Win32:Trojan-gen. {Other} suite... Résolu/Fermé

Question

Bonjour,

je post un nouveau topic, 
c'est la suite de ce topic la ----> http://www.commentcamarche.net/forum/affich 7520588 virus win32 trojan gen other

si quelqun peut m'aider
ca serait vraiment bien !

merci d'avance :)

ludsfa · Answer

salut,



sélectionne l'intégralité du texte en gras ci-dessous:







file::
C:\WINDOWS\system32\ylroxhk.dll
C:\WINDOWS\system32	mp.reg 
C:\WINDOWS\system32\dllcache\ieapfltr.dll 
C:\WINDOWS\system32\dllcache\iertutil.dll 
C:\WINDOWS\system32\dllcache\icardie.dll
C:\WINDOWS\system32\dllcache\ieudinit.exe 
C:\WINDOWS\system32\dllcache\scrobj.dll 
C:\WINDOWS\system32\dllcache\scrrun.dll 
C:\WINDOWS\system32\ActiveSkin.ocx 
C:\UNWISE.EXE 
C:\WINDOWS\ActiveSkin.INI 
C:\WINDOWS\system32\dllcache	cpip6.sys 
C:\WINDOWS\system32\dllcache\dnsapi.dll 

folder::
C:\Documents and Settings\NetworkService\Application Data\vjaohzxm 
C:\Documents and Settings\ARBARNI\Application Data\vjaohzxm 
C:\Documents and Settings\Administrateur\ModŠles 
C:\Program Files\RamBoost XP 
C:\Documents and Settings\NetworkService\Application Data\vjaohzxm 

registry::
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{957C849E-DA93-42F4-948B-E7E20208E0D6}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
"RamBoostXp"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbf72.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wintx58.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winva71.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyd48.sys]
@="Driver"

driver::
tcpip.sys 
afd.sys 
tcpip6.sys 
bthport.sys 





    *  Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    * Enregistre le sous sur ton bureau sous le nom de CFScript.txt
    * Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous : 

http://i266.photobucket.com/albums/ii277/sUBs_/CFScript.gif

    * Cela va relancer Combofix.  

à la fin du scan un rapport va être créer envois le moi.

elioth · Answer

re kerberos,

ta essayé ce que jté filé sur l'autre post? essaye toujours on sait jamais:

http://www.downloads.subratam.org/VX2Finder.exe

K3RB3ROS · Answer

salut

apparement on a reglé le probleme avec destrio5

allez voir ce post si vous voulez

http://www.commentcamarche.net/forum/affich 7520588 virus win32 trojan gen other?page=3#47

elioth · Answer

teste toujours mais pourquoi tu poste un new topic alors?

elioth · Answer

au passage si tu veux analyser toi meme tes hijackthis:

https://www.zebulon.fr/telechargements/securite/systeme/zeb-help-process.html

ludsfa · Answer

re,



ok alors j'édite le post ou pas?

ludsfa · Answer

non je veux dire le script combofix que je t'est fait car il présente pas mal de trojan.

g!rly · Answer

Salut ludsfa,

ton script ne va pas vraiment fonctionner comme ca, il y a quelques erreures...

@+

ludsfa · Answer

salut,



je pense que je vais l'éditer.

apparemment il à réglé le problème.

g!rly · Answer

tu peux plus l éditer, demande avant de lancer des cripts comme ça si tu n´est pas sur ;)
@+

ludsfa · Answer

re,


le script fonctionne.

g!rly · Answer

il y a des erreures, puis tu vires ramboost xp qui est legitime...

K3RB3ROS · Answer

voila le rapport

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:15, on 02/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolb­arNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {92E5DF6B-D89A-4103-AC7B-F3F10ADB2A47} - C:\DOCUME~1\ARBARNI\LOCALS~1\Temp\dmE.dll (file missing)
O2 - BHO: (no name) - {957C849E-DA93-42F4-948B-E7E20208E0D6} - c:\windows\system32\ylroxhk.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RamBoostXp] C:\Program Files\RamBoost XP\rambxpfr.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AAE048-74CC-46B3-A3D2-041C5967FC68}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
End of file - 7530 bytes

elioth · Answer

tu peux cocher ces lignes et c reglé:

O2 - BHO: (no name) - {92E5DF6B-D89A-4103-AC7B-F3F10ADB2A47} - C:\DOCUME~1\ARBARNI\LOCALS~1\Temp\dmE.dll (file missing) 
O2 - BHO: (no name) - {957C849E-DA93-42F4-948B-E7E20208E0D6} - c:\windows\system32\ylroxhk.dll (file missing) 
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

K3RB3ROS · Answer

salut
déjà fais plusieurs fois...
elles restent . . . :/

elioth · Answer

de tout facon le fichier est absent donc logiquement tu n'es plus infecté

K3RB3ROS · Answer

okok
aprés,le fait que les MAJ auto windows ne fonctionne plus (elles sont activés mais refuse de s'installer)  a t'il un rapport avec mon infection ? :)

elioth · Answer

ca depend si ta license est valide ou pas

elioth · Answer

au pire tu peux toujours essayer ca:

http://telechargement.zebulon.fr/zeb-restore.html

K3RB3ROS · Answer

lool !!

oui oui elle l'est :)

elioth · Answer

et ba teste:

http://telechargement.zebulon.fr/zeb-restore.html

elioth · Answer

oici les éléments qui peuvent être restaurés :
- RegEdit : réactive l'accès à RegEdit
- Clés RUN : réactive le lancement de programmes par clés RunXXX
- Bouton Arrêter : rétablit le bouton Arrêter
- Windows Update : rétablit la fonction Windows Update
- Gestionnaire des tâches : réactive le gestionnaire des tâches
- Panneau de configuration : réactive le Panneau de configuration
- Ajout/Suppression de programmes : restaure la fonction Ajout-Suppression de programmes
- Policies : remet en place des éléments désactivés par "Policies"
- Bureau : réactive le bureau
- Réparation IE : répare Internet Exploreur (pages de recherche)
- Extension des fichiers : répare les extensions des fichiers .exe .bat .reg .pif .cmd .scr .com
- Sites de confiance et sensibles : efface le contenu de ces zones (à utiliser si vous êtes infecté par des malwares)
- Préfixes et Protocoles Internet : restore les clés des protocoles Internet (ZoneMap etc.)
- Réinitialiser Fichier Hosts : réinitialise le fichier Hosts

elioth · Answer

merci moi :)

elioth · Answer

voi aussi si tu peux pas ecraser ces 2 lignes avec regcleaner:

http://www.commentcamarche.net/telecharger/telecharger 171 regcleaner

ou sinon avec :

https://www.zebulon.fr/telechargements/utilitaires/nettoyeurs/jv16.html

elioth · Answer

kerberos si tu fait ca tout est reglé mais si tu prefere resté dans le caca libre a toi.

bye bye

K3RB3ROS · Answer

salut,

non je ne veux pas rester dans le caca, mais je prefere terminer completement une "solution" , genre avec Destrio5
et ensuite si ca ne marche pas j'essayrai avec toi :)

g!rly · Answer

doublon...

