Sujet Précédent Sujet Suivant

Win32:FraudTool-GI [Tool]

Fermé
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008 - 29 août 2008 à 03:39
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 30 août 2008 à 01:43
Bonjour, j'ai une alerte avast pour se virus toute les 10s, donc vous comprendrez que c'est vraiment insuportable je ne peux mme plus travailler...Merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:28:20, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\lphcaavj0e9d8.exe
C:\Program Files\rhceavj0e9d8\rhceavj0e9d8.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\lwzevqfa.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Utilisateur\Bureau\HiJackThis.exe
C:\WINDOWS\system32\lwzevqfa.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [lphcaavj0e9d8] C:\WINDOWS\system32\lphcaavj0e9d8.exe
O4 - HKLM\..\Run: [SMrhceavj0e9d8] C:\Program Files\rhceavj0e9d8\rhceavj0e9d8.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WebSrv] C:\WINDOWS\system32\lwzevqfa.exe
O4 - HKLM\..\Policies\Explorer\Run: [vflWjTRiLZ] C:\Documents and Settings\Utilisateur\Bureau\AdobeFlashPlayerHD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O21 - SSODL: msgmon - {09A54591-0E31-323A-B579-099AFC998CD2} - C:\Program Files\cscjsne\msgmon.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

32 réponses

  • 1
  • 2
Réponse 1 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 04:10
Salut,

---> Désinstalle Avast et installe Antivir (français et bien plus efficace ) :
http://dl1.avgate.net/down/windows/antivir_workstation_winu_fr_h.exe

---> Fais un scan rapide avec MBAM, supprime tout ce qu'il trouve et poste le rapport :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
0
Réponse 2 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 04:26
Voila, par contre ya mon systeme qui me dit aussi que j'ai 2851 virus o_O.

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1093
Windows 5.1.2600 Service Pack 2

04:25:21 29/08/2008
mbam-log-08-29-2008 (04-25-21).txt

Type de recherche: Examen rapide
Eléments examinés: 47742
Temps écoulé: 4 minute(s), 4 second(s)

Processus mémoire infecté(s): 2
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 21
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 16
Fichier(s) infecté(s): 79

Processus mémoire infecté(s):
C:\Program Files\rhceavj0e9d8\rhceavj0e9d8.exe (Rogue.Multiple) -> Unloaded process successfully.
C:\WINDOWS\system32\lphcaavj0e9d8.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Program Files\rhceavj0e9d8\msvcp71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhceavj0e9d8\MFC71.dll (Rogue.Multiple) -> Delete on reboot.
C:\Program Files\rhceavj0e9d8\msvcr71.dll (Rogue.Multiple) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhceavj0e9d8 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhceavj0e9d8 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhceavj0e9d8 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcaavj0e9d8 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\rhceavj0e9d8\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8\rhceavj0e9d8.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8\rhceavj0e9d8.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhceavj0e9d8\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phcaavj0e9d8.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphcaavj0e9d8.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphcaavj0e9d8.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Utilisateur\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
0
Réponse 3 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 04:29
"Voila, par contre ya mon systeme qui me dit aussi que j'ai 2851 virus o_O. "
---> C'est un rogue qui t'affiche ça. Dans ton cas, ça a l'air d'être Antivirus XP 2008 mais MBAM l'a supprimé.

---> Relance MBAM, va dans Quarantaine et supprime tout

---> Poste un nouveau rapport HijackThis
0
Réponse 4 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 04:37
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:36:51, on 29/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\lwzevqfa.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Utilisateur\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WebSrv] C:\WINDOWS\system32\lwzevqfa.exe
O4 - HKLM\..\Policies\Explorer\Run: [vflWjTRiLZ] C:\Documents and Settings\Utilisateur\Bureau\AdobeFlashPlayerHD.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O21 - SSODL: msgmon - {09A54591-0E31-323A-B579-099AFC998CD2} - C:\Program Files\cscjsne\msgmon.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 04:45
Important : Désactive TeaTimer, le résident de Spybot, il va gêner la désinfection en empêchant la modification des BHO.

---> Démarre Spybot, clique sur Mode, coche Mode avancé
---> A gauche, clique sur Outils, puis sur Résident
---> Décoche la case devant Résident "TeaTimer" :
http://apu.mabul.org/up/5/apu-5-gpdx9e06cwz2dypom2q7n6nc.jpg
---> Quitte Spybot

