Warning! spyware detected on your computer

spagiari Messages postés 15 Statut Membre -  
 spagiari -
Bonjour,
j ai installé un jeu "uno" pour ne pas le citer et depuis mon pc affiche un fond d ecran bleu avec le message "warning! Spyware detected on your computer!/ Install an antivirus or spyware remover to clean your computer." sur fond jaune en plus de ca j ai eu le droit a "antivirrus xp 2008" qui c est intallé en meme temps.
Depuis spybot deconne completement ainsi que la mise ajour automatique de windows et pour finir mon navigateur internet est tres lent.
Merci d avance

ps j ai deja vu des solutions sur le forum mais il es indiqué que les manoeuvres peuvent etre unique a chaque cas...
Configuration: Windows XP
Mozilla

26 réponses

  • 1
  • 2
  1. Utilisateur anonyme
     
    Salut

    # Télécharge ceci: (merci a S!RI pour ce petit programme).

    http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Exécute le, Double click sur Smitfraudfix.cmd choisit l’option 1,
    voila a quoi cela ressemble : http://siri.urz.free.fr/Fix/SmitfraudFix.php
    il va générer un rapport : copie/colle le sur le poste stp.

    0
  2. spagiari Messages postés 15 Statut Membre
     
    merci pour la rapidité de votre reponse
    voici le rapport
    SmitFraudFix v2.329

    Rapport fait à 14:03:42,14, 19/07/2008
    Executé à partir de C:\Documents and Settings\Alexandre\Bureau\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    Fichier hosts corrompu !

    127.0.0.1 www.legal-at-spybot.info
    127.0.0.1 legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexandre

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexandre\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ALEXAN~1\Favoris

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 82.216.111.125
    DNS Server Search Order: 82.216.111.124
    DNS Server Search Order: 82.216.111.125
    DNS Server Search Order: 82.216.111.123

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9180509E-EC00-4319-8831-09B6A2457277}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9180509E-EC00-4319-8831-09B6A2457277}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9180509E-EC00-4319-8831-09B6A2457277}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  3. Utilisateur anonyme
     
    Télécharge cet outil de SiRi:

    http://siri.urz.free.fr/RHosts.php

    Double cliquer dessus pour l'exécuter

    et cliquer sur " Restore original Hosts "

    ps : c est normal que rien ne se passe

    Ensuite :

    # Démarre en mode sans échec :
    Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
    Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
    Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
    (Si F8 ne marche pas utilise la touche F5).
    ----------------------------------------------------------------------------
    # Relance le programme Smitfraud :
    Cette fois choisit l’option 2, répond oui a tous ;
    Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum

    ensuite :

    Telecharge malwarebytes

    -> http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

    Copie et colle le rapport stp.

    ps : les rapport sont aussi rangé dans l onglet rapport/log

    ensuite :

    Télécharge HijackThis ici :

    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

    Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)

    -> http://pageperso.aol.fr/balltrap34/Hijenr.gif

    Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

    -> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

    Post le rapport généré ici stp...

    0
  4. spagiari Messages postés 15 Statut Membre
     
    Voici la suite et encore merci

    SmitFraudFix v2.329

    Rapport fait à 14:16:01,04, 19/07/2008
    Executé à partir de C:\Documents and Settings\Alexandre\Bureau\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost

    »»»»»»»»»»»»»»»»»»»»»»»» VACFix

    VACFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

    S!Ri's WS2Fix: LSP not Found.

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    »»»»»»»»»»»»»»»»»»»»»»»» IEDFix

    IEDFix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» 404Fix

    404Fix
    Credits: Malware Analysis & Diagnostic
    Code: S!Ri

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{9180509E-EC00-4319-8831-09B6A2457277}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{9180509E-EC00-4319-8831-09B6A2457277}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{9180509E-EC00-4319-8831-09B6A2457277}: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=82.216.111.125 82.216.111.124 82.216.111.125 82.216.111.123

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. spagiari Messages postés 15 Statut Membre
     
    voici les 2 autres rapport suivant

    Malwarebytes' Anti-Malware 1.21
    Version de la base de données: 966
    Windows 5.1.2600 Service Pack 2

    14:52:56 19/07/2008
    mbam-log-7-19-2008 (14-52-56).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 79251
    Temps écoulé: 22 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 16
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 12
    Fichier(s) infecté(s): 39

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\khfFULcy.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Unloaded module successfully.
    C:\WINDOWS\system32\urqdnods.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631b694e-1f6b-4de5-b34d-c9c4f7ac1b53} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{631b694e-1f6b-4de5-b34d-c9c4f7ac1b53} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmd3c6a605 (Trojan.Agent) -> Delete on reboot.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\khfFULcy.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ycLUFfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ycLUFfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\spexnbrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\crbnxeps.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
    C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009619.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009622.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009624.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009625.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009652.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009669.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009813.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009812.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009814.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP70\A0009916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\rhcakaj0eaf9.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\rhcakaj0eaf9.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqdnods.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\BMd3c6a605.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMd3c6a605.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcekaj0eaf9.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphcekaj0eaf9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcekaj0eaf9.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:02:05, on 19/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {1163CEEB-7C80-4F41-BD2B-A8653949421F} - C:\WINDOWS\system32\xxyxUlMc.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [d0f59599] rundll32.exe "C:\WINDOWS\system32\gudmgtch.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    0
  7. spagiari Messages postés 15 Statut Membre
     
    voici les 2 autres rapport suivant

    Malwarebytes' Anti-Malware 1.21
    Version de la base de données: 966
    Windows 5.1.2600 Service Pack 2

    14:52:56 19/07/2008
    mbam-log-7-19-2008 (14-52-56).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 79251
    Temps écoulé: 22 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 16
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 12
    Fichier(s) infecté(s): 39

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\khfFULcy.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Unloaded module successfully.
    C:\WINDOWS\system32\urqdnods.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631b694e-1f6b-4de5-b34d-c9c4f7ac1b53} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{631b694e-1f6b-4de5-b34d-c9c4f7ac1b53} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmd3c6a605 (Trojan.Agent) -> Delete on reboot.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\khfFULcy.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ycLUFfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ycLUFfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\spexnbrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\crbnxeps.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
    C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009619.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009622.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009624.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009625.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009652.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009669.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009813.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009812.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009814.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP70\A0009916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\rhcakaj0eaf9.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\rhcakaj0eaf9.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqdnods.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\BMd3c6a605.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMd3c6a605.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcekaj0eaf9.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphcekaj0eaf9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcekaj0eaf9.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:02:05, on 19/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {1163CEEB-7C80-4F41-BD2B-A8653949421F} - C:\WINDOWS\system32\xxyxUlMc.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [d0f59599] rundll32.exe "C:\WINDOWS\system32\gudmgtch.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    0
  8. spagiari Messages postés 15 Statut Membre
     
    voici les 2 autres rapport suivant

    Malwarebytes' Anti-Malware 1.21
    Version de la base de données: 966
    Windows 5.1.2600 Service Pack 2