K3RB3ROS · Answer

sympa l'edit... tiens voila ton rapport ComboFix :) ComboFix 08-08-02.01 - ARBARNI 2008-08-03 15:16:55.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.609 [GMT 2:00] Endroit: C:\Documents and Settings\ARBARNI\Bureau\ComboFix.exe * Création d'un nouveau point de restauration . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))))))) . 2008-08-03 14:45 . 2008-08-03 14:45 d-------- C:\Program Files\CCleaner 2008-08-02 21:11 . 2008-08-02 21:11 d-------- C:\Program Files\VirginMega 2008-08-02 21:09 . 2008-08-02 21:09 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-08-02 21:01 . 2008-08-02 21:01 d-------- C:\Program Files\Windows Media Connect 2 2008-08-02 20:59 . 2008-08-02 21:00 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-08-02 19:15 . 2008-08-02 19:15 d-------- C:\Program Files\Avira 2008-08-02 19:15 . 2008-08-02 19:15 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-02 18:39 . 2008-08-02 18:39 d-------- C:\Program Files\Unlocker 2008-08-02 18:39 . 2008-08-02 18:39 d-------- C:\Documents and Settings\ARBARNI\Application Data\Desktopicon 2008-08-01 02:45 . 2008-08-01 02:45 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll 2008-08-01 02:42 . 2008-08-01 02:42 d-------- C:\WINDOWS\ERUNT 2008-08-01 02:19 . 2008-08-01 02:19 1,882 --a------ C:\WINDOWS\system32 mp.reg 2008-07-30 22:06 . 2008-07-30 22:44 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-30 20:20 . 2008-07-30 20:32 d-------- C:\Program Files\Microsoft Bootvis 2008-07-30 19:57 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache cpip.sys 2008-07-30 19:57 . 2008-06-20 19:47 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-07-30 19:57 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache cpip6.sys 2008-07-30 19:57 . 2008-06-20 19:47 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-07-30 19:57 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-07-22 11:05 . 2008-07-22 11:05 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-07-22 11:03 . 2008-05-30 01:05 d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau 2008-07-22 11:03 . 2008-05-30 01:05 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-07-22 11:03 . 2008-05-30 01:08 d--h----- C:\Documents and Settings\Administrateur\Modèles 2008-07-22 11:03 . 2008-05-30 01:08 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-07-22 11:03 . 2008-05-30 01:08 dr------- C:\Documents and Settings\Administrateur\Menu Démarrer 2008-07-22 11:03 . 2008-05-30 01:08 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-07-22 11:03 . 2008-07-22 12:53 dr------- C:\Documents and Settings\Administrateur\Bureau 2008-07-22 11:03 . 2008-05-30 01:05 d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver 2008-07-22 11:03 . 2008-05-30 01:05 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2008-07-22 11:03 . 2008-07-22 11:03 d-------- C:\Documents and Settings\Administrateur 2008-07-22 08:18 . 2008-07-31 23:17 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-22 08:18 . 2008-07-22 08:18 d-------- C:\Documents and Settings\ARBARNI\Application Data\Malwarebytes 2008-07-22 08:18 . 2008-07-22 08:18 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-22 08:18 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-22 08:18 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-21 22:45 . 2008-08-03 14:41 d-------- C:\Program Files\Trend Micro 2008-07-21 20:57 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys 2008-07-21 20:56 . 2008-07-21 20:56 d-------- C:\Program Files\Panda Security 2008-07-21 20:38 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-21 20:36 . 2008-04-23 06:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-21 20:36 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-21 20:36 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-21 20:36 . 2008-04-23 06:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-21 20:36 . 2008-04-23 06:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-21 20:36 . 2008-04-23 06:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-21 20:36 . 2008-04-23 06:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-21 20:36 . 2008-04-23 06:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-21 20:36 . 2008-04-22 09:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-21 20:35 . 2008-05-09 12:55 180,224 --------- C:\WINDOWS\system32\dllcache\scrobj.dll 2008-07-21 20:35 . 2008-05-09 12:55 172,032 --------- C:\WINDOWS\system32\dllcache\scrrun.dll 2008-07-21 20:35 . 2008-05-08 13:24 155,648 --------- C:\WINDOWS\system32\dllcache\wscript.exe 2008-07-21 20:35 . 2008-05-09 10:45 135,168 --------- C:\WINDOWS\system32\dllcache\cscript.exe 2008-07-21 20:35 . 2008-05-09 12:55 90,112 --------- C:\WINDOWS\system32\dllcache\wshext.dll 2008-07-21 20:33 . 2008-05-07 07:11 1,294,336 --------- C:\WINDOWS\system32\dllcache\quartz.dll 2008-07-21 20:32 . 2008-07-21 20:32 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-21 20:13 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache mcast.sys 2008-07-21 20:10 . 2008-07-21 20:10 d-------- C:\Program Files\MSXML 4.0 2008-07-21 17:42 . 2008-07-21 17:42 d-------- C:\Program Files\ma-config.com 2008-07-21 17:42 . 2008-07-21 17:42 d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com 2008-07-09 20:42 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx 2008-07-09 20:42 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE 2008-07-09 20:42 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-03 13:07 --------- d-----w C:\Documents and Settings\ARBARNI\Application Data\OpenOffice.org2 2008-07-30 18:12 --------- d-----w C:\Program Files\Java 2008-07-19 12:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-27 21:19 135,168 ----a-w C:\WINDOWS\system32\drivers\Bjg46.sys 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 16:56 --------- d-----w C:\Documents and Settings\ARBARNI\Application Data\AdobeUM 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers cpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers cpip6.sys 2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-05 07:20 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-06-05 07:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-05 07:17 --------- d-----w C:\Program Files\ArcSoft 2008-06-05 07:15 --------- d-----w C:\Program Files\Canon 2008-06-04 12:47 --------- d-----w C:\Program Files\Google 2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:55 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:55 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll 2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-09 08:45 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-04 14:47 171448] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 21:29 102400] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 21:03 708697] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SiSPower"="SiSPower.dll" [2005-07-13 02:55 49152 C:\WINDOWS\system32\SiSPower.dll] C:\Documents and Settings\ARBARNI\Menu D‚marrer\Programmes\D‚marrage\ OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216] C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-10-24 14:56:08 262144] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\AOL 9.0\aol.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"= "%windir%\system32\sessmgr.exe"= "C:\APPS\Inventime\my.exe"= "C:\APPS\skype\phone\Skype.exe"= "C:\APPS\Powercinema\PowerCinema.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"= "C:\Program Files\AOL 9.0\waol.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= R0 Bjg46;Bjg46;C:\WINDOWS\system32\drivers\Bjg46.sys [2008-06-27 23:19] R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24] R0 qhvloatj;qhvloatj;C:\WINDOWS\system32\drivers\qhvloatj.sys [2004-08-05 14:00] R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 10:13] R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 14:50] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 16:43] S0 Winva71;Winva71;C:\WINDOWS\system32\Drivers\Winva71.sys [] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45] S3 ZD1211U(ASUS);ASUS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-09-08 09:41] *Newly Created Service* - CATCHME . - - - - ORPHANS REMOVED - - - - BHO-{92E5DF6B-D89A-4103-AC7B-F3F10ADB2A47} - C:\DOCUME~1\ARBARNI\LOCALS~1\Temp\dmE.dll BHO-{957C849E-DA93-42F4-948B-E7E20208E0D6} - c:\windows\system32\ylroxhk.dll . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\ARBARNI\Application Data\Mozilla\Firefox\Profiles\ujb2i2k8.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser ppdf32.dll FF -: plugin - C:\Program Files\ma-config.com phardwaredetection.dll FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology pViewpoint.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-03 15:19:25 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySqlInventime] "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime" . Temps d'accomplissement: 2008-08-03 15:20:20 ComboFix-quarantined-files.txt 2008-08-03 13:20:13 ComboFix2.txt 2008-08-03 11:34:34 Pre-Run: 41,296,117,760 octets libres Post-Run: 41,286,688,768 octets libres 180 --- E O F --- 2008-08-03 12:55:22

g!rly · Answer

oué desolé, mais en meme temps tu as plusieurs topiks...