Note : Je te conseille de ne pas le réactiver, il a été incapable d'empêcher l'infection de ton PC.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 6 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 14:43
J'arrive pas a désactiver antivir..
0
Réponse 7 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 14:44
Clique droit sur le parapluie et tu désactives AntiVir Guard.
0
Réponse 8 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 14:47
lol autant pour moi j'ai cherché de partout sauf sous mon nez
0
Réponse 9 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 14:54
ComboFix 08-08-28.06 - Utilisateur 2008-08-29 14:49:25.4 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.491 [GMT 2:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Utilisateur\Application Data\macromedia\Flash Player\#SharedObjects\8V4TZTJR\bin.clearspring.com
C:\Documents and Settings\Utilisateur\Application Data\macromedia\Flash Player\#SharedObjects\8V4TZTJR\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Utilisateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Utilisateur\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 04:23 . 2008-08-29 04:23 <REP> d-------- C:\Program Files\Avira
2008-08-29 04:23 . 2008-08-29 04:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-29 03:27 . 2008-08-29 03:34 106,496 --a------ C:\WINDOWS\system32\201.tmp
2008-08-29 03:27 . 2008-08-29 03:31 106,496 --a------ C:\WINDOWS\system32\1FD.tmp
2008-08-29 03:16 . 2008-08-29 03:18 106,496 --a------ C:\WINDOWS\system32\1EE.tmp
2008-08-29 03:16 . 2008-08-29 03:18 106,496 --a------ C:\WINDOWS\system32\1ED.tmp
2008-08-29 03:16 . 2008-08-29 03:17 106,496 --a------ C:\WINDOWS\system32\1EC.tmp
2008-08-29 03:15 . 2008-08-29 03:15 <REP> d-------- C:\Program Files\cscjsne
2008-08-29 03:15 . 2008-08-29 03:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\mtetebsb
2008-08-29 03:15 . 2008-08-29 03:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\hghehqrk
2008-08-29 03:15 . 2008-08-29 03:15 94,208 --a------ C:\WINDOWS\system32\lwzevqfa.exe
2008-08-28 21:42 . 2008-08-28 21:42 <REP> d-------- C:\Program Files\CoupeFichier
2008-08-26 17:54 . 2008-08-26 17:54 <REP> d-------- C:\Program Files\The KMPlayer
2008-08-14 20:34 . 2008-08-14 20:34 <REP> d-------- C:\_OTMoveIt
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 22:32 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-13 22:32 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-13 19:27 . 2008-08-13 19:27 <REP> d-------- C:\Program Files\Unlocker
2008-08-13 19:27 . 2008-08-13 19:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Desktopicon
2008-08-09 17:08 . 2008-08-09 17:08 268 --ah----- C:\sqmdata10.sqm
2008-08-09 17:08 . 2008-08-09 17:08 244 --ah----- C:\sqmnoopt10.sqm
2008-08-07 22:14 . 2008-08-07 22:14 268 --ah----- C:\sqmdata09.sqm
2008-08-07 22:14 . 2008-08-07 22:14 244 --ah----- C:\sqmnoopt09.sqm
2008-08-07 20:35 . 2008-08-07 20:35 <REP> d-------- C:\Program Files\BestGameEver
2008-08-07 20:16 . 2008-08-07 20:16 268 --ah----- C:\sqmdata08.sqm
2008-08-07 20:16 . 2008-08-07 20:16 244 --ah----- C:\sqmnoopt08.sqm
2008-08-07 20:09 . 2008-08-07 20:09 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-07 20:05 . 2008-08-07 20:05 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DAEMON Tools
2008-08-07 20:05 . 2008-08-07 20:05 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 02:25 106,496 ----a-w C:\WINDOWS\system32\24D.tmp
2008-08-29 02:25 106,496 ----a-w C:\WINDOWS\system32\24C.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\24B.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\24A.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\249.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\248.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\247.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\246.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\245.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\244.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\243.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\242.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\241.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\240.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\23F.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\239.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\238.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\237.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\236.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\235.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\223.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\221.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\220.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\21F.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\21C.tmp
2008-08-29 02:18 106,496 ----a-w C:\WINDOWS\system32\21B.tmp
2008-07-23 11:53 44,584 ----a-w C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-11 15:57 --------- d-----w C:\Program Files\MSECache
2008-07-08 23:14 --------- d-----w C:\Program Files\Java
2008-07-08 23:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-07-01 16:37 --------- d-----w C:\Program Files\Worms
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-01 20:04 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-01 20:04 56 --sh--r C:\WINDOWS\system32\91B2903A2D.sys
.

((((((((((((((((((((((((((((( snapshot_2008-08-14_18.26.46.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 1998-07-12 18:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
+ 2008-05-09 11:15:48 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:30 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:54 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-11-08 17:03:26 21,248 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 1998-07-13 15:53:26 44,544 ----a-w C:\WINDOWS\system32\GIF89.DLL
+ 1998-07-12 18:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2008-08-14 12:31:42 12,913 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-08-29 12:20:20 12,913 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2000-10-01 18:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
+ 1999-03-25 18:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
+ 1998-07-12 18:00:00 15,872 ----a-w C:\WINDOWS\system32\WINSKFR.DLL
+ 2008-08-29 12:20:18 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_110.dat
+ 2008-08-29 12:20:50 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_fb8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 13:57 289088]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 17:02 490952]
"WebSrv"="C:\WINDOWS\system32\lwzevqfa.exe" [2008-08-29 03:15 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-05-02 21:20:52 114688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgmon"= {09A54591-0E31-323A-B579-099AFC998CD2} - C:\Program Files\cscjsne\msgmon.dll [2008-08-29 03:15 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\tyktjfww.exe
\Shell\explore\Command - F:\tyktjfww.exe
\Shell\open\Command - F:\tyktjfww.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66aee01c-64aa-11dd-8c4c-0016d4163e49}]
\Shell\AutoRun\command - F:\tyktjfww.exe
\Shell\explore\Command - F:\tyktjfww.exe
\Shell\open\Command - F:\tyktjfww.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - UBHELPER
.
- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-vflWjTRiLZ - C:\Documents and Settings\Utilisateur\Bureau\AdobeFlashPlayerHD.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\7yo75o6k.default\
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 14:51:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-29 14:52:31
ComboFix-quarantined-files.txt 2008-08-29 12:52:30
ComboFix4.txt 2008-08-13 22:26:32
ComboFix3.txt 2008-08-14 16:27:08
ComboFix2.txt 2008-08-14 16:39:12

