:\Program Files\Alwil Software
2008-07-03 09:49 . 2008-07-03 09:49 54 --a------ C:\WINDOWS\system32\x
2008-06-27 10:28 . 2008-06-27 10:28 <REP> d-------- C:\Program Files\Cablecom Assistant
2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 22:30 . 2008-06-19 22:30 <REP> d-------- C:\Program Files\Google
2008-06-19 22:30 . 2008-07-11 13:53 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-19 21:49 . 2008-06-19 21:49 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{37DEB320-2DBE-46BF-9873-3DF747F92B16}
2008-06-19 21:48 . 2008-07-03 19:27 <REP> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-06-19 13:34 . 2008-07-03 19:02 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-17 14:42 . 2008-06-17 14:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-06-17 14:41 . 2008-06-17 14:41 <REP> d-------- C:\Program Files\IncrediMail
2008-06-17 14:41 . 2008-06-17 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail
2008-06-13 22:31 . 2008-06-24 20:10 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-13 22:29 . 2008-06-27 10:09 <REP> d-------- C:\WINDOWS\Motive
2008-06-13 22:28 . 2008-06-13 22:28 <REP> d-------- C:\Program Files\Common Files
2008-06-13 22:28 . 2008-06-13 22:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2008-06-13 22:24 . 2008-06-27 10:19 <REP> d-------- C:\Program Files\cablecom
2008-06-13 22:24 . 2008-06-13 22:24 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{5E7FDF7A-E132-431E-88B1-095EE4164B04}

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 07:31 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-04 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 18:12 27,648 ----a-w C:\WINDOWS\system32\tftp.exe
2008-07-03 17:51 9,728 ----a-w C:\WINDOWS\system32\label.exe
2008-07-03 17:50 9,216 ----a-w C:\WINDOWS\system32\find.exe
2008-07-03 16:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-03 14:15 14,336 ----a-w C:\WINDOWS\AppPatch\DesktopWin.dll
2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-15 18:55 32,768 ----a-w C:\WINDOWS\system32\drivers\CnxE2FS.bin
2008-05-15 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-15 15:35 --------- d-----w C:\Program Files\Siber Systems
2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-13 17:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-13 17:37 332,800 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-13 17:33 98,816 ----a-w C:\WINDOWS\system32\psbase.dll
2008-04-13 17:32 764,416 ----a-w C:\WINDOWS\system32\winntbbu.dll
2008-04-13 17:32 61,471 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-13 17:32 5,632 ----a-w C:\WINDOWS\system32\wmi.dll
2008-04-13 17:32 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 17:08 2,191,104 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 17:07 2,067,968 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 17:06 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:04 93,184 ------w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:03 81,920 ------w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:02 50,688 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 17:02 2,985,984 ----a-w C:\WINDOWS\system32\wmploc.dll
2008-04-13 17:01 572,416 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:59 200,704 ------w C:\WINDOWS\system32\wmerror.dll
2008-04-13 16:59 10,240 ----a-w C:\WINDOWS\system32\gpkrsrc.dll
2008-04-13 16:58 1,845,760 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 16:58 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:57 70,144 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 16:55 8,704 ----a-w C:\WINDOWS\system32\asferror.dll
2008-04-13 16:53 70,688 ----a-w C:\WINDOWS\system32\mmsystem.dll
2008-04-13 09:45 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 09:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 09:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 09:40 445,440 ------w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 09:36 2,986,496 ------w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 09:35 197,632 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 09:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 09:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 08:38 306,176 ----a-w C:\WINDOWS\system32\slbcsp.dll
2008-04-13 08:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 08:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 08:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 08:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 07:54 54,080 ----a-w C:\WINDOWS\system32\dosx.exe
2008-04-13 07:53 92,608 ----a-w C:\WINDOWS\system32\krnl386.exe
2008-04-13 07:52 3,352 ----a-w C:\WINDOWS\system32\redir.exe
2008-04-13 07:49 35,648 ----a-w C:\WINDOWS\system32\ntio411.sys
2008-04-13 07:49 35,424 ----a-w C:\WINDOWS\system32\ntio412.sys
2008-04-13 07:49 34,560 ----a-w C:\WINDOWS\system32\ntio804.sys
2008-04-13 07:49 34,560 ----a-w C:\WINDOWS\system32\ntio404.sys
2008-04-13 07:49 34,000 ----a-w C:\WINDOWS\system32\ntio.sys
2008-04-13 07:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 07:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 06:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-12 10:20 558,142 ----a-w C:\WINDOWS\java\Packages\R5FHBNPV.ZIP
2008-04-12 10:20 155,995 ----a-w C:\WINDOWS\java\Packages\NJLZTFV9.ZIP
2004-08-08 11:24 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 19:33 1,040 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 20:54 2,080 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 08:38 520 --sh--w C:\WINDOWS\system32\igxyaloe.sys
2004-08-08 19:52 1,560 --sh--w C:\WINDOWS\system32\iujraler.sys
2004-08-08 19:52 520 --sh--w C:\WINDOWS\system32\sbsqakol.sys
2004-08-08 08:37 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 19:52 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 10:18 520 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-19 22:30 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{84143967-B645-4BFF-B873-DA1DC886E9A7}"= "C:\WINDOWS\system32\cedafb.dll" [2008-07-12 09:34 232960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DesktopWin"= {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll [2008-07-03 16:15 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-05-16 01:19 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-06-12 13:49 243072 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-05-15 17:35 144448 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-06-19 22:30 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 cmosa;cmosa;C:\WINDOWS\system32\DRIVERS\cmosa.sys [2000-10-06 20:51]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2001-09-09 21:10]
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S4 Microsoft Newss;Microsoft Newss;C:\WINDOWS\System32\dllcache\newhost.exe []
S4 Microsoft Visual Basic ;Microsoft Visual Basic ;C:\WINDOWS\system\\MSVCRT.exe []
S4 MSDisk;Network helper Service;C:\WINDOWS\System32\irdvxc.exe []