K3RB3ROS · Answer

oui je sais bien mais au bout d'un moment Destrio5 n'avait plus de solutions et ma conseillé de faire un nouveau topic

sauf qu'après il a eu de nouveau des idées ^^ et vu que vous aviez posté sur ce topic aussi je l'ai laissé :/

sinon tu as une idée ?

g!rly · Answer

Vu comme ca...

Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[*]Double-clique sur Lop S&D.exe pour lancer l'installation,
[*]Puis double-clique sur le raccourci Lop S&D présent sur le Bureau.
[*]Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Le scan prend moins d'une minute.
[*]A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
[*]Enregistre le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt

puis

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis ! 

@+

K3RB3ROS · Answer

alors, voila les rapports :

Lop S&D

   --------------------\  Lop S&D 4.2.2-5  XP/Vista

   [ Windows XP (NT 5.1) Build 2600, Service Pack 3 ]
   [ USER : ARBARNI ] [ "C:\Lop SD" ] [ Selection : 1 ]
   [ 03/08/2008 | 15:39:37,84 ] [ PC : SNNECCI ]
   [ MAJ : 01-08-2008 | 01:40 ]
 
   --------------------\  Listing des dossiers dans APPLIC~1  

   [16/08/2004|17:55] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
   [30/05/2008|01:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
   [30/05/2008|01:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
   [22/07/2008|11:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Malwarebytes
   [30/05/2008|01:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
   [30/05/2008|01:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Real
   [30/05/2008|01:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Sun
   [30/05/2008|01:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
   [30/05/2008|01:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

   [30/05/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
   [30/05/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
   [02/08/2008|19:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
   [05/06/2008|09:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
   [30/05/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
   [16/08/2004|17:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
   [02/08/2008|21:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
   [04/06/2008|14:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
   [21/07/2008|17:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
   [22/07/2008|08:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
   [27/06/2008|21:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
   [30/05/2008|01:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
   [30/05/2008|01:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
   [30/05/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
   [30/07/2008|22:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
   [30/05/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
   [29/05/2008|16:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
   [30/05/2008|10:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

   [07/06/2008|18:47] C:\DOCUME~1\ARBARNI\APPLIC~1\Adobe
   [20/06/2008|18:56] C:\DOCUME~1\ARBARNI\APPLIC~1\AdobeUM
   [16/08/2004|17:55] C:\DOCUME~1\ARBARNI\APPLIC~1\desktop.ini
   [02/08/2008|18:39] C:\DOCUME~1\ARBARNI\APPLIC~1\Desktopicon
   [04/06/2008|14:48] C:\DOCUME~1\ARBARNI\APPLIC~1\Google
   [30/05/2008|01:05] C:\DOCUME~1\ARBARNI\APPLIC~1\Identities
   [30/05/2008|10:03] C:\DOCUME~1\ARBARNI\APPLIC~1\Macromedia
   [22/07/2008|08:18] C:\DOCUME~1\ARBARNI\APPLIC~1\Malwarebytes
   [30/07/2008|20:20] C:\DOCUME~1\ARBARNI\APPLIC~1\Microsoft
   [19/07/2008|15:10] C:\DOCUME~1\ARBARNI\APPLIC~1\Mozilla
   [30/05/2008|10:49] C:\DOCUME~1\ARBARNI\APPLIC~1\OD2
   [03/08/2008|15:07] C:\DOCUME~1\ARBARNI\APPLIC~1\OpenOffice.org2
   [03/06/2008|16:58] C:\DOCUME~1\ARBARNI\APPLIC~1\Real
   [30/05/2008|01:05] C:\DOCUME~1\ARBARNI\APPLIC~1\Sun
   [30/07/2008|20:39] C:\DOCUME~1\ARBARNI\APPLIC~1\WinRAR
   [30/05/2008|01:05] C:\DOCUME~1\ARBARNI\APPLIC~1\You've Got Pictures Screensaver

   [16/08/2004|17:55] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
   [30/05/2008|01:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
   [30/05/2008|01:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
   [30/05/2008|01:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
   [30/05/2008|01:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
   [30/05/2008|01:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Sun
   [30/05/2008|01:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
   [30/05/2008|01:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

   [30/05/2008|01:05] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

   [22/07/2008|13:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Adobe
   [22/07/2008|13:00] C:\DOCUME~1\NETWOR~1\APPLIC~1\Macromedia
   [29/05/2008|18:31] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
   [19/07/2008|16:24] C:\DOCUME~1\NETWOR~1\APPLIC~1\Mozilla
 
   --------------------\  Tâches planifiées dans C:\WINDOWS	asks

   [03/08/2008 15:06][--ah-----] C:\WINDOWS	asks\SA.DAT
   [05/08/2004 14:00][-rah-----] C:\WINDOWS	asks\desktop.ini

   --------------------\  Listing des dossiers dans C:\Program Files

   [30/05/2008|01:05] C:\Program Files\Adobe
   [30/05/2008|11:03] C:\Program Files\Alwil Software
   [30/05/2008|01:05] C:\Program Files\Analog Devices
   [30/05/2008|01:05] C:\Program Files\AOL 9.0
   [30/05/2008|01:05] C:\Program Files\AOL Compagnon
   [05/06/2008|09:17] C:\Program Files\ArcSoft
   [02/08/2008|19:15] C:\Program Files\Avira
   [05/06/2008|09:15] C:\Program Files\Canon
   [03/08/2008|14:45] C:\Program Files\CCleaner
   [30/05/2008|01:05] C:\Program Files\ComPlus Applications
   [30/05/2008|01:05] C:\Program Files\CONEXANT
   [30/05/2008|01:05] C:\Program Files\CyberLink
   [03/08/2008|15:18] C:\Program Files\Fichiers communs
   [04/06/2008|14:47] C:\Program Files\Google
   [05/06/2008|09:17] C:\Program Files\InstallShield Installation Information
   [21/07/2008|20:39] C:\Program Files\Internet Explorer
   [30/07/2008|20:12] C:\Program Files\Java
   [30/05/2008|01:05] C:\Program Files\Learn2.com
   [21/07/2008|17:42] C:\Program Files\ma-config.com
   [31/07/2008|23:17] C:\Program Files\Malwarebytes' Anti-Malware
   [29/05/2008|17:58] C:\Program Files\Messenger
   [30/07/2008|20:32] C:\Program Files\Microsoft Bootvis
   [21/07/2008|20:32] C:\Program Files\Microsoft CAPICOM 2.1.0.2
   [30/05/2008|01:05] C:\Program Files\microsoft frontpage
   [29/05/2008|17:01] C:\Program Files\Movie Maker
   [30/07/2008|22:43] C:\Program Files\Mozilla Firefox
   [30/05/2008|01:05] C:\Program Files\MSN
   [30/05/2008|01:05] C:\Program Files\MSN Gaming Zone
   [21/07/2008|20:10] C:\Program Files\MSXML 4.0
   [29/05/2008|16:58] C:\Program Files\NetMeeting
   [30/05/2008|01:09] C:\Program Files\Online Services
   [30/05/2008|10:58] C:\Program Files\OpenOffice.org 2.4
   [29/05/2008|16:58] C:\Program Files\Outlook Express
   [21/07/2008|20:56] C:\Program Files\Panda Security
   [30/05/2008|01:09] C:\Program Files\QuickTime
   [30/05/2008|01:05] C:\Program Files\Real
   [30/05/2008|01:10] C:\Program Files\Services en ligne
   [30/05/2008|01:10] C:\Program Files\SiS VGA Utilities V3.68
   [30/05/2008|01:10] C:\Program Files\sisagp
   [30/05/2008|01:05] C:\Program Files\Sonic
   [30/05/2008|01:05] C:\Program Files\Synaptics
   [03/08/2008|14:41] C:\Program Files\Trend Micro
   [30/05/2008|01:05] C:\Program Files\Uninstall Information
   [02/08/2008|18:39] C:\Program Files\Unlocker
   [30/05/2008|01:05] C:\Program Files\Viewpoint
   [02/08/2008|21:11] C:\Program Files\VirginMega
   [30/05/2008|10:04] C:\Program Files\Windows Live
   [02/08/2008|21:01] C:\Program Files\Windows Media Connect 2
   [02/08/2008|21:01] C:\Program Files\Windows Media Player
   [29/05/2008|16:58] C:\Program Files\Windows NT
   [30/05/2008|01:05] C:\Program Files\WindowsUpdate
   [30/05/2008|10:52] C:\Program Files\WinRAR
   [30/05/2008|01:05] C:\Program Files\xerox