Pre-Run: 8,496,807,936 octets libres
Post-Run: 8,490,385,408 octets libres

238 --- E O F --- 2008-08-14 01:06:08
0
Réponse 10 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 14:57
Il y a encore des cochonneries, on va y revenir mais peux-tu faire ceci :

---> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
Réponse 11 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 15:05
-----------\\ ToolBar S&D 1.1.6 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : AMD Turion(tm) 64 X2 Mobile Technology TL-50 )
BIOS : Ver 1.00PARTTBL
USER : Utilisateur ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.27 (Activated)

"C:\ToolBar SD" ( MAJ : 27-08-2008|23:35 )
Option : [1] ( 29/08/2008|15:02 )

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Utilisateur) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"


--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\UTILIS~1\Mes documents\Downloads\FFVII\FF7_Crack by Ni'' HoT.exe


-----------\\ Fin du rapport a 15:04:41,57
0
Réponse 12 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 15:11
---> Désinstalle ToolBar S&D

Je te fais un script.
0
Réponse 13 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 15:16
jvois pas comment le désintaller, dasn les programme il apparait pas, et dans ajout/suppression non plus.
0
Réponse 14 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 15:19
1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :





KillAll::

File::
C:\WINDOWS\system32\lwzevqfa.exe
C:\WINDOWS\system32\24D.tmp
C:\WINDOWS\system32\24C.tmp
C:\WINDOWS\system32\24B.tmp
C:\WINDOWS\system32\24A.tmp
C:\WINDOWS\system32\249.tmp
C:\WINDOWS\system32\248.tmp
C:\WINDOWS\system32\247.tmp
C:\WINDOWS\system32\246.tmp
C:\WINDOWS\system32\245.tmp
C:\WINDOWS\system32\244.tmp
C:\WINDOWS\system32\243.tmp
C:\WINDOWS\system32\242.tmp
C:\WINDOWS\system32\241.tmp
C:\WINDOWS\system32\240.tmp
C:\WINDOWS\system32\23F.tmp
C:\WINDOWS\system32\239.tmp
C:\WINDOWS\system32\238.tmp
C:\WINDOWS\system32\237.tmp
C:\WINDOWS\system32\236.tmp
C:\WINDOWS\system32\235.tmp
C:\WINDOWS\system32\223.tmp
C:\WINDOWS\system32\221.tmp
C:\WINDOWS\system32\220.tmp
C:\WINDOWS\system32\21F.tmp
C:\WINDOWS\system32\21C.tmp
C:\WINDOWS\system32\21B.tmp
F:\tyktjfww.exe


Folder::
C:\Documents and Settings\All Users\Application Data\mtetebsb
C:\Program Files\cscjsne
C:\Documents and Settings\All Users\Application Data\hghehqrk

Rootkit::
C:\sqmdata12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt08.sqm
C:\sqmdata09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmdata04.sqm
C:\sqmdata03.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebSrv"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSPY2002"=-
"PHIME2002ASync"=-
"PHIME2002A"=-
"IMJPMIG8.1"=-
"RTHDCPL"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgmon"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66aee01c-64aa-11dd-8c4c-0016d4163e49}]





---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 15 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 15:34
J'ai aussi des alerte récurrente de window qui me dit que j'ai un trojan, et toolbar j'arrive pas a le désinstaller.