.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{1E51C0FD-EE36-434B-AD2A-FD1FF3731C38} - (no file)
ShellExecuteHooks-{5E907A48-400E-4EA8-9792-FFAE052D59E9} - (no file)
ShellExecuteHooks-{81AF1CF6-D1C9-4C6A-AC01-EDE54E71945B} - (no file)
ShellExecuteHooks-{53D44DB6-E22B-4B17-97D3-572C96CCA6E1} - C:\WINDOWS\system32\zsdgff.dll
Notify-avldr - (no file)
MSConfigStartUp-runner1 - C:\WINDOWS\mrofinu1001186.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 09:31:59
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...


C:\WINDOWS\system32\sgdewg.dll 225792 bytes executable
C:\WINDOWS\system32\sgdewg.dll.LoG 47 bytes


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cmd.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-12 9:36:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-12 07:35:46

Pre-Run: 21,563,482,112 octets libres
Post-Run: 21,518,524,416 octets libres

290 --- E O F --- 2008-07-10 11:24:13
0
Réponse 6 / 12
Utilisateur anonyme
 
Salut , je pense que le pc doit aller meiux ...

refai sun scan hijackthis et post le rapport stp
0
mylene22
 
Hello, encore mille fois merci mon antivirus n'a plus détecté de virus depuis hier. Voilà le dernier rapport HijackthLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:49:03, on 13.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\eko\LOCALS~1\Temp\12.gif