    14:52:56 19/07/2008
    mbam-log-7-19-2008 (14-52-56).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 79251
    Temps écoulé: 22 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 16
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 12
    Fichier(s) infecté(s): 39

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\khfFULcy.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Unloaded module successfully.
    C:\WINDOWS\system32\urqdnods.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631b694e-1f6b-4de5-b34d-c9c4f7ac1b53} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{631b694e-1f6b-4de5-b34d-c9c4f7ac1b53} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmd3c6a605 (Trojan.Agent) -> Delete on reboot.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\khfFULcy.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ycLUFfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ycLUFfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\spexnbrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\crbnxeps.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
    C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009619.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009622.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009624.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009625.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009652.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009669.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009813.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009812.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009814.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP70\A0009916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\rhcakaj0eaf9.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\rhcakaj0eaf9.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqdnods.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\BMd3c6a605.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMd3c6a605.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcekaj0eaf9.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphcekaj0eaf9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcekaj0eaf9.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:02:05, on 19/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {1163CEEB-7C80-4F41-BD2B-A8653949421F} - C:\WINDOWS\system32\xxyxUlMc.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [d0f59599] rundll32.exe "C:\WINDOWS\system32\gudmgtch.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    0
  9. spagiari Messages postés 15 Statut Membre
     
    voici les 2 autres rapport suivant

    Malwarebytes' Anti-Malware 1.21
    Version de la base de données: 966
    Windows 5.1.2600 Service Pack 2

    14:52:56 19/07/2008
    mbam-log-7-19-2008 (14-52-56).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 79251
    Temps écoulé: 22 minute(s), 15 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 3
    Clé(s) du Registre infectée(s): 16
    Valeur(s) du Registre infectée(s): 5
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 12
    Fichier(s) infecté(s): 39

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\khfFULcy.dll (Trojan.Vundo) -> Unloaded module successfully.
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Unloaded module successfully.
    C:\WINDOWS\system32\urqdnods.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{631b694e-1f6b-4de5-b34d-c9c4f7ac1b53} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{631b694e-1f6b-4de5-b34d-c9c4f7ac1b53} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\TypeLib\{f0d4b230-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23a-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{f0d4b23c-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b15fd82e-85bc-430d-90cb-65db1b030510} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f0d4b23b-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa} (Adware.AskSBAR) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmd3c6a605 (Trojan.Agent) -> Delete on reboot.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\khffulcy -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9 (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\rhcakaj0eaf9\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\khfFULcy.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\ycLUFfhk.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ycLUFfhk.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\spexnbrc.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\crbnxeps.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Adware.AskSBAR) -> Delete on reboot.
    C:\Program Files\AskSBar\bar\1.bin\A2HIGHIN.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\A2PLUGIN.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\Program Files\AskSBar\bar\1.bin\NPASKSBR.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009619.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009622.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009624.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009625.DLL (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009652.DLL (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP67\A0009669.dll (Adware.AskSBAR) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009813.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009812.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009814.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009815.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP69\A0009816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{E85D7102-DEE5-4656-B929-9BBD6FAE9DDB}\RP70\A0009916.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\rhcakaj0eaf9.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\rhcakaj0eaf9.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcakaj0eaf9\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Alexandre\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqdnods.dll (Trojan.Agent) -> Delete on reboot.
    C:\WINDOWS\BMd3c6a605.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\BMd3c6a605.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcekaj0eaf9.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphcekaj0eaf9.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcekaj0eaf9.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:02:05, on 19/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {1163CEEB-7C80-4F41-BD2B-A8653949421F} - C:\WINDOWS\system32\xxyxUlMc.dll (file missing)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [d0f59599] rundll32.exe "C:\WINDOWS\system32\gudmgtch.dll",b
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    0
  10. Utilisateur anonyme
     
    ok il te reste du vundo le pc doit deja aller mieux

    desinstal java car pas a jours et telecharge et instal cette version :

    https://www.java.com/fr/download/manual.jsp

    internet explorer n est pas a jours (faille de securité) telecharge et instal la version 7 :

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    apres installation redémarre le pc

    ensuite pour vundo :

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    -> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    0
  11. spagiari Messages postés 15 Statut Membre
     
    et enfin voici le dernier rapport

    ComboFix 08-07-18.5 - Alexandre 2008-07-19 15:38:58.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.369 [GMT 2:00]
    Endroit: C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\pskt.ini
    C:\WINDOWS\system32\ghicbn.dll
    C:\WINDOWS\system32\hctgmdug.ini
    C:\WINDOWS\system32\khfFULcy.dll
    C:\WINDOWS\system32\mcrh.tmp
    C:\WINDOWS\system32\qcyuqlqb.dll
    C:\WINDOWS\system32\urqdnods.dll
    C:\WINDOWS\system32\vujpnesg.dll
    C:\WINDOWS\system32\ycLUFfhk.ini
    C:\WINDOWS\system32\ycLUFfhk.ini2