ComboFix 08-08-28.06 - Utilisateur 2008-08-29 15:27:52.5 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.136 [GMT 2:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((( Fichiers créés 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 15:04 . 2008-08-29 15:04 3,814 --a------ C:\Documents and Settings\Orph.egd
2008-08-29 15:01 . 2008-08-29 15:01 <REP> d-------- C:\ToolBar SD
2008-08-29 04:23 . 2008-08-29 04:23 <REP> d-------- C:\Program Files\Avira
2008-08-29 04:23 . 2008-08-29 04:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-29 03:27 . 2008-08-29 03:34 106,496 --a------ C:\WINDOWS\system32\201.tmp
2008-08-29 03:27 . 2008-08-29 03:31 106,496 --a------ C:\WINDOWS\system32\1FD.tmp
2008-08-29 03:16 . 2008-08-29 03:18 106,496 --a------ C:\WINDOWS\system32\1EE.tmp
2008-08-29 03:16 . 2008-08-29 03:18 106,496 --a------ C:\WINDOWS\system32\1ED.tmp
2008-08-29 03:16 . 2008-08-29 03:17 106,496 --a------ C:\WINDOWS\system32\1EC.tmp
2008-08-29 03:15 . 2008-08-29 03:15 <REP> d-------- C:\Program Files\cscjsne
2008-08-29 03:15 . 2008-08-29 03:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\mtetebsb
2008-08-29 03:15 . 2008-08-29 03:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\hghehqrk
2008-08-29 03:15 . 2008-08-29 03:15 94,208 --a------ C:\WINDOWS\system32\lwzevqfa.exe
2008-08-28 21:42 . 2008-08-28 21:42 <REP> d-------- C:\Program Files\CoupeFichier
2008-08-26 17:54 . 2008-08-26 17:54 <REP> d-------- C:\Program Files\The KMPlayer
2008-08-14 20:34 . 2008-08-14 20:34 <REP> d-------- C:\_OTMoveIt
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 22:32 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-13 22:32 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-13 19:27 . 2008-08-13 19:27 <REP> d-------- C:\Program Files\Unlocker
2008-08-13 19:27 . 2008-08-13 19:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Desktopicon
2008-08-09 17:08 . 2008-08-09 17:08 268 --ah----- C:\sqmdata10.sqm
2008-08-09 17:08 . 2008-08-09 17:08 244 --ah----- C:\sqmnoopt10.sqm
2008-08-07 22:14 . 2008-08-07 22:14 268 --ah----- C:\sqmdata09.sqm
2008-08-07 22:14 . 2008-08-07 22:14 244 --ah----- C:\sqmnoopt09.sqm
2008-08-07 20:35 . 2008-08-07 20:35 <REP> d-------- C:\Program Files\BestGameEver
2008-08-07 20:16 . 2008-08-07 20:16 268 --ah----- C:\sqmdata08.sqm
2008-08-07 20:16 . 2008-08-07 20:16 244 --ah----- C:\sqmnoopt08.sqm
2008-08-07 20:09 . 2008-08-07 20:09 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-07 20:05 . 2008-08-07 20:05 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DAEMON Tools
2008-08-07 20:05 . 2008-08-07 20:05 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 02:25 106,496 ----a-w C:\WINDOWS\system32\24D.tmp
2008-08-29 02:25 106,496 ----a-w C:\WINDOWS\system32\24C.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\24B.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\24A.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\249.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\248.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\247.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\246.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\245.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\244.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\243.tmp
2008-08-29 02:24 106,496 ----a-w C:\WINDOWS\system32\242.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\241.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\240.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\23F.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\239.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\238.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\237.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\236.tmp
2008-08-29 02:23 106,496 ----a-w C:\WINDOWS\system32\235.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\223.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\221.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\220.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\21F.tmp
2008-08-29 02:21 106,496 ----a-w C:\WINDOWS\system32\21C.tmp
2008-08-29 02:18 106,496 ----a-w C:\WINDOWS\system32\21B.tmp
2008-07-23 11:53 44,584 ----a-w C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-11 15:57 --------- d-----w C:\Program Files\MSECache
2008-07-08 23:14 --------- d-----w C:\Program Files\Java
2008-07-08 23:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-07-01 16:37 --------- d-----w C:\Program Files\Worms
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-01 20:04 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-01 20:04 56 --sh--r C:\WINDOWS\system32\91B2903A2D.sys
.

((((((((((((((((((((((((((((( snapshot_2008-08-14_18.26.46.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 1998-07-12 18:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
+ 2008-05-09 11:15:48 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:30 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:54 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-11-08 17:03:26 21,248 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 1998-07-13 15:53:26 44,544 ----a-w C:\WINDOWS\system32\GIF89.DLL
+ 1998-07-12 18:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2008-08-14 12:31:42 12,913 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-08-29 12:20:20 12,913 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2000-10-01 18:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
+ 1999-03-25 18:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
+ 1998-07-12 18:00:00 15,872 ----a-w C:\WINDOWS\system32\WINSKFR.DLL
+ 2008-08-29 12:20:18 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_110.dat
+ 2008-08-29 12:20:50 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_fb8.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 13:57 289088]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 17:02 490952]
"WebSrv"="C:\WINDOWS\system32\lwzevqfa.exe" [2008-08-29 03:15 94208]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 05:00 455168]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 05:00 208952]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-17 23:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-03-27 11:37:58 45056]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2008-05-02 21:20:52 114688]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-28 22:31:38 241664]
D‚marrage rapide du logiciel HP Image Zone.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-05-28 23:06:36 53248]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgmon"= {09A54591-0E31-323A-B579-099AFC998CD2} - C:\Program Files\cscjsne\msgmon.dll [2008-08-29 03:15 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\tyktjfww.exe
\Shell\explore\Command - F:\tyktjfww.exe
\Shell\open\Command - F:\tyktjfww.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66aee01c-64aa-11dd-8c4c-0016d4163e49}]
\Shell\AutoRun\command - F:\tyktjfww.exe
\Shell\explore\Command - F:\tyktjfww.exe
\Shell\open\Command - F:\tyktjfww.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - UBHELPER
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 15:31:27
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-08-29 15:32:21
ComboFix-quarantined-files.txt 2008-08-29 13:32:16
ComboFix4.txt 2008-08-14 16:27:08
ComboFix3.txt 2008-08-14 16:39:12
ComboFix5.txt 2008-08-29 13:27:04
ComboFix2.txt 2008-08-29 12:52:34