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lematin.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 202.165.102.205 972.aksjd11.com
O1 - Hosts: 202.165.102.205 w3og.cn
O1 - Hosts: 203.208.35.100 qazc.fourtw.cn
O1 - Hosts: 203.208.35.100 www.aujoy.cn
O1 - Hosts: 203.208.35.101 www.hao601.cn
O1 - Hosts: 203.208.35.101 www.psp476.cn
O1 - Hosts: 72.14.235.99 222.1212l112.net
O1 - Hosts: 72.14.235.99 444.1212l112.netn
O1 - Hosts: 72.14.235.99 555.1212l112.net
O1 - Hosts: 72.14.235.99 111.1212l112.net
O1 - Hosts: 65.55.21.250 111.3243l24.com
O1 - Hosts: 65.55.21.250 222.3243l24.com
O1 - Hosts: 65.55.21.250 333.3243l24.com
O1 - Hosts: 125.64.8.112 kao2.gmwo03.com
O1 - Hosts: 125.64.8.112 kao.gmwo06.com
O1 - Hosts: 125.64.8.112 444.gmwo07.com
O1 - Hosts: 116.252.185.15 ru.update365.us
O1 - Hosts: 116.252.185.15 ad.update365.us
O1 - Hosts: 207.46.232.182 popmails.net
O1 - Hosts: 203.208.37.99 3.goodhh.com
O1 - Hosts: 220.181.37.55 down.rwixr.com
O1 - Hosts: 160.79.42.52 www.xdj2008.com
O1 - Hosts: 63.175.76.152 www.revtr.cn
O1 - Hosts: 219.133.40.91 qq.ljsll.com
O1 - Hosts: 203.208.35.102 www.aassccwe.cn
O1 - Hosts: 209.132.177.50 973.aksjd11.com
O1 - Hosts: 209.132.177.50 974.aksjd11.com
O1 - Hosts: 209.132.177.50 971.aksjd11.com
O1 - Hosts: 209.132.177.50 975.aksjd11.com
O1 - Hosts: 72.14.235.104 user1.12-39.net
O1 - Hosts: 72.14.235.147 www.infomt.net
O1 - Hosts: 192.150.18.101 ata1.sysions.net
O1 - Hosts: 192.150.18.101 ata2.sysions.net
O1 - Hosts: 192.150.18.101 ata3.sysions.net
O1 - Hosts: 192.150.18.101 ata4.sysions.net
O1 - Hosts: 193.120.42.226 8nnnnn99.cn
O1 - Hosts: 24.39.54.34 www.haoaoao.cn
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0
Réponse 7 / 12
Utilisateur anonyme
 
Salut

Télécharge cet outil de SiRi:

http://siri.urz.free.fr/RHosts.php

Double cliquer dessus pour l'exécuter

et cliquer sur " Restore original Hosts "

ps : c est normal que rien ne se passe

puis redémarre le pc et refai sun scan hijackthis et post le rapport stp
0
mylene22
 
Hello, voilä le nouveau rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:49:22, on 14.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lematin.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,svchost.xy3
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: DesktopWin - {DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0
Réponse 8 / 12
Utilisateur anonyme
 
Copie le texte ci-dessous :

File::
C:\WINDOWS\[u]0/u02713_.tmp
C:\WINDOWS\AppPatch\DesktopWin.dll

Folder::
C:\VundoFix Backups

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]­
"DesktopWin"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

0
mylene22
 
ComboFix 08-07-11.1 - eko 2008-07-14 17:43:47.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.280 [GMT 2:00]
Endroit: C:\Documents and Settings\eko\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\eko\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\[u]0/u02713_.tmp
C:\WINDOWS\AppPatch\DesktopWin.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\WINDOWS\AppPatch\DesktopWin.dll
C:\WINDOWS\system32\cedafb.dll
C:\WINDOWS\system32\ddserh.dll
C:\WINDOWS\system32\fsrgeb.dll
C:\WINDOWS\system32\hhrdxd.dll
C:\WINDOWS\system32\jfrwdh.dll
C:\WINDOWS\system32\rfdswc.dll
C:\WINDOWS\system32\sgdewg.dll
C:\WINDOWS\system32\tdggrz.dll
C:\WINDOWS\system32\tdggrz.dll.LoG
C:\WINDOWS\system32\wzcfsw.dll
C:\WINDOWS\system32\zgxfdx.dll
C:\WINDOWS\system32\zgxfdx.dll.LoG

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-14 to 2008-07-14 ))))))))))))))))))))))))))))))))))))
.