   --------------------\  Listing des dossiers dans C:\Program Files\Fichiers communs

   [30/05/2008|01:05] C:\Program Files\Fichiers communs\Adobe
   [30/05/2008|01:07] C:\Program Files\Fichiers communs\AOL
   [30/05/2008|01:07] C:\Program Files\Fichiers communs\aolshare
   [30/05/2008|01:05] C:\Program Files\Fichiers communs\InstallShield
   [30/05/2008|01:05] C:\Program Files\Fichiers communs\Java
   [30/05/2008|10:04] C:\Program Files\Fichiers communs\Microsoft Shared
   [05/08/2004|14:00] C:\Program Files\Fichiers communs\Mozilla Shared
   [30/05/2008|01:05] C:\Program Files\Fichiers communs\MSSoap
   [30/05/2008|01:05] C:\Program Files\Fichiers communs\Nullsoft
   [30/05/2008|01:05] C:\Program Files\Fichiers communs\ODBC
   [30/05/2008|01:05] C:\Program Files\Fichiers communs\Real
   [30/05/2008|01:07] C:\Program Files\Fichiers communs\Services
   [30/05/2008|01:07] C:\Program Files\Fichiers communs\Sonic Shared
   [30/05/2008|01:05] C:\Program Files\Fichiers communs\SpeechEngines
   [30/05/2008|01:07] C:\Program Files\Fichiers communs\SureThing Shared
   [19/07/2008|14:29] C:\Program Files\Fichiers communs\Symantec Shared
   [29/05/2008|16:58] C:\Program Files\Fichiers communs\System
   [30/05/2008|10:07] C:\Program Files\Fichiers communs\WindowsLiveInstaller
   [30/05/2008|01:05] C:\Program Files\Fichiers communs\xing shared

   --------------------\  Process

   ( 37 Processus )

   iexplore.exe ~ [2124]

   --------------------\  Recherche avec S_Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Recherche de Fichiers / Dossiers Lop

   Aucun fichier / dossier Lop trouvé ! 
 
   --------------------\  Verification du Registre
 
   ..... OK !

   --------------------\  Verification du fichier Hosts

   Fichier Hosts PROPRE


   --------------------\  Recherche de fichiers avec Catchme
 
   catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
   Rootkit scan 2008-08-03 15:41:32
   Windows 5.1.2600 Service Pack 3 NTFS
   scanning hidden processes ...
   scanning hidden files ...
   scan completed successfully
   hidden processes: 0
   hidden files: 0
 
   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !

   [F:13][D:0]-> C:\DOCUME~1\ARBARNI\Cookies
   [F:92][D:4]-> C:\DOCUME~1\ARBARNI\LOCALS~1\TEMPOR~1\content.IE5

   --------------------\  Fin du rapport a 15:42:05,04

SDFix


[b]SDFix: Version 1.209 /b
Run by ARBARNI on 03/08/2008 at 15:50

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ARBARNI\Bureau\CHASSE~1\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files /b: 

No Trojan Files Found






Removing Temp Files

[b]ADS Check /b:
 


                                 [b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 16:09:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\AOL 9.0\aol.exe"="%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"="%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\APPS\Inventime\my.exe"="C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME"
"C:\APPS\skype\phone\Skype.exe"="C:\APPS\skype\phone\Skype.exe:*:Enabled:Skype"
"C:\APPS\Powercinema\PowerCinema.exe"="C:\APPS\Powercinema\PowerCinema.exe:*:Enabled:PowerCinema"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"="C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[b]Remaining Files /b:



[b]Files with Hidden Attributes /b:

Mon 24 Oct 2005           215 A.SHR --- "C:\BOOT.BAK"
Tue 31 May 2005        54,384 A..H. --- "C:\Program Files\AOL 9.0\aolphx.exe"
Tue 31 May 2005       156,784 A..H. --- "C:\Program Files\AOL 9.0\aoltray.exe"
Tue 31 May 2005        31,344 A..H. --- "C:\Program Files\AOL 9.0\RBM.exe"
Mon 14 Mar 2005       299,008 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\Maint.exe"
Mon 25 Apr 2005        61,440 A..H. --- "C:\Program Files\Canon\MP Navigator 2.0\uinstrsc.dll"
Sat  2 Aug 2008             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 30 May 2008             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8171d23d6d072d8b50d065ca55a754fb\BIT1.tmp"
Tue 31 May 2005       106,496 A..H. --- "C:\Program Files\Fichiers communs\aolshare\shell\fr\shellext.dll"

[b]Finished!/b



et HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:17:06, on 03/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\ARBARNI\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {92E5DF6B-D89A-4103-AC7B-F3F10ADB2A47} - C:\DOCUME~1\ARBARNI\LOCALS~1\Temp\dmE.dll (file missing)
O2 - BHO: (no name) - {957C849E-DA93-42F4-948B-E7E20208E0D6} - c:\windows\system32\ylroxhk.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AAE048-74CC-46B3-A3D2-041C5967FC68}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

g!rly · Answer

ok

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\Drivers\Winva71.sys
C:\WINDOWS\system32\drivers\Bjg46.sys
C:\WINDOWS\system32\drivers\pavboot.sys

Folder::
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
C:\Program Files\Viewpoint