Pre-Run: 6,601,080,832 octets libres
Post-Run: 6,583,222,272 octets libres

222 --- E O F --- 2008-08-14 01:06:08
0
Réponse 16 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 15:51
Tu as dû mal faire le CFScript, réessaie.
0
Réponse 17 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 16:19
ComboFix 08-08-28.06 - Utilisateur 2008-08-29 16:07:05.6 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.608 [GMT 2:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\21B.tmp
C:\WINDOWS\system32\21C.tmp
C:\WINDOWS\system32\21F.tmp
C:\WINDOWS\system32\220.tmp
C:\WINDOWS\system32\221.tmp
C:\WINDOWS\system32\223.tmp
C:\WINDOWS\system32\235.tmp
C:\WINDOWS\system32\236.tmp
C:\WINDOWS\system32\237.tmp
C:\WINDOWS\system32\238.tmp
C:\WINDOWS\system32\239.tmp
C:\WINDOWS\system32\23F.tmp
C:\WINDOWS\system32\240.tmp
C:\WINDOWS\system32\241.tmp
C:\WINDOWS\system32\242.tmp
C:\WINDOWS\system32\243.tmp
C:\WINDOWS\system32\244.tmp
C:\WINDOWS\system32\245.tmp
C:\WINDOWS\system32\246.tmp
C:\WINDOWS\system32\247.tmp
C:\WINDOWS\system32\248.tmp
C:\WINDOWS\system32\249.tmp
C:\WINDOWS\system32\24A.tmp
C:\WINDOWS\system32\24B.tmp
C:\WINDOWS\system32\24C.tmp
C:\WINDOWS\system32\24D.tmp
C:\WINDOWS\system32\lwzevqfa.exe
F:\tyktjfww.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\hghehqrk
C:\Documents and Settings\All Users\Application Data\mtetebsb
C:\Program Files\cscjsne
C:\Program Files\cscjsne\msgmon.dll
C:\WINDOWS\system32\21B.tmp
C:\WINDOWS\system32\21C.tmp
C:\WINDOWS\system32\21F.tmp
C:\WINDOWS\system32\220.tmp
C:\WINDOWS\system32\221.tmp
C:\WINDOWS\system32\223.tmp
C:\WINDOWS\system32\235.tmp
C:\WINDOWS\system32\236.tmp
C:\WINDOWS\system32\237.tmp
C:\WINDOWS\system32\238.tmp
C:\WINDOWS\system32\239.tmp
C:\WINDOWS\system32\23F.tmp
C:\WINDOWS\system32\240.tmp
C:\WINDOWS\system32\241.tmp
C:\WINDOWS\system32\242.tmp
C:\WINDOWS\system32\243.tmp
C:\WINDOWS\system32\244.tmp
C:\WINDOWS\system32\245.tmp
C:\WINDOWS\system32\246.tmp
C:\WINDOWS\system32\247.tmp
C:\WINDOWS\system32\248.tmp
C:\WINDOWS\system32\249.tmp
C:\WINDOWS\system32\24A.tmp
C:\WINDOWS\system32\24B.tmp
C:\WINDOWS\system32\24C.tmp
C:\WINDOWS\system32\24D.tmp
C:\WINDOWS\system32\lwzevqfa.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 15:04 . 2008-08-29 15:04 3,814 --a------ C:\Documents and Settings\Orph.egd
2008-08-29 15:01 . 2008-08-29 15:01 <REP> d-------- C:\ToolBar SD
2008-08-29 04:23 . 2008-08-29 04:23 <REP> d-------- C:\Program Files\Avira
2008-08-29 04:23 . 2008-08-29 04:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-29 03:27 . 2008-08-29 03:34 106,496 --a------ C:\WINDOWS\system32\201.tmp
2008-08-29 03:27 . 2008-08-29 03:31 106,496 --a------ C:\WINDOWS\system32\1FD.tmp
2008-08-29 03:16 . 2008-08-29 03:18 106,496 --a------ C:\WINDOWS\system32\1EE.tmp
2008-08-29 03:16 . 2008-08-29 03:18 106,496 --a------ C:\WINDOWS\system32\1ED.tmp
2008-08-29 03:16 . 2008-08-29 03:17 106,496 --a------ C:\WINDOWS\system32\1EC.tmp
2008-08-28 21:42 . 2008-08-28 21:42 <REP> d-------- C:\Program Files\CoupeFichier
2008-08-26 17:54 . 2008-08-26 17:54 <REP> d-------- C:\Program Files\The KMPlayer
2008-08-14 20:34 . 2008-08-14 20:34 <REP> d-------- C:\_OTMoveIt
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 22:32 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-13 22:32 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-13 19:27 . 2008-08-13 19:27 <REP> d-------- C:\Program Files\Unlocker
2008-08-13 19:27 . 2008-08-13 19:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Desktopicon
2008-08-09 17:08 . 2008-08-09 17:08 268 --ah----- C:\sqmdata10.sqm
2008-08-09 17:08 . 2008-08-09 17:08 244 --ah----- C:\sqmnoopt10.sqm
2008-08-07 22:14 . 2008-08-07 22:14 268 --ah----- C:\sqmdata09.sqm
2008-08-07 22:14 . 2008-08-07 22:14 244 --ah----- C:\sqmnoopt09.sqm
2008-08-07 20:35 . 2008-08-07 20:35 <REP> d-------- C:\Program Files\BestGameEver
2008-08-07 20:16 . 2008-08-07 20:16 268 --ah----- C:\sqmdata08.sqm
2008-08-07 20:16 . 2008-08-07 20:16 244 --ah----- C:\sqmnoopt08.sqm
2008-08-07 20:09 . 2008-08-07 20:09 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-07 20:05 . 2008-08-07 20:05 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DAEMON Tools
2008-08-07 20:05 . 2008-08-07 20:05 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 11:53 44,584 ----a-w C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-11 15:57 --------- d-----w C:\Program Files\MSECache
2008-07-08 23:14 --------- d-----w C:\Program Files\Java
2008-07-08 23:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-07-01 16:37 --------- d-----w C:\Program Files\Worms
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-01 20:04 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-01 20:04 56 --sh--r C:\WINDOWS\system32\91B2903A2D.sys
.