2008-07-13 20:50 . 2008-07-14 17:20 232,960 --ah----- C:\WINDOWS\system32\pedadt.dll
2008-07-13 20:50 . 2008-07-14 17:20 218,624 --ah----- C:\WINDOWS\system32\ydggsx.dll
2008-07-13 20:50 . 2008-07-13 20:50 16,384 --a------ C:\WINDOWS\system32\svchost.xy3
2008-07-13 20:49 . 2008-07-14 17:17 240,128 --ah----- C:\WINDOWS\system32\fmcvxy.dll
2008-07-13 20:48 . 2008-07-14 17:17 243,712 --ah----- C:\WINDOWS\system32\tdfhex.dll
2008-07-12 12:14 . 2008-07-14 17:19 225,792 --ah----- C:\WINDOWS\system32\dndsaf.dll
2008-07-12 12:13 . 2008-07-14 17:19 225,792 --ah----- C:\WINDOWS\system32\zycdex.dll
2008-07-12 12:11 . 2008-07-14 17:18 225,792 --ah----- C:\WINDOWS\system32\zsdgff.dll
2008-07-11 01:03 . 2008-07-11 01:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 01:03 . 2008-07-11 01:03 <REP> d-------- C:\Documents and Settings\eko\Application Data\Malwarebytes
2008-07-11 01:03 . 2008-07-11 01:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 01:03 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 01:03 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 22:45 . 2008-07-10 22:45 <REP> d-------- C:\Program Files\Trend Micro
2008-07-05 08:43 . 2008-07-05 08:43 20,280 --a------ C:\Documents and Settings\eko\Application Data\GDIPFONTCACHEV1.DAT
2008-07-05 08:04 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-05 08:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-05 08:04 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-05 08:04 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-05 08:04 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-05 08:04 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-05 08:04 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-05 08:04 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-05 08:04 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-05 01:47 . 2008-07-05 01:47 <REP> d-------- C:\Program Files\Yahoo!
2008-07-05 01:47 . 2008-07-05 01:48 <REP> d-------- C:\Program Files\CCleaner
2008-07-04 10:01 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-04 10:00 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-04 09:56 . 2008-07-10 12:45 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-04 09:41 . 2008-07-04 09:41 <REP> d--hs---- C:\Documents and Settings\eko\UserData
2008-07-04 09:30 . 2008-07-04 09:33 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-03 23:21 . 2008-07-05 10:06 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\peernet
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-03 23:12 . 2008-07-03 23:22 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-03 23:12 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-07-03 23:03 . 2008-04-13 11:23 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-07-03 22:56 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\[u]0[/u]02713_.tmp
2008-07-03 22:54 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-03 22:48 . 2008-07-03 23:21 <REP> d-------- C:\WINDOWS\EHome
2008-07-03 21:17 . 2008-07-03 21:17 <REP> d-------- C:\Program Files\HD Tune
2008-07-03 19:15 . 2008-04-13 19:34 1,037,824 --a------ C:\WINDOWS\explorer.exe
2008-07-03 19:14 . 2008-07-03 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-07-03 18:58 . 2008-07-03 19:17 <REP> d-------- C:\SMCLpav
2008-07-03 18:45 . 2008-07-03 18:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-03 18:45 . 2008-07-05 01:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-03 18:36 . 2008-07-03 18:36 26 --a------ C:\WINDOWS\DGcounter.ini
2008-07-03 18:19 . 2008-07-04 14:48 <REP> d-------- C:\Program Files\Panda Security
2008-07-03 17:59 . 2008-07-04 14:48 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-07-03 17:09 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-03 17:09 . 2006-02-03 10:00 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-07-03 17:09 . 2006-02-03 10:00 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2008-07-03 17:08 . 2008-07-03 17:08 <REP> d-------- C:\Program Files\Alwil Software
2008-07-03 09:49 . 2008-07-03 09:49 54 --a------ C:\WINDOWS\system32\x
2008-06-27 10:28 . 2008-06-27 10:28 <REP> d-------- C:\Program Files\Cablecom Assistant
2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 22:30 . 2008-06-19 22:30 <REP> d-------- C:\Program Files\Google
2008-06-19 22:30 . 2008-07-13 20:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-19 21:49 . 2008-06-19 21:49 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{37DEB320-2DBE-46BF-9873-3DF747F92B16}
2008-06-19 21:48 . 2008-07-03 19:27 <REP> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-06-19 13:34 . 2008-07-03 19:02 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-17 14:42 . 2008-06-17 14:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-06-17 14:41 . 2008-06-17 14:41 <REP> d-------- C:\Program Files\IncrediMail
2008-06-17 14:41 . 2008-06-17 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 15:44 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-04 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 16:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-27 08:19 --------- d-----w C:\Program Files\cablecom
2008-06-24 18:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 20:28 --------- d-----w C:\Program Files\Common Files
2008-06-13 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-06-13 20:24 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{5E7FDF7A-E132-431E-88B1-095EE4164B04}
2008-05-15 18:55 32,768 ----a-w C:\WINDOWS\system32\drivers\CnxE2FS.bin
2008-05-15 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-15 15:35 --------- d-----w C:\Program Files\Siber Systems
2004-08-08 11:24 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 19:33 1,040 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 20:54 2,080 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 08:38 520 --sh--w C:\WINDOWS\system32\igxyaloe.sys
2004-08-08 19:52 1,560 --sh--w C:\WINDOWS\system32\iujraler.sys
2004-08-08 19:52 520 --sh--w C:\WINDOWS\system32\sbsqakol.sys
2004-08-08 08:37 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 19:52 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 10:18 520 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-12_ 9.34.52.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 07:31:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-14 15:47:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 18:51:03 45,056 ----a-w C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
+ 2008-07-14 15:47:44 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_610.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-19 22:30 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}"= "C:\WINDOWS\system32\zsdgff.dll" [2008-07-14 17:18 225792]
"{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}"= "C:\WINDOWS\system32\dndsaf.dll" [2008-07-14 17:19 225792]
"{0B846B26-BFE6-4E8E-A948-1DB17B77B483}"= "C:\WINDOWS\system32\tdfhex.dll" [2008-07-14 17:17 243712]
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"= "C:\WINDOWS\system32\fmcvxy.dll" [2008-07-14 17:17 240128]
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"= "C:\WINDOWS\system32\pedadt.dll" [2008-07-14 17:20 232960]
"{0086DD39-EB8E-4504-A085-AC8A433E34D0}"= "C:\WINDOWS\system32\ydggsx.dll" [2008-07-14 17:20 218624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-05-16 01:19 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-06-12 13:49 243072 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-05-15 17:35 144448 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-06-19 22:30 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 cmosa;cmosa;C:\WINDOWS\system32\DRIVERS\cmosa.sys [2000-10-06 20:51]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2001-09-09 21:10]
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S4 Microsoft Newss;Microsoft Newss;C:\WINDOWS\System32\dllcache\newhost.exe []
S4 Microsoft Visual Basic ;Microsoft Visual Basic ;C:\WINDOWS\system\\MSVCRT.exe []
S4 MSDisk;Network helper Service;C:\WINDOWS\System32\irdvxc.exe []