Driver::
Winva71
Bjg46
pavboot

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

K3RB3ROS · Answer

et hop ! ComboFix ComboFix 08-08-02.01 - ARBARNI 2008-08-03 16:44:51.4 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.626 [GMT 2:00] Endroit: C:\Documents and Settings\ARBARNI\Bureau\Chasse aux virus\ComboFix.exe Command switches used :: C:\Documents and Settings\ARBARNI\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\system32\drivers\Bjg46.sys C:\WINDOWS\system32\drivers\pavboot.sys C:\WINDOWS\system32\Drivers\Winva71.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\MetaStreamConfig.ini C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-672059697.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-681648789.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\-716026614.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00\URLCache.ini C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1588488936.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\-1697589072.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1024896942.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\1136233701.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\290547230.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01\URLCache.ini C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\-207333975.mtx C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\346840136.mtx C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\648662744.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02\URLCache.ini C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-299234580.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\-347626359.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\2091149108.swf C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03\URLCache.ini C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9\FLFBootStrap.mtx C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus\FLFBootStrap.mtx C:\Program Files\Viewpoint C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLArt.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLShell.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\AOLUserShell.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\Cursors.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\DataTracking.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\GifReader.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\JpegReader.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\LensFlares.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\Mts3Reader.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\ObjectMovie.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SceneComponent.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\ServiceComponent.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SreeDMMX.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\SWFView.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VectorView.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPAudio.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPExtras.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPSpeech.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\VMPVideo.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\WaveletReader.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents\ZoomView.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt C:\WINDOWS\system32\drivers\Bjg46.sys C:\WINDOWS\system32\drivers\pavboot.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_BJG46 -------\Legacy_PAVBOOT -------\Legacy_WINVA71 -------\Service_Bjg46 -------\Service_pavboot -------\Service_Winva71 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))))))) . 2008-08-03 15:39 . 2008-08-03 15:42 d-------- C:\Lop SD 2008-08-03 14:45 . 2008-08-03 14:45 d-------- C:\Program Files\CCleaner 2008-08-02 21:11 . 2008-08-02 21:11 d-------- C:\Program Files\VirginMega 2008-08-02 21:09 . 2008-08-02 21:09 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-08-02 21:01 . 2008-08-02 21:01 d-------- C:\Program Files\Windows Media Connect 2 2008-08-02 20:59 . 2008-08-02 21:00 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-08-02 19:15 . 2008-08-02 19:15 d-------- C:\Program Files\Avira 2008-08-02 19:15 . 2008-08-02 19:15 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-02 18:39 . 2008-08-02 18:39 d-------- C:\Program Files\Unlocker 2008-08-02 18:39 . 2008-08-02 18:39 d-------- C:\Documents and Settings\ARBARNI\Application Data\Desktopicon 2008-08-01 02:45 . 2008-08-01 02:45 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll 2008-08-01 02:42 . 2008-08-01 02:42 d-------- C:\WINDOWS\ERUNT 2008-08-01 02:19 . 2008-08-01 02:19 1,882 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-30 22:06 . 2008-07-30 22:44 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-30 20:20 . 2008-07-30 20:32 d-------- C:\Program Files\Microsoft Bootvis 2008-07-30 19:57 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-07-30 19:57 . 2008-06-20 19:47 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-07-30 19:57 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-07-30 19:57 . 2008-06-20 19:47 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-07-30 19:57 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-07-22 11:05 . 2008-07-22 11:05 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-07-22 11:03 . 2008-05-30 01:05 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-07-22 11:03 . 2008-05-30 01:05 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-07-22 11:03 . 2008-05-30 01:08 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-07-22 11:03 . 2008-05-30 01:08 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-07-22 11:03 . 2008-05-30 01:08 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-07-22 11:03 . 2008-05-30 01:08 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-07-22 11:03 . 2008-07-22 12:53 dr------- C:\Documents and Settings\Administrateur\Bureau 2008-07-22 11:03 . 2008-05-30 01:05 d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver 2008-07-22 11:03 . 2008-05-30 01:05 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2008-07-22 11:03 . 2008-07-22 11:03 d-------- C:\Documents and Settings\Administrateur 2008-07-22 08:18 . 2008-07-31 23:17 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-22 08:18 . 2008-07-22 08:18 d-------- C:\Documents and Settings\ARBARNI\Application Data\Malwarebytes 2008-07-22 08:18 . 2008-07-22 08:18 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-22 08:18 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-22 08:18 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-21 22:45 . 2008-08-03 14:41 d-------- C:\Program Files\Trend Micro 2008-07-21 20:56 . 2008-07-21 20:56 d-------- C:\Program Files\Panda Security 2008-07-21 20:38 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-21 20:36 . 2008-04-23 06:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-21 20:36 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-21 20:36 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-21 20:36 . 2008-04-23 06:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-21 20:36 . 2008-04-23 06:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-21 20:36 . 2008-04-23 06:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-21 20:36 . 2008-04-23 06:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-21 20:36 . 2008-04-23 06:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-21 20:36 . 2008-04-22 09:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-21 20:35 . 2008-05-09 12:55 180,224 --------- C:\WINDOWS\system32\dllcache\scrobj.dll 2008-07-21 20:35 . 2008-05-09 12:55 172,032 --------- C:\WINDOWS\system32\dllcache\scrrun.dll 2008-07-21 20:35 . 2008-05-08 13:24 155,648 --------- C:\WINDOWS\system32\dllcache\wscript.exe 2008-07-21 20:35 . 2008-05-09 10:45 135,168 --------- C:\WINDOWS\system32\dllcache\cscript.exe 2008-07-21 20:35 . 2008-05-09 12:55 90,112 --------- C:\WINDOWS\system32\dllcache\wshext.dll 2008-07-21 20:33 . 2008-05-07 07:11 1,294,336 --------- C:\WINDOWS\system32\dllcache\quartz.dll 2008-07-21 20:32 . 2008-07-21 20:32 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-21 20:13 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-21 20:10 . 2008-07-21 20:10 d-------- C:\Program Files\MSXML 4.0 2008-07-21 17:42 . 2008-07-21 17:42 d-------- C:\Program Files\ma-config.com 2008-07-21 17:42 . 2008-07-21 17:42 d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com 2008-07-09 20:42 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx 2008-07-09 20:42 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE 2008-07-09 20:42 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-03 14:12 --------- d-----w C:\Documents and Settings\ARBARNI\Application Data\OpenOffice.org2 2008-07-30 18:12 --------- d-----w C:\Program Files\Java 2008-07-19 12:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 16:56 --------- d-----w C:\Documents and Settings\ARBARNI\Application Data\AdobeUM 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-05 07:20 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-06-05 07:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-05 07:17 --------- d-----w C:\Program Files\ArcSoft 2008-06-05 07:15 --------- d-----w C:\Program Files\Canon 2008-06-04 12:47 --------- d-----w C:\Program Files\Google 2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:55 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:55 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll 2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-09 08:45 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-03_15.19.53.78 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-01 00:42:37 3,084,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT + 2008-08-03 13:47:42 3,084,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT - 2008-08-01 00:42:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat + 2008-08-03 13:47:42 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92E5DF6B-D89A-4103-AC7B-F3F10ADB2A47}] C:\DOCUME~1\ARBARNI\LOCALS~1\Temp\dmE.dll [BU] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{957C849E-DA93-42F4-948B-E7E20208E0D6}] c:\windows\system32\ylroxhk.dll [BU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-04 14:47 171448] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 21:29 102400] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 21:03 708697] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "SiSPower"="SiSPower.dll" [2005-07-13 02:55 49152 C:\WINDOWS\system32\SiSPower.dll] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\AOL 9.0\aol.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"= "%windir%\system32\sessmgr.exe"= "C:\APPS\Inventime\my.exe"= "C:\APPS\skype\phone\Skype.exe"= "C:\APPS\Powercinema\PowerCinema.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"= "C:\Program Files\AOL 9.0\waol.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= R0 qhvloatj;qhvloatj;C:\WINDOWS\system32\drivers\qhvloatj.sys [2004-08-05 14:00] R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 10:13] R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 14:50] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 16:43] R3 ZD1211U(ASUS);ASUS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-09-08 09:41] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-03 16:49:21 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime] "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\APPS\HIDSERVICE\HidService.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.bin C:\WINDOWS\ATK0100\ATKOSD.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-03 16:52:22 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-03 14:52:13 ComboFix2.txt 2008-08-03 13:20:21 ComboFix3.txt 2008-08-03 11:34:34 Pre-Run: 41,265,467,392 octets libres Post-Run: 41,253,199,872 octets libres 260 --- E O F --- 2008-08-03 12:55:22 et Hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:53:56, on 03/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\ARBARNI\Bureau\Chasse aux virus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {92E5DF6B-D89A-4103-AC7B-F3F10ADB2A47} - C:\DOCUME~1\ARBARNI\LOCALS~1\Temp\dmE.dll (file missing) O2 - BHO: (no name) - {957C849E-DA93-42F4-948B-E7E20208E0D6} - c:\windows\system32\ylroxhk.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/... O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AAE048-74CC-46B3-A3D2-041C5967FC68}: NameServer = 192.168.1.1 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