((((((((((((((((((((((((((((( snapshot_2008-08-14_18.26.46.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 1998-07-12 18:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
+ 2008-05-09 11:15:48 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:30 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:54 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-11-08 17:03:26 21,248 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 1998-07-13 15:53:26 44,544 ----a-w C:\WINDOWS\system32\GIF89.DLL
+ 1998-07-12 18:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2008-08-14 12:31:42 12,913 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-08-29 14:11:16 12,913 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2000-10-01 18:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
+ 1999-03-25 18:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
+ 1998-07-12 18:00:00 15,872 ----a-w C:\WINDOWS\system32\WINSKFR.DLL
+ 2008-08-29 14:11:14 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_108.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 13:57 289088]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 17:02 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\tyktjfww.exe
\Shell\explore\Command - F:\tyktjfww.exe
\Shell\open\Command - F:\tyktjfww.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-WebSrv - C:\WINDOWS\system32\lwzevqfa.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 16:11:40
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\WINDOWS\SYSTEM32\TABLET.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRAM FILES\LAUNCH MANAGER\LMANAGER.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\ACER\EMPOWERING TECHNOLOGY\ACER.EMPOWERING.FRAMEWORK.LAUNCHER.EXE
C:\WINDOWS\SYSTEM32\WTABLET\TABUSERW.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 16:16:16 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 14:16:14
ComboFix4.txt 2008-08-14 16:39:12
ComboFix5.txt 2008-08-29 14:06:06
ComboFix3.txt 2008-08-29 12:52:34
ComboFix2.txt 2008-08-29 13:32:24

Pre-Run: 9,112,977,408 octets libres
Post-Run: 9,088,434,176 octets libres

262 --- E O F --- 2008-08-14 01:06:08
0
Réponse 18 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 16:25
1/

---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :




KillAll::

File::
C:\WINDOWS\system32\201.tmp
C:\WINDOWS\system32\1FD.tmp
C:\WINDOWS\system32\1EE.tmp
C:\WINDOWS\system32\1ED.tmp
C:\WINDOWS\system32\1EC.tmp
C:\sqmdata12.sqm
C:\sqmdata11.sqm
C:\sqmnoopt12.sqm
C:\sqmnoopt11.sqm
C:\sqmdata10.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt08.sqm
C:\sqmdata09.sqm
C:\sqmdata08.sqm
C:\sqmnoopt07.sqm
C:\sqmdata07.sqm
C:\sqmnoopt06.sqm
C:\sqmdata06.sqm
C:\sqmnoopt05.sqm
C:\sqmdata05.sqm
C:\sqmdata04.sqm
C:\sqmdata03.sqm
C:\sqmdata02.sqm
C:\sqmdata01.sqm
C:\sqmdata00.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt00.sqm

Folder::
C:\ToolBar SD

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]




---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : CFScript
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

---> Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture :
http://www.searchengines.pl/phpbb203/pliki/picasso/virus/programs/combofix/combofix_cfscript.gif

[*] Une fenêtre bleue va apparaître : au message qui apparaît, tu acceptes.