.
- - - - ORPHANS REMOVED - - - -

SSODL-DesktopWin-{DA191DE0-AA86-4ED0-4B87-292A3D48BE99} - C:\WINDOWS\AppPatch\DesktopWin.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 17:49:18
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cmd.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-14 17:52:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 15:52:21
ComboFix2.txt 2008-07-12 07:36:54

Pre-Run: 21,516,726,272 octets libres
Post-Run: 21,517,402,112 octets libres

205 --- E O F --- 2008-07-10 11:24:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:03:40, on 14.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lematin.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0
Réponse 9 / 12
Utilisateur anonyme
 
de nouveaux fichiers sont apparus

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\pedadt.dll
C:\WINDOWS\system32\ydggsx.dll
C:\WINDOWS\system32\svchost.xy3
C:\WINDOWS\system32\fmcvxy.dll
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\dndsaf.dll
C:\WINDOWS\system32\zycdex.dll
C:\WINDOWS\system32\zsdgff.dll

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{53D44DB6-E22B-4B17-97D3-572C96CCA6E1}"=-
"{259BF3CF-194D-4FE6-9ADB-DE6544B098B6}"=-
"{0B846B26-BFE6-4E8E-A948-1DB17B77B483}"=-
"{73AE86E6-7F03-4C3B-8980-FB1DA157D3C7}"=-
"{5E907A48-400E-4EA8-9792-FFAE052D59E9}"=-
"{0086DD39-EB8E-4504-A085-AC8A433E34D0}"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