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-19 15:29 . 2008-07-19 15:29 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-07-19 15:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-07-19 15:24 . 2008-07-19 15:24 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-07-19 14:59 . 2008-07-19 14:59 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-19 14:26 . 2008-07-19 14:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-19 14:26 . 2008-07-19 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-19 14:26 . 2008-07-19 14:26 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
    2008-07-19 14:26 . 2008-07-18 19:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-19 14:26 . 2008-07-18 19:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-19 14:04 . 2008-07-19 14:16 2,340 --a------ C:\WINDOWS\system32\tmp.reg
    2008-07-19 00:30 . 2008-07-19 00:30 <REP> d-------- C:\Program Files\AskSBar
    2008-07-18 21:01 . 2008-07-18 21:01 <REP> d-------- C:\Program Files\Google
    2008-07-18 21:01 . 2008-07-18 21:01 <REP> d-------- C:\Program Files\GameHouse
    2008-07-18 20:57 . 2008-07-18 22:04 <REP> d-------- C:\WINDOWS\UNO.Undercover
    2008-07-17 10:42 . 2008-07-17 10:42 <REP> d-------- C:\Program Files\iPod
    2008-07-17 10:41 . 2008-07-17 10:42 <REP> d-------- C:\Program Files\iTunes
    2008-07-17 10:39 . 2008-07-17 10:39 <REP> d-------- C:\Program Files\QuickTime
    2008-07-17 10:35 . 2008-07-17 10:36 <REP> d-------- C:\Program Files\Safari
    2008-07-15 12:45 . 2008-07-15 12:45 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-07-15 12:43 . 2008-07-15 12:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-07-14 21:03 . 2008-07-14 21:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe
    2008-07-11 14:23 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
    2008-07-11 14:23 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
    2008-07-11 14:23 . 2004-08-04 00:40 25,856 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
    2008-07-11 14:23 . 2004-08-04 00:40 25,856 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
    2008-07-09 18:16 . 2008-07-09 20:38 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\FrostWire
    2008-07-09 15:37 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
    2008-07-09 15:37 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
    2008-07-06 12:16 . 2008-07-15 20:46 <REP> d-------- C:\Documents and Settings\Alexandre\browser - logitech
    2008-07-06 12:14 . 2008-07-06 12:15 <REP> d-------- C:\Documents and Settings\Alexandre\logitech
    2008-07-06 12:06 . 2008-07-06 12:06 <REP> d-------- C:\Program Files\Logitech
    2008-07-06 12:06 . 2008-07-06 12:06 <REP> d-------- C:\Program Files\Fichiers communs\Remote Control USB Driver
    2008-07-06 12:06 . 2008-07-06 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Remote Control Software Common
    2008-07-06 12:05 . 2008-07-06 12:05 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\InstallShield
    2008-07-04 21:08 . 2008-07-18 22:05 <REP> d-------- C:\Program Files\Sega
    2008-07-04 17:25 . 2008-07-04 17:25 <REP> d-------- C:\Program Files\LucasArts
    2008-07-04 14:30 . 2008-07-04 14:30 <REP> d-------- C:\Program Files\Giant
    2008-07-03 18:20 . 2008-07-03 18:20 122,880 --a------ C:\WINDOWS\system32\UAService7.exe
    2008-07-03 18:20 . 2008-07-03 18:20 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-07-03 18:12 . 2008-07-03 18:12 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-07-03 18:05 . 2008-07-03 18:05 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
    2008-07-03 18:05 . 2008-07-03 18:05 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-07-03 16:00 . 2008-07-19 15:42 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
    2008-07-03 15:49 . 2008-07-03 15:50 <REP> d-------- C:\Program Files\Windows Live
    2008-07-03 14:56 . 2008-07-03 14:56 <REP> d-------- C:\Program Files\Apple Software Update
    2008-07-02 16:45 . 2008-07-02 16:45 <REP> d--h----- C:\WINDOWS\PIF
    2008-06-30 20:00 . 2008-06-30 20:00 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-06-30 19:54 . 2008-07-17 18:15 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Apple Computer
    2008-06-30 19:54 . 2008-07-16 17:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-30 19:54 . 2008-06-30 19:54 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-30 19:53 . 2008-06-30 19:53 <REP> d-------- C:\Program Files\Bonjour
    2008-06-30 19:53 . 2008-06-30 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-30 19:52 . 2008-06-30 19:52 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-06-30 19:52 . 2008-06-30 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-30 15:08 . 2008-07-02 20:21 230,424 --a------ C:\img2-001.raw
    2008-06-30 14:36 . 2007-04-10 14:46 1,966,312 --a------ C:\WINDOWS\system32\drivers\VX1000.sys
    2008-06-30 14:36 . 2007-04-10 14:46 709,992 --a------ C:\WINDOWS\vVX1000.exe
    2008-06-30 14:36 . 2007-04-10 14:46 476,520 --a------ C:\WINDOWS\vVX1000.dll
    2008-06-30 14:36 . 2007-04-10 14:46 202,088 --a------ C:\WINDOWS\system32\LCCoin14.dll
    2008-06-30 14:36 . 2007-04-10 14:46 185,704 --a------ C:\WINDOWS\system32\cVX1000.dll
    2008-06-30 14:36 . 2007-04-10 14:46 116,072 --a------ C:\WINDOWS\VX1000.dll
    2008-06-30 14:36 . 2007-04-10 14:46 15,498 --a------ C:\WINDOWS\VX1000.ini
    2008-06-30 14:36 . 2007-04-10 14:46 13,023 --a------ C:\WINDOWS\VX1000.src
    2008-06-30 14:35 . 2008-07-15 12:44 <REP> d-------- C:\WINDOWS\system32\drivers\umdf
    2008-06-30 14:35 . 2008-06-30 14:35 <REP> d-------- C:\Program Files\Microsoft LifeCam
    2008-06-29 23:35 . 2008-07-19 15:29 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-06-29 23:34 . 2008-06-29 23:34 <REP> d-------- C:\Program Files\MSBuild
    2008-06-29 23:31 . 2008-06-29 23:35 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-06-29 23:31 . 2008-06-29 23:31 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-06-29 23:30 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-06-29 21:53 . 2008-06-29 21:53 <REP> d-------- C:\WINDOWS\Backavikey
    2008-06-29 13:56 . 2008-06-29 13:56 <REP> d-------- C:\Program Files\uTorrent
    2008-06-29 13:56 . 2008-07-19 03:35 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\uTorrent
    2008-06-28 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-06-28 14:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-06-28 14:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-06-27 23:51 . 2008-06-27 23:51 <REP> d---s---- C:\Documents and Settings\Alexandre\UserData
    2008-06-27 22:39 . 2008-07-18 02:24 <REP> d-------- C:\Program Files\The KMPlayer FR
    2008-06-27 22:36 . 2008-06-27 22:36 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\vlc
    2008-06-27 22:35 . 2008-06-27 22:37 <REP> d-------- C:\Program Files\VideoLAN
    2008-06-27 22:25 . 2008-07-19 14:14 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-27 22:25 . 2008-07-19 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-27 21:13 . 2008-07-14 14:56 <REP> d-------- C:\Documents and Settings\Alexandre\Contacts
    2008-06-27 21:09 . 2008-07-17 10:37 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-06-27 21:04 . 2008-06-27 21:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-27 21:04 . 2008-07-03 15:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-27 20:56 . 2008-06-27 20:56 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\MSNInstaller
    2008-06-27 20:04 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-06-27 19:51 . 2008-06-27 19:51 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-06-27 19:51 . 2008-06-27 19:51 64,419 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-06-27 19:49 . 2008-06-27 19:49 <REP> d-------- C:\WINDOWS\BricoPacks
    2008-06-27 19:49 . 2008-06-27 19:51 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-06-27 19:39 . 2008-07-16 21:07 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-06-27 19:38 . 2008-06-27 19:38 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\ATI
    2008-06-27 19:24 . 2008-06-27 19:24 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-27 19:14 . 2006-01-26 08:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-06-27 19:07 . 2008-06-27 19:08 10 --a------ C:\WINDOWS\WININIT.INI
    2008-06-27 18:01 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-27 18:01 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-27 17:56 . 2008-07-19 15:27 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-06-27 17:32 . 2008-06-27 17:32 13,742 --a------ C:\WINDOWS\system32\wpa.bak
    2008-06-27 17:22 . 2008-06-27 17:22 <REP> d-------- C:\Program Files\Microsoft IntelliPoint
    2008-06-27 14:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-06-27 14:30 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-06-27 14:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-06-27 14:30 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-06-27 14:30 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-06-27 14:30 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-06-27 13:54 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe
    2008-06-27 13:54 . 2005-09-16 14:10 49,857 --------- C:\WINDOWS\UNNMP.cfg
    2008-06-27 13:52 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-06-27 13:51 . 2008-06-27 13:51 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-06-27 13:50 . 2005-07-12 19:06 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
    2008-06-27 13:50 . 2005-09-16 14:10 154,568 --------- C:\WINDOWS\UNNeroVision.cfg
    2008-06-27 13:50 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
    2008-06-27 13:49 . 2008-06-27 13:49 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-06-27 13:49 . 2008-06-27 13:54 <REP> d-------- C:\Program Files\Ahead
    2008-06-27 13:49 . 2008-06-27 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-06-27 13:49 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-06-27 13:49 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-06-27 13:49 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-06-27 13:49 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-06-27 13:49 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-06-27 13:49 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-06-27 13:49 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-27 09:42 294,912 ----a-w C:\WINDOWS\HideWin.exe
    2008-06-26 15:30 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-26 15:29 --------- d-----w C:\Program Files\Services en ligne
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
    "LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 14:45 279912]
    "VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 14:46 709992]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-14 02:48 14477312 C:\WINDOWS\RTHDCPL.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "msacm.avis"= ff_acm.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2004-12-15 23:16]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 MSCamSvc;MSCamSvc;c:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 14:45]
    R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 14:46]
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-17 05:27:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{1163CEEB-7C80-4F41-BD2B-A8653949421F} - C:\WINDOWS\system32\xxyxUlMc.dll
    HKLM-Run-d0f59599 - C:\WINDOWS\system32\gudmgtch.dll
    ShellExecuteHooks-{1163CEEB-7C80-4F41-BD2B-A8653949421F} - C:\WINDOWS\system32\xxyxUlMc.dll