[*] Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal !
Ne touche à rien tant que le scan n'est pas terminé.

[*] Une fois le scan achevé, un rapport va s'afficher : poste-le

[*] Si le fichier ne s'ouvre pas, il se trouve ici C:\ComboFix.txt
0
Réponse 19 / 32
Maca87 Messages postés 30 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 30 août 2008
29 août 2008 à 16:55
ComboFix 08-08-28.06 - Utilisateur 2008-08-29 16:43:29.7 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.568 [GMT 2:00]
Endroit: C:\Documents and Settings\Utilisateur\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\Utilisateur\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmdata11.sqm
C:\sqmdata12.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\sqmnoopt11.sqm
C:\sqmnoopt12.sqm
C:\WINDOWS\system32\1EC.tmp
C:\WINDOWS\system32\1ED.tmp
C:\WINDOWS\system32\1EE.tmp
C:\WINDOWS\system32\1FD.tmp
C:\WINDOWS\system32\201.tmp
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\sqmdata00.sqm
C:\sqmdata01.sqm
C:\sqmdata02.sqm
C:\sqmdata03.sqm
C:\sqmdata04.sqm
C:\sqmdata05.sqm
C:\sqmdata06.sqm
C:\sqmdata07.sqm
C:\sqmdata08.sqm
C:\sqmdata09.sqm
C:\sqmdata10.sqm
C:\sqmnoopt00.sqm
C:\sqmnoopt01.sqm
C:\sqmnoopt02.sqm
C:\sqmnoopt03.sqm
C:\sqmnoopt04.sqm
C:\sqmnoopt05.sqm
C:\sqmnoopt06.sqm
C:\sqmnoopt07.sqm
C:\sqmnoopt08.sqm
C:\sqmnoopt09.sqm
C:\sqmnoopt10.sqm
C:\ToolBar SD
C:\ToolBar SD\Autrinf.cmd
C:\ToolBar SD\Back.cmd
C:\ToolBar SD\Changelog ToolBar.txt
C:\ToolBar SD\Crack.txt
C:\ToolBar SD\DemP.cmd
C:\ToolBar SD\DirectFix.cmd
C:\ToolBar SD\Discl_en.vbs
C:\ToolBar SD\Discl_fr.vbs
C:\ToolBar SD\Fich.cmd
C:\ToolBar SD\FixExt.cmd
C:\ToolBar SD\Kill.cmd
C:\ToolBar SD\Langues.cmd
C:\ToolBar SD\OS_v.vbs
C:\ToolBar SD\paths.bat
C:\ToolBar SD\pv.exe
C:\ToolBar SD\Rech.cmd
C:\ToolBar SD\RegP2.txt
C:\ToolBar SD\RegP3.txt
C:\ToolBar SD\RegP4.txt
C:\ToolBar SD\RegP5.txt
C:\ToolBar SD\RegPCU.txt
C:\ToolBar SD\RegPLM.txt
C:\ToolBar SD\RegTBSD.reg
C:\ToolBar SD\RKit.lsd
C:\ToolBar SD\RoGUeS.lsd
C:\ToolBar SD\sed.exe
C:\ToolBar SD\setpath.exe
C:\ToolBar SD\ToolBarSD.cmd
C:\ToolBar SD\ToolBarSD.ico
C:\ToolBar SD\Uninstal.exe
C:\WINDOWS\system32\1EC.tmp
C:\WINDOWS\system32\1ED.tmp
C:\WINDOWS\system32\1EE.tmp
C:\WINDOWS\system32\1FD.tmp
C:\WINDOWS\system32\201.tmp

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

2008-08-29 15:04 . 2008-08-29 15:04 3,814 --a------ C:\Documents and Settings\Orph.egd
2008-08-29 04:23 . 2008-08-29 04:23 <REP> d-------- C:\Program Files\Avira
2008-08-29 04:23 . 2008-08-29 04:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-08-28 21:42 . 2008-08-28 21:42 <REP> d-------- C:\Program Files\CoupeFichier
2008-08-26 17:54 . 2008-08-26 17:54 <REP> d-------- C:\Program Files\The KMPlayer
2008-08-14 20:34 . 2008-08-14 20:34 <REP> d-------- C:\_OTMoveIt
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Malwarebytes
2008-08-13 22:32 . 2008-08-13 22:32 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-13 22:32 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-13 22:32 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-13 19:27 . 2008-08-13 19:27 <REP> d-------- C:\Program Files\Unlocker
2008-08-13 19:27 . 2008-08-13 19:27 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\Desktopicon
2008-08-07 20:35 . 2008-08-07 20:35 <REP> d-------- C:\Program Files\BestGameEver
2008-08-07 20:09 . 2008-08-07 20:09 <REP> d-------- C:\Program Files\DAEMON Tools Lite
2008-08-07 20:05 . 2008-08-07 20:05 <REP> d-------- C:\Documents and Settings\Utilisateur\Application Data\DAEMON Tools
2008-08-07 20:05 . 2008-08-07 20:05 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 11:53 44,584 ----a-w C:\Documents and Settings\Utilisateur\Application Data\GDIPFONTCACHEV1.DAT
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-11 15:57 --------- d-----w C:\Program Files\MSECache
2008-07-08 23:14 --------- d-----w C:\Program Files\Java
2008-07-08 23:11 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll
2008-07-01 16:37 --------- d-----w C:\Program Files\Worms
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 08:28 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:21 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:21 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-01 20:04 952 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-05-01 20:04 56 --sh--r C:\WINDOWS\system32\91B2903A2D.sys
.

((((((((((((((((((((((((((((( snapshot_2008-08-14_18.26.46.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 1998-07-12 18:00:00 32,768 ----a-w C:\WINDOWS\system32\CMDLGFR.DLL
+ 2008-05-09 11:15:48 45,376 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2008-01-21 16:11:30 22,336 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-06-27 13:03:54 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-11-08 17:03:26 21,248 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
+ 1998-07-13 15:53:26 44,544 ----a-w C:\WINDOWS\system32\GIF89.DLL
+ 1998-07-12 18:00:00 141,312 ----a-w C:\WINDOWS\system32\MSCMCFR.DLL
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2008-08-14 12:31:42 12,913 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2008-08-29 14:47:10 12,913 ----a-w C:\WINDOWS\system32\tablet.dat
+ 2000-10-01 18:00:00 119,568 ----a-w C:\WINDOWS\system32\VB6FR.DLL
+ 1999-03-25 18:00:00 101,888 ----a-w C:\WINDOWS\system32\VB6STKIT.DLL
+ 1998-07-12 18:00:00 15,872 ----a-w C:\WINDOWS\system32\WINSKFR.DLL
+ 2008-08-29 14:47:08 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_dc.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-09 13:57 289088]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-07-24 17:02 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-14 22:35 53248]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-04-27 12:10 151552]
"ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 17:15 45056]
"Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 16:39 204800]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-05-30 12:11 421888]
"Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 22:12 579584]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-06-23 06:59 602112]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 06:15 15872]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\PROGRA~1\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=

S2 eLock2BurnerLockDriver;eLock2BurnerLockDriver;C:\WINDOWS\system32\eLock2BurnerLockDriver.sys []
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;C:\WINDOWS\system32\eLock2FSCTLDriver.sys []
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-05 05:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - tyktjfww.exe
\Shell\explore\Command -
\Shell\open\Command -
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 16:47:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Unlocker\UnlockerHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\ACER\EMPOWERING TECHNOLOGY\EPERFORMANCE\MEMCHECK.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLCAPSVC.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVER.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\CLML_NTSERVICE\CLMLSERVICE.EXE
C:\PROGRAM FILES\FICHIERS COMMUNS\LIGHTSCRIBE\LSSRVC.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\WINDOWS\SYSTEM32\TABLET.EXE
C:\PROGRAM FILES\ACER\ACER ARCADE\KERNEL\TV\CLSCHED.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRAM FILES\LAUNCH MANAGER\LMANAGER.EXE
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\READER\READER_SL.EXE
C:\ACER\EMPOWERING TECHNOLOGY\ACER.EMPOWERING.FRAMEWORK.LAUNCHER.EXE
C:\WINDOWS\SYSTEM32\WTABLET\TABUSERW.EXE
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQGALRY.EXE
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 16:51:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 14:51:38
ComboFix5.txt 2008-08-29 14:42:52
ComboFix4.txt 2008-08-29 12:52:34
ComboFix3.txt 2008-08-29 13:32:24
ComboFix2.txt 2008-08-29 14:16:18

Pre-Run: 9,035,448,320 octets libres
Post-Run: 9,009,561,600 octets libres

282 --- E O F --- 2008-08-14 01:06:08
0
Réponse 20 / 32
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 août 2008 à 20:30
---> Clique sur Démarrer, Exécuter, tape notepad clique sur OK.

---> Copie le texte ci-dessous par sélection puis Ctrl+C :




Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]




---> Colle la sélection dans le bloc-notes

---> Enregistre ce fichier sur le bureau (Impératif)

---> Nom du fichier : Fix.reg
---> Type du fichier : tous les fichiers
---> Clique sur Enregistrer
---> Quitte le bloc-notes


2/

Utilisation du fichier : fix.reg :
Double-clique sur le fichier (Bureau) / Accepte l'avertissement concernant la fusion / ne pas s'étonner de ne rien voir / valide le message disant que la fusion est terminée.
0

Discussions similaires

Problème avec "PUADIManager:Win32/OfferCore
Knaki -
bazfile -

3 réponses
Menaces HackTool:Win32
LeMax5993 -
lisa4777 -

4 réponses
Detection PUA: win32 Installcore
Nat -
bazfile -

13 réponses
PUABundler:Win32/CandyOpen : dangereux ?
joubine -
bazfile -

2 réponses
infecté par HackTool:Win32/AutoKMS
fredo1968 -
fredo1968 -

5 réponses