0
mylene22
 
ComboFix 08-07-11.1 - eko 2008-07-15 11:55:42.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.303 [GMT 2:00]
Endroit: C:\Documents and Settings\eko\Mes documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\eko\Mes documents\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\dndsaf.dll
C:\WINDOWS\system32\fmcvxy.dll
C:\WINDOWS\system32\pedadt.dll
C:\WINDOWS\system32\svchost.xy3
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\ydggsx.dll
C:\WINDOWS\system32\zsdgff.dll
C:\WINDOWS\system32\zycdex.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dndsaf.dll
C:\WINDOWS\system32\fmcvxy.dll
C:\WINDOWS\system32\pedadt.dll
C:\WINDOWS\system32\svchost.xy3
C:\WINDOWS\system32\tdfhex.dll
C:\WINDOWS\system32\ydggsx.dll
C:\WINDOWS\system32\zsdgff.dll
C:\WINDOWS\system32\zycdex.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-15 to 2008-07-15 ))))))))))))))))))))))))))))))))))))
.

2008-07-11 01:03 . 2008-07-11 01:21 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-11 01:03 . 2008-07-11 01:03 <REP> d-------- C:\Documents and Settings\eko\Application Data\Malwarebytes
2008-07-11 01:03 . 2008-07-11 01:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-11 01:03 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-11 01:03 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 22:45 . 2008-07-10 22:45 <REP> d-------- C:\Program Files\Trend Micro
2008-07-05 08:43 . 2008-07-05 08:43 20,280 --a------ C:\Documents and Settings\eko\Application Data\GDIPFONTCACHEV1.DAT
2008-07-05 08:04 . 2008-04-23 06:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-05 08:04 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-05 08:04 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-05 08:04 . 2008-04-23 06:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-05 08:04 . 2008-04-23 06:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-05 08:04 . 2008-04-23 06:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-05 08:04 . 2008-04-23 06:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-05 08:04 . 2008-04-23 06:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-05 08:04 . 2008-04-22 09:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-05 01:47 . 2008-07-05 01:47 <REP> d-------- C:\Program Files\Yahoo!
2008-07-05 01:47 . 2008-07-05 01:48 <REP> d-------- C:\Program Files\CCleaner
2008-07-04 10:01 . 2008-06-14 19:33 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-04 10:00 . 2008-05-08 16:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-04 09:56 . 2008-07-10 12:45 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-04 09:41 . 2008-07-04 09:41 <REP> d--hs---- C:\Documents and Settings\eko\UserData
2008-07-04 09:30 . 2008-07-04 09:33 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-07-03 23:21 . 2008-07-05 10:06 <REP> d-------- C:\WINDOWS\system32\fr-fr
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\system32\fr
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\system32\bits
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\peernet
2008-07-03 23:20 . 2008-07-03 23:20 <REP> d-------- C:\WINDOWS\l2schemas
2008-07-03 23:12 . 2008-07-03 23:22 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-07-03 23:12 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-07-03 23:03 . 2008-04-13 11:23 1,309,184 --------- C:\WINDOWS\system32\drivers\mtlstrm.sys
2008-07-03 22:56 . 2006-12-28 12:01 19,569 --a------ C:\WINDOWS\[u]0[/u]02713_.tmp
2008-07-03 22:54 . 2007-08-10 08:18 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-03 22:48 . 2008-07-03 23:21 <REP> d-------- C:\WINDOWS\EHome
2008-07-03 21:17 . 2008-07-03 21:17 <REP> d-------- C:\Program Files\HD Tune
2008-07-03 19:15 . 2008-04-13 19:34 1,037,824 --a------ C:\WINDOWS\explorer.exe
2008-07-03 19:14 . 2008-07-03 19:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-07-03 18:58 . 2008-07-03 19:17 <REP> d-------- C:\SMCLpav
2008-07-03 18:45 . 2008-07-03 18:45 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-03 18:45 . 2008-07-05 01:50 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-03 18:36 . 2008-07-03 18:36 26 --a------ C:\WINDOWS\DGcounter.ini
2008-07-03 18:19 . 2008-07-04 14:48 <REP> d-------- C:\Program Files\Panda Security
2008-07-03 17:59 . 2008-07-04 14:48 <REP> d-------- C:\Program Files\Fichiers communs\Panda Software
2008-07-03 17:09 . 2003-03-18 22:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-03 17:09 . 2006-02-03 10:00 499,712 --a------ C:\WINDOWS\system32\MSVCP71.DLL
2008-07-03 17:09 . 2006-02-03 10:00 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DLL
2008-07-03 17:08 . 2008-07-03 17:08 <REP> d-------- C:\Program Files\Alwil Software
2008-07-03 09:49 . 2008-07-03 09:49 54 --a------ C:\WINDOWS\system32\x
2008-06-27 10:28 . 2008-06-27 10:28 <REP> d-------- C:\Program Files\Cablecom Assistant
2008-06-20 19:47 . 2008-06-20 19:47 247,808 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 19:47 . 2008-06-20 19:47 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 13:51 . 2008-06-20 13:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 13:40 . 2008-06-20 13:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 13:08 . 2008-06-20 13:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-19 22:30 . 2008-06-19 22:30 <REP> d-------- C:\Program Files\Google
2008-06-19 22:30 . 2008-07-15 12:07 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-19 21:49 . 2008-06-19 21:49 <REP> d--h----- C:\Documents and Settings\All Users\Application Data\{37DEB320-2DBE-46BF-9873-3DF747F92B16}
2008-06-19 21:48 . 2008-07-03 19:27 <REP> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-06-19 13:34 . 2008-07-03 19:02 24 --a------ C:\WINDOWS\system32\ngjxakin.sys
2008-06-17 14:42 . 2008-06-17 14:42 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IM
2008-06-17 14:41 . 2008-06-17 14:41 <REP> d-------- C:\Program Files\IncrediMail
2008-06-17 14:41 . 2008-06-17 14:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\IncrediMail