g!rly · Answer

re

Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\WINDOWS\system32\drivers\qhvloatj.sys
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799

K3RB3ROS · Answer

Scan taken on 03 Aug 2008 15:02:15 (GMT)  
A-Squared  Found nothing 
AntiVir  Found nothing 
ArcaVir  Found nothing 
Avast  Found nothing 
AVG Antivirus  Found nothing 
BitDefender  Found nothing 
ClamAV  Found nothing 
CPsecure  Found nothing 
Dr.Web  Found nothing 
F-Prot Antivirus  Found nothing 
F-Secure Anti-Virus  Found nothing 
Fortinet  Found nothing 
Ikarus  Found nothing 
Kaspersky Anti-Virus  Found nothing 
NOD32  Found nothing 
Norman Virus Control  Found nothing 
Panda Antivirus  Found nothing 
Sophos Antivirus  Found nothing 
VirusBuster  Found nothing 
VBA32  Found nothing

g!rly · Answer

ok


Edit :

T´as edité le message ?

celui la tu l´as depuis un moment...

Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\drivers\qhvloatj.sys

Driver::
qhvloatj

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

K3RB3ROS · Answer

oui oui jai edit javai mi des trucs en trop.... ComboFix 08-08-02.01 - ARBARNI 2008-08-03 17:16:11.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.628 [GMT 2:00] Endroit: C:\Documents and Settings\ARBARNI\Bureau\Chasse aux virus\ComboFix.exe Command switches used :: C:\Documents and Settings\ARBARNI\Bureau\CFScript.txt * Création d'un nouveau point de restauration FILE :: C:\WINDOWS\system32\drivers\qhvloatj.sys . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\qhvloatj.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_QHVLOATJ -------\Service_qhvloatj ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))))))) . 2008-08-03 15:39 . 2008-08-03 15:42 d-------- C:\Lop SD 2008-08-03 14:45 . 2008-08-03 14:45 d-------- C:\Program Files\CCleaner 2008-08-02 21:11 . 2008-08-02 21:11 d-------- C:\Program Files\VirginMega 2008-08-02 21:09 . 2008-08-02 21:09 d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations 2008-08-02 21:01 . 2008-08-02 21:01 d-------- C:\Program Files\Windows Media Connect 2 2008-08-02 20:59 . 2008-08-02 21:00 d-------- C:\WINDOWS\system32\drivers\UMDF 2008-08-02 19:15 . 2008-08-02 19:15 d-------- C:\Program Files\Avira 2008-08-02 19:15 . 2008-08-02 19:15 d-------- C:\Documents and Settings\All Users\Application Data\Avira 2008-08-02 18:39 . 2008-08-02 18:39 d-------- C:\Program Files\Unlocker 2008-08-02 18:39 . 2008-08-02 18:39 d-------- C:\Documents and Settings\ARBARNI\Application Data\Desktopicon 2008-08-01 02:45 . 2008-08-01 02:45 579,584 --a------ C:\WINDOWS\system32\dllcache\user32.dll 2008-08-01 02:42 . 2008-08-01 02:42 d-------- C:\WINDOWS\ERUNT 2008-08-01 02:19 . 2008-08-01 02:19 1,882 --a------ C:\WINDOWS\system32\tmp.reg 2008-07-30 22:06 . 2008-07-30 22:44 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-30 20:20 . 2008-07-30 20:32 d-------- C:\Program Files\Microsoft Bootvis 2008-07-30 19:57 . 2008-06-20 13:51 361,600 --------- C:\WINDOWS\system32\dllcache\tcpip.sys 2008-07-30 19:57 . 2008-06-20 19:47 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll 2008-07-30 19:57 . 2008-06-20 13:08 225,856 --------- C:\WINDOWS\system32\dllcache\tcpip6.sys 2008-07-30 19:57 . 2008-06-20 19:47 147,968 --------- C:\WINDOWS\system32\dllcache\dnsapi.dll 2008-07-30 19:57 . 2008-06-20 13:40 138,496 --------- C:\WINDOWS\system32\dllcache\afd.sys 2008-07-22 11:05 . 2008-07-22 11:05 d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-07-22 11:03 . 2008-05-30 01:05 d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau 2008-07-22 11:03 . 2008-05-30 01:05 d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression 2008-07-22 11:03 . 2008-05-30 01:08 d--h----- C:\Documents and Settings\Administrateur\ModŠles 2008-07-22 11:03 . 2008-05-30 01:08 dr------- C:\Documents and Settings\Administrateur\Mes documents 2008-07-22 11:03 . 2008-05-30 01:08 dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer 2008-07-22 11:03 . 2008-05-30 01:08 dr------- C:\Documents and Settings\Administrateur\Favoris 2008-07-22 11:03 . 2008-07-22 12:53 dr------- C:\Documents and Settings\Administrateur\Bureau 2008-07-22 11:03 . 2008-05-30 01:05 d-------- C:\Documents and Settings\Administrateur\Application Data\You've Got Pictures Screensaver 2008-07-22 11:03 . 2008-05-30 01:05 d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec 2008-07-22 11:03 . 2008-07-22 11:03 d-------- C:\Documents and Settings\Administrateur 2008-07-22 08:18 . 2008-07-31 23:17 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-07-22 08:18 . 2008-07-22 08:18 d-------- C:\Documents and Settings\ARBARNI\Application Data\Malwarebytes 2008-07-22 08:18 . 2008-07-22 08:18 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-07-22 08:18 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-07-22 08:18 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-07-21 22:45 . 2008-08-03 14:41 d-------- C:\Program Files\Trend Micro 2008-07-21 20:56 . 2008-07-21 20:56 d-------- C:\Program Files\Panda Security 2008-07-21 20:38 . 2008-06-14 19:33 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-21 20:36 . 2008-04-23 06:16 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-07-21 20:36 . 2007-04-17 11:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-07-21 20:36 . 2007-03-08 07:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-07-21 20:36 . 2008-04-23 06:16 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-07-21 20:36 . 2008-04-23 06:16 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-07-21 20:36 . 2008-04-23 06:16 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-07-21 20:36 . 2008-04-23 06:16 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll 2008-07-21 20:36 . 2008-04-23 06:16 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-07-21 20:36 . 2008-04-22 09:39 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-07-21 20:35 . 2008-05-09 12:55 180,224 --------- C:\WINDOWS\system32\dllcache\scrobj.dll 2008-07-21 20:35 . 2008-05-09 12:55 172,032 --------- C:\WINDOWS\system32\dllcache\scrrun.dll 2008-07-21 20:35 . 2008-05-08 13:24 155,648 --------- C:\WINDOWS\system32\dllcache\wscript.exe 2008-07-21 20:35 . 2008-05-09 10:45 135,168 --------- C:\WINDOWS\system32\dllcache\cscript.exe 2008-07-21 20:35 . 2008-05-09 12:55 90,112 --------- C:\WINDOWS\system32\dllcache\wshext.dll 2008-07-21 20:33 . 2008-05-07 07:11 1,294,336 --------- C:\WINDOWS\system32\dllcache\quartz.dll 2008-07-21 20:32 . 2008-07-21 20:32 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-07-21 20:13 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-07-21 20:10 . 2008-07-21 20:10 d-------- C:\Program Files\MSXML 4.0 2008-07-21 17:42 . 2008-07-21 17:42 d-------- C:\Program Files\ma-config.com 2008-07-21 17:42 . 2008-07-21 17:42 d-------- C:\Documents and Settings\All Users\Application Data\ma-config.com 2008-07-09 20:42 . 2001-09-30 19:10 246,784 --a------ C:\WINDOWS\system32\ActiveSkin.ocx 2008-07-09 20:42 . 2001-05-24 12:59 162,304 --a------ C:\UNWISE.EXE 2008-07-09 20:42 . 2002-01-18 18:12 112 --a------ C:\WINDOWS\ActiveSkin.INI . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-03 15:21 --------- d-----w C:\Documents and Settings\ARBARNI\Application Data\OpenOffice.org2 2008-07-30 18:12 --------- d-----w C:\Program Files\Java 2008-07-19 12:29 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared 2008-06-20 17:47 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 16:56 --------- d-----w C:\Documents and Settings\ARBARNI\Application Data\AdobeUM 2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-06-14 17:33 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys 2008-06-05 07:20 --------- d--h--w C:\Documents and Settings\All Users\Application Data\CanonBJ 2008-06-05 07:17 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-05 07:17 --------- d-----w C:\Program Files\ArcSoft 2008-06-05 07:15 --------- d-----w C:\Program Files\Canon 2008-06-04 12:47 --------- d-----w C:\Program Files\Google 2008-05-09 10:55 90,112 ----a-w C:\WINDOWS\system32\wshext.dll 2008-05-09 10:55 512,000 ------w C:\WINDOWS\system32\dllcache\jscript.dll 2008-05-09 10:55 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-05-09 10:55 430,080 ------w C:\WINDOWS\system32\dllcache\vbscript.dll 2008-05-09 10:55 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll 2008-05-09 10:55 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll 2008-05-09 08:45 135,168 ----a-w C:\WINDOWS\system32\cscript.exe 2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe 2008-05-07 05:11 1,294,336 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-03_15.19.53.78 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-01 00:42:37 3,084,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT + 2008-08-03 13:47:42 3,084,288 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000001\NTUSER.DAT - 2008-08-01 00:42:38 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat + 2008-08-03 13:47:42 163,840 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\[u]0/u0000002\UsrClass.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92E5DF6B-D89A-4103-AC7B-F3F10ADB2A47}] C:\DOCUME~1\ARBARNI\LOCALS~1\Temp\dmE.dll [BU] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{957C849E-DA93-42F4-948B-E7E20208E0D6}] c:\windows\system32\ylroxhk.dll [BU] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-04 14:47 171448] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 08:18 307200] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2005-07-28 21:29 102400] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-05-11 21:03 708697] "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 09:11 1388544] "PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-24 15:20 98304] "SiSPower"="SiSPower.dll" [2005-07-13 02:55 49152 C:\WINDOWS\system32\SiSPower.dll] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%ProgramFiles%\AOL 9.0\aol.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"= "%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"= "%windir%\system32\sessmgr.exe"= "C:\APPS\Inventime\my.exe"= "C:\APPS\skype\phone\Skype.exe"= "C:\APPS\Powercinema\PowerCinema.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe"= "C:\Program Files\Fichiers communs\AOL\ACS\AOLacsd.exe"= "C:\Program Files\AOL 9.0\waol.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= R3 ASNDIS5;ASNDIS5 Protocol Driver;C:\WINDOWS\ATK0100\ASNDIS5.SYS [2004-05-28 10:13] R3 HSFHWSIS;HSFHWSIS;C:\WINDOWS\system32\DRIVERS\HSFHWSIS.sys [2005-06-22 14:50] R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 16:43] R3 ZD1211U(ASUS);ASUS ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(ASUS);C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-09-08 09:41] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-06-26 09:13] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 20:45] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 20:45] *Newly Created Service* - QHVLOATJ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-03 17:20:09 Windows 5.1.2600 Service Pack 3 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySqlInventime] "ImagePath"="c:\mysql\bin\mysqld-max-nt MySqlInventime" . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe C:\APPS\HIDSERVICE\HidService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.bin C:\WINDOWS\ATK0100\ATKOSD.exe . ************************************************************************** . Temps d'accomplissement: 2008-08-03 17:22:52 - machine was rebooted ComboFix-quarantined-files.txt 2008-08-03 15:22:47 ComboFix2.txt 2008-08-03 14:52:24 ComboFix3.txt 2008-08-03 13:20:21 ComboFix4.txt 2008-08-03 11:34:34 Pre-Run: 41,237,176,320 octets libres Post-Run: 41,233,936,384 octets libres 203 --- E O F --- 2008-08-03 12:55:22 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:23:31, on 03/08/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe c:\APPS\HIDSERVICE\HIDSERVICE.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe c:\APPS\Powercinema\Kernel\TV\CLSched.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Apps\Powercinema\PCMService.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\sistray.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.exe C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN C:\WINDOWS\ATK0100\ATKOSD.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\ARBARNI\Bureau\Chasse aux virus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {92E5DF6B-D89A-4103-AC7B-F3F10ADB2A47} - C:\DOCUME~1\ARBARNI\LOCALS~1\Temp\dmE.dll (file missing) O2 - BHO: (no name) - {957C849E-DA93-42F4-948B-E7E20208E0D6} - c:\windows\system32\ylroxhk.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/... O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AAE048-74CC-46B3-A3D2-041C5967FC68}: NameServer = 192.168.1.1 O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

g!rly · Answer

ok

bon

essaie de fixer ces lignes maintenant :

O2 - BHO: (no name) - {92E5DF6B-D89A-4103-AC7B-F3F10ADB2A47} - C:\DOCUME~1\ARBARNI\LOCALS~1\Temp\dmE.dll (file missing)
O2 - BHO: (no name) - {957C849E-DA93-42F4-948B-E7E20208E0D6} - c:\windows\system32\ylroxhk.dll (file missing)

K3RB3ROS · Answer

elles sont enfin partis !!!

merci a toi :)

g!rly · Answer

ok cool 
repost un nouveau rapport hijack this stp
@+

K3RB3ROS · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:49:14, on 03/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\ARBARNI\Bureau\Chasse aux virus\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{A8AAE048-74CC-46B3-A3D2-041C5967FC68}: NameServer = 192.168.1.1
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MySqlInventime - Unknown owner - c:\mysql\bin\mysqld-max-nt.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

g!rly · Answer

Salut K3RB3ROS,

A l´aide de hijack this coche et fix les lignes suivantes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/default.aspx 

puis

ta version de acrobat reader n´est pas a jour, tu veux la derniere verion en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou oublie completement acrobat reader et instales foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

puis effectue un scan en mode sans echec a l´aide d´antivir :

Reglages :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes : 
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

clcik sur le parapluie dans la bare des tache et dans la fenetre du programme clcik sur scan now

-> Redémarre en mode sans échec : 

   Comment redémarrer en mode sans echec? 

   Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

@+

K3RB3ROS · Answer

salut

pour les lignes c'est bon :)

par contre, pour le scan en mode sans echecs.... il dure une demi seconde -_- 
donc je pense que ca marche pas
aprés en mode normal c'est bon

Destrio5 · Answer

Merci g!rly, tu m'as appris des choses. J'hésitais pour les fichiers que tu as viré avec File: : et Driver: :

g!rly · Answer

salut K3RB3ROS

click sur le parapluie dans la barre des taches

dan la fenetre d´antivir click sur scan system now ;)

salut destrio5, 

et bien c´est cool ;)

@+

K3RB3ROS · Answer

voila le rapport :




Avira AntiVir Personal
Report file date: mardi 5 août 2008  20:14

Scanning for 1536287 virus strains and unwanted programs.

Licensed to:      Avira AntiVir PersonalEdition Classic
Serial number:    0000149996-ADJIE-0001
Platform:         Windows XP
Windows version:  (Service Pack 3)  [5.1.2600]
Boot mode:        Normally booted
Username:         SYSTEM
Computer name:    SNNECCI

Version information:
BUILD.DAT     : 8.1.0.326      16933 Bytes  11/07/2008 12:57:00
AVSCAN.EXE    : 8.1.4.7       315649 Bytes  05/08/2008 13:40:45
AVSCAN.DLL    : 8.1.4.0        40705 Bytes  05/08/2008 13:40:45
LUKE.DLL      : 8.1.4.5       164097 Bytes  05/08/2008 13:40:46
LUKERES.DLL   : 8.1.4.0        12033 Bytes  05/08/2008 13:40:46
ANTIVIR0.VDF  : 6.40.0.0    11030528 Bytes  18/07/2007 10:33:34
ANTIVIR1.VDF  : 7.0.5.1      8182784 Bytes  24/06/2008 17:18:34
ANTIVIR2.VDF  : 7.0.5.207    2316800 Bytes  04/08/2008 13:40:46
ANTIVIR3.VDF  : 7.0.5.216      75264 Bytes  05/08/2008 13:40:46
Engineversion : 8.1.1.15  
AEVDF.DLL     : 8.1.0.5       102772 Bytes  25/02/2008 09:58:21
AESCRIPT.DLL  : 8.1.0.61      311675 Bytes  02/08/2008 17:18:54
AESCN.DLL     : 8.1.0.23      119156 Bytes  02/08/2008 17:18:53
AERDL.DLL     : 8.1.0.20      418165 Bytes  02/08/2008 17:18:52
AEPACK.DLL    : 8.1.2.1       364917 Bytes  02/08/2008 17:18:51
AEOFFICE.DLL  : 8.1.0.21      192891 Bytes  02/08/2008 17:18:50
AEHEUR.DLL    : 8.1.0.44     1343863 Bytes  02/08/2008 17:18:49
AEHELP.DLL    : 8.1.0.15      115063 Bytes  02/08/2008 17:18:47
AEGEN.DLL     : 8.1.0.32      315765 Bytes  02/08/2008 17:18:47
AEEMU.DLL     : 8.1.0.7       430452 Bytes  02/08/2008 17:18:46
AECORE.DLL    : 8.1.1.8       172406 Bytes  02/08/2008 17:18:45
AEBB.DLL      : 8.1.0.1        53617 Bytes  02/08/2008 17:18:44
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  05/08/2008 13:40:45
AVPREF.DLL    : 8.0.2.0        38657 Bytes  05/08/2008 13:40:45
AVREP.DLL     : 8.0.0.2        98344 Bytes  02/08/2008 17:18:43
AVREG.DLL     : 8.0.0.1        33537 Bytes  05/08/2008 13:40:45
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 08:29:23
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  05/08/2008 13:40:45
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 17:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  05/08/2008 13:40:46
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 12:05:10
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  05/08/2008 13:40:42
RCTEXT.DLL    : 8.0.52.0       86273 Bytes  05/08/2008 13:40:42

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, 
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: mardi 5 août 2008  20:14

Starting search for hidden objects.
'53894' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'HidService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'sistray.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!

Starting to scan the registry.
The registry was scanned ( '51' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
    [WARNING]   The file could not be opened!
C:\pagefile.sys
    [WARNING]   The file could not be opened!


End of the scan: mardi 5 août 2008  20:37
Used time: 23:44 Minute(s)

The scan has been done completely.

   4716 Scanning directories
 281205 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
 281203 Files not concerned
   7209 Archives were scanned
      2 Warnings
      0 Notes
  53894 Objects were scanned with rootkit scan
      0 Hidden objects were found

g!rly · Answer

salut k3rb3ros,

le scan ne montre pas d´infection ,)

post un dernier rapport hijack this stp

@+

K3RB3ROS · Answer

salut salut !

dsl du retard gros souci avec mon FAI . . .

voila le rapport


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:48:35, on 14/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32
vraidservice.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Razer\Lycosaazerhid.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcIp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Jeux\Steam\Steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\install & .exe\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32
vraidservice.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Lycosa] "C:\Program Files\Razer\Lycosaazerhid.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EPSON Stylus DX4200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /P26 "EPSON Stylus DX4200 Series" /O6 "USB001" /M "Stylus DX4200"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BD6EB290-A9A0-43E0-A643-A09E4E350081}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcAppFlt.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32
SvcIp.exe

g!rly · Answer

Salut K3RB3ROS,

Oui ça fesait un bout de temps...

Le rapport hijack this est propre, on va retirer le superflu :

A l´aide de hijack this coche et fix :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

ta version de acrobat reader n´est pas a jour, tu veux la derniere verion en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get2.adobe.com/reader/otherversions/

ou oublie completement acrobat reader et instales foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

confirme moi que tout va bien ;)

@+

K3RB3ROS · Answer

Salut !
tout est ok :)

sauf que a peu près une fois sur trois mon pc reboot quand je lui demande de s'éteindre . . .
ou bien 30 min après s'être éteint il redémarre tout seul . . .

sinon tout va bien ^^

une idée ?

merci encore !

g!rly · Answer

Salut K3RB3ROS, 

As tu le cd d´installation de windows ? 

(pour tenter une reparation...)

@+

K3RB3ROS · Answer

salut

oui, j'ai le cd 
c'est un vrai ( je préfère préciser ;) )

g!rly · Answer

Salut, 

bon; ce que tu peux essayer c´est de réparer l´installation...

regarde ce document pour savoir comment t´y prendre :

http://www.informatruc.com/reparer-windows-xp/

K3RB3ROS · Answer

oulalala...
il serait peut être temps que je réponde moi...

c'est bon, tout marche parfaitement :)
encore merci a toi Gurly !

Win32:Trojan-gen. {Other} suite...

55 réponses

Discussions similaires