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-19 15:42:29
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\mc22.tmp"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-19 15:44:55 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-19 13:44:51

    Pre-Run: 98,906,173,440 octets libres
    Post-Run: 100,468,965,376 octets libres

    255 --- E O F --- 2008-07-15 18:48:20
    0
  12. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    C:\WINDOWS\system32\tmp.reg
    C:\DOCUME~1\ALEXAN~1\LOCALS~­1\Temp\mc22.tmp

    Folder::
    C:\Program Files\AskSBar

    Driver::
    mchInjDrv

    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt.

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

    http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.

    0
  13. spagiari Messages postés 15 Statut Membre
     
    ComboFix 08-07-18.5 - Alexandre 2008-07-19 16:09:34.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.242 [GMT 2:00]
    Endroit: C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Alexandre\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\AskSBar
    C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
    C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    C:\Program Files\AskSBar\bar\Cache\[u]0[/u]0AD620C.bin
    C:\Program Files\AskSBar\bar\Cache\[u]0[/u]0AD63E0.bin
    C:\Program Files\AskSBar\bar\Cache\[u]0[/u]0AD6509.bin
    C:\Program Files\AskSBar\bar\Cache\[u]0[/u]0DF05CF
    C:\Program Files\AskSBar\bar\Cache\files.ini
    C:\Program Files\AskSBar\bar\History\search2
    C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV
    -------\Service_mchInjDrv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-19 15:29 . 2008-07-19 15:29 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-07-19 15:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-07-19 15:24 . 2008-07-19 15:24 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-07-19 14:59 . 2008-07-19 14:59 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-19 14:26 . 2008-07-19 14:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-19 14:26 . 2008-07-19 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-19 14:26 . 2008-07-19 14:26 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
    2008-07-19 14:26 . 2008-07-18 19:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-19 14:26 . 2008-07-18 19:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-19 14:04 . 2008-07-19 14:16 2,340 --a------ C:\WINDOWS\system32\tmp.reg
    2008-07-18 21:01 . 2008-07-18 21:01 <REP> d-------- C:\Program Files\Google
    2008-07-18 21:01 . 2008-07-18 21:01 <REP> d-------- C:\Program Files\GameHouse
    2008-07-18 20:57 . 2008-07-18 22:04 <REP> d-------- C:\WINDOWS\UNO.Undercover
    2008-07-17 10:42 . 2008-07-17 10:42 <REP> d-------- C:\Program Files\iPod
    2008-07-17 10:41 . 2008-07-17 10:42 <REP> d-------- C:\Program Files\iTunes
    2008-07-17 10:39 . 2008-07-17 10:39 <REP> d-------- C:\Program Files\QuickTime
    2008-07-17 10:35 . 2008-07-17 10:36 <REP> d-------- C:\Program Files\Safari
    2008-07-15 12:45 . 2008-07-15 12:45 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-07-15 12:43 . 2008-07-15 12:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-07-14 21:03 . 2008-07-14 21:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe
    2008-07-11 14:23 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
    2008-07-11 14:23 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
    2008-07-11 14:23 . 2004-08-04 00:40 25,856 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
    2008-07-11 14:23 . 2004-08-04 00:40 25,856 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
    2008-07-09 18:16 . 2008-07-09 20:38 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\FrostWire
    2008-07-09 15:37 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
    2008-07-09 15:37 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
    2008-07-06 12:16 . 2008-07-15 20:46 <REP> d-------- C:\Documents and Settings\Alexandre\browser - logitech
    2008-07-06 12:14 . 2008-07-06 12:15 <REP> d-------- C:\Documents and Settings\Alexandre\logitech
    2008-07-06 12:06 . 2008-07-06 12:06 <REP> d-------- C:\Program Files\Logitech
    2008-07-06 12:06 . 2008-07-06 12:06 <REP> d-------- C:\Program Files\Fichiers communs\Remote Control USB Driver
    2008-07-06 12:06 . 2008-07-06 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Remote Control Software Common
    2008-07-06 12:05 . 2008-07-06 12:05 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\InstallShield
    2008-07-04 21:08 . 2008-07-18 22:05 <REP> d-------- C:\Program Files\Sega
    2008-07-04 17:25 . 2008-07-04 17:25 <REP> d-------- C:\Program Files\LucasArts
    2008-07-04 14:30 . 2008-07-04 14:30 <REP> d-------- C:\Program Files\Giant
    2008-07-03 18:20 . 2008-07-03 18:20 122,880 --a------ C:\WINDOWS\system32\UAService7.exe
    2008-07-03 18:20 . 2008-07-03 18:20 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-07-03 18:12 . 2008-07-03 18:12 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-07-03 18:05 . 2008-07-03 18:05 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
    2008-07-03 18:05 . 2008-07-03 18:05 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-07-03 16:00 . 2008-07-19 16:13 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
    2008-07-03 15:49 . 2008-07-03 15:50 <REP> d-------- C:\Program Files\Windows Live
    2008-07-03 14:56 . 2008-07-03 14:56 <REP> d-------- C:\Program Files\Apple Software Update
    2008-07-02 16:45 . 2008-07-02 16:45 <REP> d--h----- C:\WINDOWS\PIF
    2008-06-30 20:00 . 2008-06-30 20:00 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-06-30 19:54 . 2008-07-17 18:15 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Apple Computer
    2008-06-30 19:54 . 2008-07-16 17:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-30 19:54 . 2008-06-30 19:54 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-30 19:53 . 2008-06-30 19:53 <REP> d-------- C:\Program Files\Bonjour
    2008-06-30 19:53 . 2008-06-30 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-30 19:52 . 2008-06-30 19:52 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-06-30 19:52 . 2008-06-30 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-30 15:08 . 2008-07-02 20:21 230,424 --a------ C:\img2-001.raw
    2008-06-30 14:36 . 2007-04-10 14:46 1,966,312 --a------ C:\WINDOWS\system32\drivers\VX1000.sys
    2008-06-30 14:36 . 2007-04-10 14:46 709,992 --a------ C:\WINDOWS\vVX1000.exe
    2008-06-30 14:36 . 2007-04-10 14:46 476,520 --a------ C:\WINDOWS\vVX1000.dll
    2008-06-30 14:36 . 2007-04-10 14:46 202,088 --a------ C:\WINDOWS\system32\LCCoin14.dll
    2008-06-30 14:36 . 2007-04-10 14:46 185,704 --a------ C:\WINDOWS\system32\cVX1000.dll
    2008-06-30 14:36 . 2007-04-10 14:46 116,072 --a------ C:\WINDOWS\VX1000.dll
    2008-06-30 14:36 . 2007-04-10 14:46 15,498 --a------ C:\WINDOWS\VX1000.ini
    2008-06-30 14:36 . 2007-04-10 14:46 13,023 --a------ C:\WINDOWS\VX1000.src
    2008-06-30 14:35 . 2008-07-15 12:44 <REP> d-------- C:\WINDOWS\system32\drivers\umdf
    2008-06-30 14:35 . 2008-06-30 14:35 <REP> d-------- C:\Program Files\Microsoft LifeCam
    2008-06-29 23:35 . 2008-07-19 15:29 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-06-29 23:34 . 2008-06-29 23:34 <REP> d-------- C:\Program Files\MSBuild
    2008-06-29 23:31 . 2008-06-29 23:35 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-06-29 23:31 . 2008-06-29 23:31 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-06-29 23:30 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-06-29 21:53 . 2008-06-29 21:53 <REP> d-------- C:\WINDOWS\Backavikey
    2008-06-29 13:56 . 2008-06-29 13:56 <REP> d-------- C:\Program Files\uTorrent
    2008-06-29 13:56 . 2008-07-19 03:35 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\uTorrent
    2008-06-28 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-06-28 14:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-06-28 14:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-06-27 23:51 . 2008-06-27 23:51 <REP> d---s---- C:\Documents and Settings\Alexandre\UserData
    2008-06-27 22:39 . 2008-07-18 02:24 <REP> d-------- C:\Program Files\The KMPlayer FR
    2008-06-27 22:36 . 2008-06-27 22:36 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\vlc
    2008-06-27 22:35 . 2008-06-27 22:37 <REP> d-------- C:\Program Files\VideoLAN
    2008-06-27 22:25 . 2008-07-19 14:14 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-27 22:25 . 2008-07-19 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-27 21:13 . 2008-07-14 14:56 <REP> d-------- C:\Documents and Settings\Alexandre\Contacts
    2008-06-27 21:09 . 2008-07-17 10:37 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-06-27 21:04 . 2008-06-27 21:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-27 21:04 . 2008-07-03 15:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-27 20:56 . 2008-06-27 20:56 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\MSNInstaller
    2008-06-27 20:04 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-06-27 19:51 . 2008-06-27 19:51 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-06-27 19:51 . 2008-06-27 19:51 64,419 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-06-27 19:49 . 2008-06-27 19:49 <REP> d-------- C:\WINDOWS\BricoPacks
    2008-06-27 19:49 . 2008-06-27 19:51 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-06-27 19:39 . 2008-07-16 21:07 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-06-27 19:38 . 2008-06-27 19:38 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\ATI
    2008-06-27 19:24 . 2008-06-27 19:24 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-27 19:14 . 2006-01-26 08:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-06-27 19:07 . 2008-06-27 19:08 10 --a------ C:\WINDOWS\WININIT.INI
    2008-06-27 18:01 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-27 18:01 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-27 17:56 . 2008-07-19 15:27 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-06-27 17:32 . 2008-06-27 17:32 13,742 --a------ C:\WINDOWS\system32\wpa.bak
    2008-06-27 17:22 . 2008-06-27 17:22 <REP> d-------- C:\Program Files\Microsoft IntelliPoint
    2008-06-27 14:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-06-27 14:30 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-06-27 14:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-06-27 14:30 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-06-27 14:30 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-06-27 14:30 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-06-27 13:54 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe
    2008-06-27 13:54 . 2005-09-16 14:10 49,857 --------- C:\WINDOWS\UNNMP.cfg
    2008-06-27 13:52 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-06-27 13:51 . 2008-06-27 13:51 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-06-27 13:50 . 2005-07-12 19:06 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
    2008-06-27 13:50 . 2005-09-16 14:10 154,568 --------- C:\WINDOWS\UNNeroVision.cfg
    2008-06-27 13:50 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
    2008-06-27 13:49 . 2008-06-27 13:49 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-06-27 13:49 . 2008-06-27 13:54 <REP> d-------- C:\Program Files\Ahead
    2008-06-27 13:49 . 2008-06-27 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-06-27 13:49 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-06-27 13:49 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-06-27 13:49 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-06-27 13:49 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-06-27 13:49 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-06-27 13:49 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-06-27 13:49 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-06-27 12:01 . 2008-06-27 12:01 0 --a------ C:\WINDOWS\ativpsrm.bin

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-27 09:42 294,912 ----a-w C:\WINDOWS\HideWin.exe
    2008-06-26 15:30 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-26 15:29 --------- d-----w C:\Program Files\Services en ligne
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-19_15.44.32.71 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-19 14:13:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5dc.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
    "LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 14:45 279912]
    "VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 14:46 709992]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-14 02:48 14477312 C:\WINDOWS\RTHDCPL.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "msacm.avis"= ff_acm.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2004-12-15 23:16]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 MSCamSvc;MSCamSvc;c:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 14:45]
    R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 14:46]

    *Newly Created Service* - MCHINJDRV
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-17 05:27:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-19 16:13:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\mc22.tmp"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-19 16:15:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-19 14:15:47
    ComboFix2.txt 2008-07-19 13:44:57

    Pre-Run: 100,446,969,856 octets libres
    Post-Run: 100,441,817,088 octets libres

    264 --- E O F --- 2008-07-15 18:48:20

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:18:44, on 19/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    0
  14. spagiari Messages postés 15 Statut Membre
     
    ComboFix 08-07-18.5 - Alexandre 2008-07-19 16:09:34.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.242 [GMT 2:00]
    Endroit: C:\Documents and Settings\Alexandre\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\Alexandre\Bureau\CFScript.txt..txt
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\AskSBar
    C:\Program Files\AskSBar\bar\1.bin\A2FFXTBR.MANIFEST
    C:\Program Files\AskSBar\bar\1.bin\A2NTSTBR.MANIFEST
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    C:\Program Files\AskSBar\bar\Cache\[u]0[/u]0AD620C.bin
    C:\Program Files\AskSBar\bar\Cache\[u]0[/u]0AD63E0.bin
    C:\Program Files\AskSBar\bar\Cache\[u]0[/u]0AD6509.bin
    C:\Program Files\AskSBar\bar\Cache\[u]0[/u]0DF05CF
    C:\Program Files\AskSBar\bar\Cache\files.ini
    C:\Program Files\AskSBar\bar\History\search2
    C:\Program Files\AskSBar\bar\Settings\prevcfg2.htm

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MCHINJDRV
    -------\Service_mchInjDrv

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-19 to 2008-07-19 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-19 15:29 . 2008-07-19 15:29 <REP> d--h----- C:\WINDOWS\msdownld.tmp
    2008-07-19 15:25 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-07-19 15:24 . 2008-07-19 15:24 <REP> d-------- C:\Program Files\Fichiers communs\Java
    2008-07-19 14:59 . 2008-07-19 14:59 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-19 14:26 . 2008-07-19 14:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-19 14:26 . 2008-07-19 14:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-19 14:26 . 2008-07-19 14:26 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Malwarebytes
    2008-07-19 14:26 . 2008-07-18 19:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-07-19 14:26 . 2008-07-18 19:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-07-19 14:04 . 2008-07-19 14:16 2,340 --a------ C:\WINDOWS\system32\tmp.reg
    2008-07-18 21:01 . 2008-07-18 21:01 <REP> d-------- C:\Program Files\Google
    2008-07-18 21:01 . 2008-07-18 21:01 <REP> d-------- C:\Program Files\GameHouse
    2008-07-18 20:57 . 2008-07-18 22:04 <REP> d-------- C:\WINDOWS\UNO.Undercover
    2008-07-17 10:42 . 2008-07-17 10:42 <REP> d-------- C:\Program Files\iPod
    2008-07-17 10:41 . 2008-07-17 10:42 <REP> d-------- C:\Program Files\iTunes
    2008-07-17 10:39 . 2008-07-17 10:39 <REP> d-------- C:\Program Files\QuickTime
    2008-07-17 10:35 . 2008-07-17 10:36 <REP> d-------- C:\Program Files\Safari
    2008-07-15 12:45 . 2008-07-15 12:45 <REP> d-------- C:\Program Files\Windows Media Connect 2
    2008-07-15 12:43 . 2008-07-15 12:43 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2008-07-14 21:03 . 2008-07-14 21:03 58,594 --a------ C:\WINDOWS\system32\mpt.exe
    2008-07-11 14:23 . 2004-08-03 23:10 38,016 --a------ C:\WINDOWS\system32\drivers\bthmodem.sys
    2008-07-11 14:23 . 2004-08-03 23:10 38,016 --a--c--- C:\WINDOWS\system32\dllcache\bthmodem.sys
    2008-07-11 14:23 . 2004-08-04 00:40 25,856 --a------ C:\WINDOWS\system32\drivers\hidbth.sys
    2008-07-11 14:23 . 2004-08-04 00:40 25,856 --a--c--- C:\WINDOWS\system32\dllcache\hidbth.sys
    2008-07-09 18:16 . 2008-07-09 20:38 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\FrostWire
    2008-07-09 15:37 . 2004-08-03 23:10 18,944 --a------ C:\WINDOWS\system32\drivers\BTHUSB.SYS
    2008-07-09 15:37 . 2004-08-03 23:10 18,944 --a--c--- C:\WINDOWS\system32\dllcache\bthusb.sys
    2008-07-06 12:16 . 2008-07-15 20:46 <REP> d-------- C:\Documents and Settings\Alexandre\browser - logitech
    2008-07-06 12:14 . 2008-07-06 12:15 <REP> d-------- C:\Documents and Settings\Alexandre\logitech
    2008-07-06 12:06 . 2008-07-06 12:06 <REP> d-------- C:\Program Files\Logitech
    2008-07-06 12:06 . 2008-07-06 12:06 <REP> d-------- C:\Program Files\Fichiers communs\Remote Control USB Driver
    2008-07-06 12:06 . 2008-07-06 12:07 <REP> d-------- C:\Program Files\Fichiers communs\Remote Control Software Common
    2008-07-06 12:05 . 2008-07-06 12:05 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\InstallShield
    2008-07-04 21:08 . 2008-07-18 22:05 <REP> d-------- C:\Program Files\Sega
    2008-07-04 17:25 . 2008-07-04 17:25 <REP> d-------- C:\Program Files\LucasArts
    2008-07-04 14:30 . 2008-07-04 14:30 <REP> d-------- C:\Program Files\Giant
    2008-07-03 18:20 . 2008-07-03 18:20 122,880 --a------ C:\WINDOWS\system32\UAService7.exe
    2008-07-03 18:20 . 2008-07-03 18:20 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
    2008-07-03 18:12 . 2008-07-03 18:12 <REP> d-------- C:\Program Files\DAEMON Tools Lite
    2008-07-03 18:05 . 2008-07-03 18:05 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\DAEMON Tools
    2008-07-03 18:05 . 2008-07-03 18:05 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
    2008-07-03 16:00 . 2008-07-19 16:13 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\OpenOffice.org2
    2008-07-03 15:49 . 2008-07-03 15:50 <REP> d-------- C:\Program Files\Windows Live
    2008-07-03 14:56 . 2008-07-03 14:56 <REP> d-------- C:\Program Files\Apple Software Update
    2008-07-02 16:45 . 2008-07-02 16:45 <REP> d--h----- C:\WINDOWS\PIF
    2008-06-30 20:00 . 2008-06-30 20:00 <REP> d-------- C:\Program Files\MSXML 6.0
    2008-06-30 19:54 . 2008-07-17 18:15 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\Apple Computer
    2008-06-30 19:54 . 2008-07-16 17:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-06-30 19:54 . 2008-06-30 19:54 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-06-30 19:53 . 2008-06-30 19:53 <REP> d-------- C:\Program Files\Bonjour
    2008-06-30 19:53 . 2008-06-30 19:54 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
    2008-06-30 19:52 . 2008-06-30 19:52 <REP> d-------- C:\Program Files\Fichiers communs\Apple
    2008-06-30 19:52 . 2008-06-30 19:52 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Apple
    2008-06-30 15:08 . 2008-07-02 20:21 230,424 --a------ C:\img2-001.raw
    2008-06-30 14:36 . 2007-04-10 14:46 1,966,312 --a------ C:\WINDOWS\system32\drivers\VX1000.sys
    2008-06-30 14:36 . 2007-04-10 14:46 709,992 --a------ C:\WINDOWS\vVX1000.exe
    2008-06-30 14:36 . 2007-04-10 14:46 476,520 --a------ C:\WINDOWS\vVX1000.dll
    2008-06-30 14:36 . 2007-04-10 14:46 202,088 --a------ C:\WINDOWS\system32\LCCoin14.dll
    2008-06-30 14:36 . 2007-04-10 14:46 185,704 --a------ C:\WINDOWS\system32\cVX1000.dll
    2008-06-30 14:36 . 2007-04-10 14:46 116,072 --a------ C:\WINDOWS\VX1000.dll
    2008-06-30 14:36 . 2007-04-10 14:46 15,498 --a------ C:\WINDOWS\VX1000.ini
    2008-06-30 14:36 . 2007-04-10 14:46 13,023 --a------ C:\WINDOWS\VX1000.src
    2008-06-30 14:35 . 2008-07-15 12:44 <REP> d-------- C:\WINDOWS\system32\drivers\umdf
    2008-06-30 14:35 . 2008-06-30 14:35 <REP> d-------- C:\Program Files\Microsoft LifeCam
    2008-06-29 23:35 . 2008-07-19 15:29 <REP> d-------- C:\WINDOWS\system32\fr-FR
    2008-06-29 23:34 . 2008-06-29 23:34 <REP> d-------- C:\Program Files\MSBuild
    2008-06-29 23:31 . 2008-06-29 23:35 <REP> d-------- C:\WINDOWS\system32\XPSViewer
    2008-06-29 23:31 . 2008-06-29 23:31 <REP> d-------- C:\Program Files\Reference Assemblies
    2008-06-29 23:30 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
    2008-06-29 21:53 . 2008-06-29 21:53 <REP> d-------- C:\WINDOWS\Backavikey
    2008-06-29 13:56 . 2008-06-29 13:56 <REP> d-------- C:\Program Files\uTorrent
    2008-06-29 13:56 . 2008-07-19 03:35 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\uTorrent
    2008-06-28 14:01 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-06-28 14:01 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2008-06-28 14:01 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-06-27 23:51 . 2008-06-27 23:51 <REP> d---s---- C:\Documents and Settings\Alexandre\UserData
    2008-06-27 22:39 . 2008-07-18 02:24 <REP> d-------- C:\Program Files\The KMPlayer FR
    2008-06-27 22:36 . 2008-06-27 22:36 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\vlc
    2008-06-27 22:35 . 2008-06-27 22:37 <REP> d-------- C:\Program Files\VideoLAN
    2008-06-27 22:25 . 2008-07-19 14:14 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-06-27 22:25 . 2008-07-19 14:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-06-27 21:13 . 2008-07-14 14:56 <REP> d-------- C:\Documents and Settings\Alexandre\Contacts
    2008-06-27 21:09 . 2008-07-17 10:37 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
    2008-06-27 21:04 . 2008-06-27 21:08 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-06-27 21:04 . 2008-07-03 15:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-06-27 20:56 . 2008-06-27 20:56 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\MSNInstaller
    2008-06-27 20:04 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2008-06-27 19:51 . 2008-06-27 19:51 3,932,214 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-06-27 19:51 . 2008-06-27 19:51 64,419 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-06-27 19:49 . 2008-06-27 19:49 <REP> d-------- C:\WINDOWS\BricoPacks
    2008-06-27 19:49 . 2008-06-27 19:51 6,120 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
    2008-06-27 19:39 . 2008-07-16 21:07 116 --a------ C:\WINDOWS\NeroDigital.ini
    2008-06-27 19:38 . 2008-06-27 19:38 <REP> d-------- C:\Documents and Settings\Alexandre\Application Data\ATI
    2008-06-27 19:24 . 2008-06-27 19:24 0 --a------ C:\WINDOWS\nsreg.dat
    2008-06-27 19:14 . 2006-01-26 08:57 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
    2008-06-27 19:07 . 2008-06-27 19:08 10 --a------ C:\WINDOWS\WININIT.INI
    2008-06-27 18:01 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-27 18:01 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-06-27 17:56 . 2008-07-19 15:27 <REP> d--h----- C:\WINDOWS\$hf_mig$
    2008-06-27 17:32 . 2008-06-27 17:32 13,742 --a------ C:\WINDOWS\system32\wpa.bak
    2008-06-27 17:22 . 2008-06-27 17:22 <REP> d-------- C:\Program Files\Microsoft IntelliPoint
    2008-06-27 14:30 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
    2008-06-27 14:30 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
    2008-06-27 14:30 . 2004-08-04 00:54 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
    2008-06-27 14:30 . 2004-08-04 00:54 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
    2008-06-27 14:30 . 2004-08-04 00:45 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2008-06-27 14:30 . 2004-08-04 00:45 14,848 --a--c--- C:\WINDOWS\system32\dllcache\kbdhid.sys
    2008-06-27 13:54 . 2005-07-29 17:12 2,977,792 --------- C:\WINDOWS\UNNMP.exe
    2008-06-27 13:54 . 2005-09-16 14:10 49,857 --------- C:\WINDOWS\UNNMP.cfg
    2008-06-27 13:52 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
    2008-06-27 13:51 . 2008-06-27 13:51 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-06-27 13:50 . 2005-07-12 19:06 2,973,696 --------- C:\WINDOWS\UNNeroVision.exe
    2008-06-27 13:50 . 2005-09-16 14:10 154,568 --------- C:\WINDOWS\UNNeroVision.cfg
    2008-06-27 13:50 . 2001-03-08 19:30 24,064 --------- C:\WINDOWS\system32\msxml3a.dll
    2008-06-27 13:49 . 2008-06-27 13:49 <REP> d-------- C:\Program Files\Fichiers communs\Ahead
    2008-06-27 13:49 . 2008-06-27 13:54 <REP> d-------- C:\Program Files\Ahead
    2008-06-27 13:49 . 2008-06-27 13:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Ahead
    2008-06-27 13:49 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
    2008-06-27 13:49 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
    2008-06-27 13:49 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
    2008-06-27 13:49 . 2004-07-09 09:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
    2008-06-27 13:49 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
    2008-06-27 13:49 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
    2008-06-27 13:49 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
    2008-06-27 12:01 . 2008-06-27 12:01 0 --a------ C:\WINDOWS\ativpsrm.bin

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-06-27 09:42 294,912 ----a-w C:\WINDOWS\HideWin.exe
    2008-06-26 15:30 --------- d-----w C:\Program Files\microsoft frontpage
    2008-06-26 15:29 --------- d-----w C:\Program Files\Services en ligne
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-19_15.44.32.71 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-07-19 14:13:07 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5dc.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672]
    "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
    "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-02-05 15:52 849280]
    "ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 14:43 45056]
    "LifeCam"="c:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 14:45 279912]
    "VX1000"="C:\WINDOWS\vVX1000.exe" [2007-04-10 14:46 709992]
    "AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-10 09:47 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 10:51 289064]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2005-06-14 02:48 14477312 C:\WINDOWS\RTHDCPL.EXE]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 14:00 110592 C:\WINDOWS\system32\bthprops.cpl]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.xvid"= xvid.dll
    "msacm.avis"= ff_acm.acm

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
    "C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    R0 m5287;m5287;C:\WINDOWS\system32\drivers\m5287.sys [2004-12-15 23:16]
    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
    R2 MSCamSvc;MSCamSvc;c:\Program Files\Microsoft LifeCam\MSCamS32.exe [2007-05-17 14:45]
    R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2007-04-10 14:46]

    *Newly Created Service* - MCHINJDRV
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2008-07-17 05:27:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-19 16:13:23
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
    "ImagePath"="\??\C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\mc22.tmp"
    .
    --------------------- DLLs a charg‚ sous des processus courants ---------------------

    PROCESS: C:\WINDOWS\explorer.exe
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
    -> C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\ati2evxx.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.bin
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\system32\verclsid.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-19 16:15:52 - machine was rebooted
    ComboFix-quarantined-files.txt 2008-07-19 14:15:47
    ComboFix2.txt 2008-07-19 13:44:57

    Pre-Run: 100,446,969,856 octets libres
    Post-Run: 100,441,817,088 octets libres

    264 --- E O F --- 2008-07-15 18:48:20

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:18:44, on 19/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\vVX1000.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [LifeCam] "c:\Program Files\Microsoft LifeCam\LifeExp.exe"
    O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
    O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
    O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
    O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
    0
  15. Utilisateur anonyme
     
    ok

    on termine :

    regarde ceci concernant avast :

    antivir vs avast :

    -> http://forum.malekal.com/ftopic3528.php

    alors je te conseille de le desinstaller et d´installer antivir a la place

    Telecharge et instales l'antivirus Antivir Personal Edition Classic :

    ->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html

    tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59

    Pour désinstaller Avast telecharge cet outil

    https://www.avast.com/fr-fr/uninstall-utility

    ensuite tu n as pas de parefeu :
    pare-feu gratuits

    télécharger la version gratuite de Kerio
    Kerio (parefeu)
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    TUTO
    https://kerio.probb.fr/
    SITE de Kerio
    https://kerio.probb.fr/

    ou

    ComodoFirewallPro 2.4 téléchargement
    http://www.personalfirewall.comodo.com/
    Tuto pour la 2.4
    https://infomars.fr/forum/index.php?s=908072e48ff7cf0359366440cb26c93f&showtopic=389
    Tuto pour la 2.4
    http://www.nordicnature.net/tutorials/comodo/cf24wiz.htm
    Attention la 3.0 est en anglais uniquement et est plus difficile a paramétrer
    Tuto pour la 3.0
    https://infomars.fr/forum/index.php?showtopic=1225

    ou

    OnlineArmor :
    téléchargement:https://www.commentcamarche.net/telecharger/ 34055356 online armor personal firewall

    tutoriels:https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    :https://www.malekal.com/tutorial-online-armor-free/

    A lire :

    https://www.commentcamarche.net/contents/992-firewall-pare-feu

    puis un bonus :

    spywareblaster :

    http://www.brightfort.com/spywareblaster.html

    c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

    tuto : https://www.malekal.com/tutorial-spywareblaster/

    puis

    pourquoi ne pas surfer avec firefox? = plus sur, tout en gardant ie 7.0 pour les mises a jour windows car impossible a effectuer sous firefox

    http://www.mozilla-europe.org/fr/

    plugins : ad block plus, no script ect...

    https://www.hugedomains.com/domain_profile.cfm?d=geckozone&e=org

    ensuite :

    -> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    -> L´installer.

    -> Une fois installé et lancé :

    Dans la colonne de gauche, click sur :

    ->"registre" :

    Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

    ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

    ->"nettoyeur"

    quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

    -> Tutoriel en image :

    https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

    ensuite :

    Télecharge et instal AVG anti spyware:

    http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

    instal le et met le a jours

    ensuite lance le scan et supprime

    puis poste le rapport sur le forum stp

    et pour finir :

    * pour supprimer les outils/fix utilisés :

    Télécharge ToolsCleaner sur ton bureau.
    -->
    http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    0
  16. spagiari Messages postés 15 Statut Membre
     
    Merci c incroyable de trouver une efficacité pareil. Rapide et efficace c tout.
    0
  17. Utilisateur anonyme
     
    arrette je vais rougir lol

    -;)
    0
  18. spagiari Messages postés 15 Statut Membre
     
    encore un ptit truc si vous etes la je ne sais quel quel firewall prendre le quel me conseillez vous
    0
  19. Utilisateur anonyme
     
    pour le parefeu :

    si c est ta premiere fois -;) prend kerio car il est simple

    si tu veux de l efficace prend online armor
    0
    1. spagiari
       
      je viens tout juste de finir tout ce que tu m a dit de faire
      maintenant je me demande si mon pc n est surchargé par rapport aux programmes que je viens d installer :
      toolscleanner, ccleanner, AVG antispyware, spywareblaster tout en sachant que j ai viré spybot.
      Quels programme devrais je garder afin d assurer une bonne securité sans trop le surchargé.
      MERCI
      0
  20. spagiari Messages postés 15 Statut Membre
     
    Merci encore
    0
  • 1
  • 2