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 15:44 9,728 ----a-w C:\WINDOWS\AppPatch\AclLayer.dll
2008-07-04 12:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-03 16:09 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-06-27 08:19 --------- d-----w C:\Program Files\cablecom
2008-06-24 18:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 20:28 --------- d-----w C:\Program Files\Common Files
2008-06-13 20:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-06-13 20:24 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{5E7FDF7A-E132-431E-88B1-095EE4164B04}
2008-05-15 18:55 32,768 ----a-w C:\WINDOWS\system32\drivers\CnxE2FS.bin
2008-05-15 15:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2008-05-15 15:35 --------- d-----w C:\Program Files\Siber Systems
2004-08-08 11:24 520 --sh--w C:\WINDOWS\system32\aoqnabib.sys
2004-08-08 19:33 1,040 --sh--w C:\WINDOWS\system32\erjxakin.sys
2004-08-08 20:54 2,080 --sh--w C:\WINDOWS\system32\ictxaiua.sys
2004-08-08 08:38 520 --sh--w C:\WINDOWS\system32\igxyaloe.sys
2004-08-08 19:52 1,560 --sh--w C:\WINDOWS\system32\iujraler.sys
2004-08-08 19:52 520 --sh--w C:\WINDOWS\system32\sbsqakol.sys
2004-08-08 08:37 520 --sh--w C:\WINDOWS\system32\smdsbsrv.sys
2004-08-08 19:52 520 --sh--w C:\WINDOWS\system32\snfybbyt.sys
2004-08-08 10:18 520 --sh--w C:\WINDOWS\system32\xscqbhlp.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-12_ 9.34.52.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-12 07:31:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-15 09:59:34 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 18:51:03 45,056 ----a-w C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
- 2008-07-12 07:19:10 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_604.dat
+ 2008-07-15 09:59:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_604.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-19 22:30 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:34 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
NvQTwk [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2008-05-16 01:19 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-06-12 13:49 243072 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoboForm]
--a------ 2008-05-15 17:35 144448 C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-06-19 22:30 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 cmosa;cmosa;C:\WINDOWS\system32\DRIVERS\cmosa.sys [2000-10-06 20:51]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys [2001-09-09 21:10]
S3 eth8023;eth8023;C:\WINDOWS\system32\drivers\eth8023.sys []
S4 Microsoft Newss;Microsoft Newss;C:\WINDOWS\System32\dllcache\newhost.exe []
S4 Microsoft Visual Basic ;Microsoft Visual Basic ;C:\WINDOWS\system\\MSVCRT.exe []
S4 MSDisk;Network helper Service;C:\WINDOWS\System32\irdvxc.exe []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-15 12:40:59
Windows 5.1.2600 Service Pack 3 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\cmd.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-15 12:43:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-15 10:43:41
ComboFix2.txt 2008-07-14 15:52:45
ComboFix3.txt 2008-07-12 07:36:54

Pre-Run: 21,548,064,768 octets libres
Post-Run: 21,542,027,264 octets libres

190 --- E O F --- 2008-07-10 11:24:13


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:34, on 15.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\bin\IMApp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lematin.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
0
Réponse 10 / 12
Utilisateur anonyme
 
ok on termine

regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

Pour désinstaller Avast telecharge cet outil

https://www.avast.com/fr-fr/uninstall-utility

ensuite tu n as pas de parefeu :

pare-feu gratuits

télécharger la version gratuite de Zone alarm
https://www.pcastuces.com/logitheque/zonealarm.htm
TUTO
http://securite-facile.ovh.org/zonealarm.php
http://forum.telecharger.01net.com/forum/

ou

télécharger la version gratuite de Kerio
Kerio (parefeu)
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
TUTO
https://kerio.probb.fr/
SITE de Kerio
https://kerio.probb.fr/

ou

ComodoFirewallPro 2.4 téléchargement
http://www.personalfirewall.comodo.com/
Tuto pour la 2.4
https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
Tuto pour la 2.4
http://www.nordicnature.net/tutorials/comodo/cf24wiz.htm
Attention la 3.0 est en anglais uniquement et est plus difficile a paramétrer
Tuto pour la 3.0
https://infomars.fr/forum/index.php?showtopic=1225

ou

OnlineArmor :
téléchargement:https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall

tutoriels:https://forum.pcastuces.com/sujet.asp?f=25&s=35606
:https://www.malekal.com/tutorial-online-armor-free/

A lire :

https://www.commentcamarche.net/contents/992-firewall-pare-feu

puis un bonus :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : https://www.malekal.com/tutorial-spywareblaster/

puis

pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

http://www.mozilla-europe.org/fr/

plugins : ad block plus, no script ect...

https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

ensuite :

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

ensuite :

Télecharge et instal AVG anti spyware:

http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

instal le et met le a jours

ensuite lance le scan et supprime

puis poste le rapport sur le forum stp

ensuite :

* pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner

# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

et :

Clic sur "démarrer", cliques droit sur "poste de travail", "propriétés", onglet "restauration du système"

¤ coche la case "désactiver la Restauration du systéme sur tous les lecteurs", puis clic sur "appliquer"
¤ décoche la case et clic sur "appliquer" puis "ok".

Maintenant, que l'ont à effacés les point infectés, nous allons créer un point propre:

Clic sur "démarrer", "tous les programmes", "accessoires", "outils système", "restauration du système", choisis "créer un point de restauration" nommes le " ccm" par exemple, cliques sur "créer" puis "ok".
Voilà, maintenant le point de restauration est créé. Si un jour tu décides tu pourras revenir en arrière à la date créée.

Tuto : http://www.libellules.ch/desactiver_restauration.php

0
mylene22
 
Hello voilà déjà le rapport AVG :

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 08:57:28 16.07.2008

+ Résultat de l'analyse:



C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VG0WWVRM\abb[1].gif -> Downloader.Murlo.nn : Nettoyé.
[1104] C:\WINDOWS\TEMP\wmsetup.dll -> Downloader.Murlo.nn : Nettoyé.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\F3TZSOGV\update[1].gif -> Downloader.Small.xwr : Nettoyé.
C:\Documents and Settings\eko\Cookies\eko@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.


Fin du rapport
0
mylene22
 
Et le rapport TCleaner :

-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\eko\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\eko\Mes documents\ComboFix.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\eko\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\eko\Mes documents\ComboFix.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Corbeille vidée!
0
Réponse 11 / 12
Utilisateur anonyme
 
ok parfait si tu n as pas de soucis tu pourras mettre resolu @++
0
mylene22
 
Encore mille fois merci pour ton aide.
0
Réponse 12 / 12
Utilisateur anonyme
 
De rien mylene @++
0

Discussions similaires

svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses