probleme privacyremover et virtumonde

Question

Salut,
 je suis infecté par plusieurs virus ou spyware, j'aurai besoin de quelques conseils, voici le rapport malwarebytes:

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1103
Windows 5.1.2600 Service Pack 2

16:34:17 01/09/2008
mbam-log-09-01-2008 (16-34-02).txt

Type de recherche: Examen rapide
Eléments examinés: 75597
Temps écoulé: 9 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 22
Fichier(s) infecté(s): 84

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\5636b6af (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\5636b6af (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zpeceu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\shcttcj0e1ce (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWAREhcvtcj0e1ce (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\shcttcj0e1ce (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcrtcj0e1ce (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcvtcj0e1ce (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\NetworkService.AUTORITE NT.001\Application Datahcvtcj0e1ce\Quarantine\Packages (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lea\Application Datahcvtcj0e1ce\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\5636b6af.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\bio07.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\blphcrtcj0e1ce.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\drivers\hou20.sys.vir (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\lry20.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\mta17.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\mta20.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\mub06.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers
ub17.sys.vir (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\ovd06.sys.vir (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\driversyf17.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\sag06.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\sag64.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winah85.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winbh30.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winel30.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winhn64.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winhn85.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winhr33.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winjs86.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winub85.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winub86.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winvc18.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winvd28.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winwd41.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winwe64.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\winyf18.sys.vir (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\xfl18.sys.vir (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\xfl28.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\xfl64.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\zpeceu.dll (Trojan.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc15.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc19.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc2.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc22.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc23.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc24.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc26.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc29.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc3.vir (Trojan.FakeAlert) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc34.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc36.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc37.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc46.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc47.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc48.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc49.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc50.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc51.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc52.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc53.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc54.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc55.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc56.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc57.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc58.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc59.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc60.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc61.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc62.vir (Rootkit.Agent) -> No action taken.
C:\RECYCLER\S-1-5-21-1229272821-152049171-854245398-1011\Dc65.vir (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\7594D812.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\vwr1.tmp (Trojan.Peed) -> No action taken.
C:\Documents and Settings\LocalService.AUTORITE NT.001\Local Settings\Temporary Internet Files\Content.IE5\O16B452R\sysftp[1].exe (Trojan.Agent) -> No action taken.
C:\Program Files\Mozilla Firefox\setupapi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\lphcrtcj0e1ce.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcrtcj0e1ce.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphcrtcj0e1ce.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\lea\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\WINDOWS\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.

Puis-je supprimer tous ces fichiers sans soucis? Quelles autres actions entreprendre? Je tourne sur win XP Sp2.
Merci d'avance.

chimay8 · Answer

salut,
ok, supprime

ensuite

- Télécharge HiJackThis.zip de Merijn sur ton bureau. 
- Dézippe le dans un dossier prévu à cet effet. 
** exemple C:\hijackthis < Enregistre le bien dans c : !   

- Double-clique dessus
- Génère un rapport en suivant ces indications :
- Exécute le et clique sur "Do a scan and save log file".
- Le rapport s'ouvre sur le Bloc-Note.
- Colle le rapport ici, pour cela :
- Menu Edition / Selectionner Tout
- Menu Edition / copier
- Ici dans un nouveau message : clic droit / coller
Aide : N'hésite pas à consulter l'aide HiJackThis de Malekal_morte   
En image 

- Une fois installé, le renommer HJT.exe pour contrer une éventuelle infection de vundo

archet9 · Answer

ds MAM
clic sur spprimer la selection
il y en a effectivement 1paquet....
esuite ceci:
Commence par poster un rapport HijackThis stp, 
>Télécharge HiJackThis : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis 
- Lance le programme, puis sélectionne < do a system scan and save a logfile > 
- Enregistre le rapport sur ton bureau. 
Et envoie, par copier/coller, ton log Hijackthis sur le forum, 


A+ 

Tuto : si problème : http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

comakepi · Answer

J'ai surtout peur de supprimer les drivers dans system32. Aidez-moi!

chimay8 · Answer

non,aucune crainte

comakepi · Answer

Voila le rapport hitjack:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:13:07, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Hitjackthis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [DaemonUI] C:\Program Files\DaemonUI\DaemonUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Glock Suite 1.1] C:\WINDOWS\system32\glock32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [patch Piratrax] C:\Program Files\Piratrax\patch.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O21 - SSODL: wZYaRtRWQWJ - {1CC099CD-B66A-3367-AA4F-C42A57F64FB8} - C:\WINDOWS\system32\ciga.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

chimay8 · Answer

tu as supprimé ce que MBAM a trouvé??

ensuite

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau. 
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 

* Lance l'installation du programme en exécutant le fichier téléchargé. 
* Double-clique sur le raccourci de Toolbar-S&D. 
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis valide avec la touche "Entrée". 
* Choisis l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche. 
* Poste le rapport généré. (C:\TB.txt)

comakepi · Answer

Oui j'ai supprimé les fichiers detectés par MBAM, voici te rapport TB:


   -----------\  ToolBar S&D 1.1.6   XP/Vista

   Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
   X86-based PC ( Uniprocessor Free : AMD Duron(tm) Processor )
   BIOS : Default System BIOS
   USER : lea ( Administrator )
   BOOT : Fail-safe with network boot
   Antivirus : AntiVir PersonalEdition Classic 6.33.0.125 (Activated)

   "C:\ToolBar SD" ( MAJ : 30-08-2008|00:19 )
   Option : [1] ( 01/09/2008|17:22 )

   -----------\  Recherche de Fichiers / Dossiers ...

   C:\DOCUME~1\lea\Cookies\lea@www.tabcrawler[2].txt
   C:\Program Files\P2P_Torrent
   C:\Program Files\P2P_Torrent\INSTALL.LOG
   C:\Program Files\P2P_Torrent	bP2P0.dll
   C:\Program Files\P2P_Torrent	bP2P_.dll
   C:\Program Files\P2P_Torrent	oolbar.cfg
   C:\Program Files\P2P_Torrent\UNWISE.EXE
   C:\DOCUME~1\lea\MENUDM~1\PROGRA~1\WhenU
   C:\Program Files\Fichiers communs\WhenU
   C:\Program Files\Fichiers communs\WhenU\S3.dll

   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\WINDOWS\system32\blank.htm"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Search Page"="https://www.google.com/?gws_rd=ssl"
   "Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Default_Page_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
   "Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


   --------------------\  Recherche d'autres infections

   C:\WINDOWS\exefld
   [b]==> BAGLE <==/b
 
   --------------------\  ROGUES ..

   C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Antivirus XP 2008
   C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Antivirus XP 2008.lnk

   --------------------\  Cracks & Keygens ..

   C:\DOCUME~1\lea\Application Data\uTorrent\Cracks_the_sims_complete.torrent
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - Premier Crackage.jpg
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-02- Bienvenue.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-03- A qu'c'est bon.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-04- Je m'suis fait une crete.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-05- Douce France.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-06- Liberterre.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-07- Manifeste.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-08- Mort a la guerre.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-09- Psychiatrie.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-10- Roger.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-11- Envois sa soeur.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\Les Vieilles Salopes\Vieilles Salopes (Les) - [2001 - Premier Crackage]\Vieilles Salopes (Les) - [2001-Premier Crackage]-12- Utopie.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu\mad sin\Mad_Sin-20_Years_in_Sin_Sin-2CD-2007-JUST\111-mad_sin-crack_in_the_box.mp3
   C:\DOCUME~1\lea\Mes documents\Ma musique\Artiste inconnu	oy dolls\Toy Dolls-discografia - 15 cdïs-\10-Fat Bobïs Feet-1991\06-Toy_Dolls-Olga_Crack_Corn!.mp3
   C:\DOCUME~1\lea\Recent\crack.lnk



   1 - "C:\ToolBar SD\TB_1.txt" - 01/09/2008|17:24 - Option : [1]

   -----------\  Fin du rapport a 17:24:31,51

comakepi · Answer

Est'ce que tu sais quels fichier je peux "fix checked" avec HJT?

chimay8 · Answer

aïe,aïe,aïe
ça, c'est pas bon...

--------------------\ Recherche d'autres infections

C:\WINDOWS\exefld
[b]==> BAGLE <==/b

--------------------\ ROGUES ..( on l'aura après)

C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Antivirus XP 2008
C:\DOCUME~1\ALLUSE~1.WIN\MENUDM~1\PROGRA~1\Antivirus XP 2008.lnk


Bagle arrive plus que souvent avec des cracks pourris ---->faut les virer!! !!tous!! sinon,il risque de se relancer au démarrage de ta machine...

Télécharge OTMoveIt2( de Old Timer ) 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
Une fois téléchargé double-clique sur OTMoveIt2.exe pour le lancer. 
Assure toi que la case "Unregister Dll's and Ocx's" est cochée 
Copie les lignes en gras qui se trouvent en dessous : 

C:\WINDOWS\exefld 

et colle-les dans le cadre de gauche de OTMoveIt : "Paste List Of Files/Folders to Move." 
Clique sur "MoveIt!" pour lancer la suppression. 
Le résultat apparaitra dans le cadre "Results". 
Clique sur Exit pour fermer. 
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 
 -Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même ) 

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître, dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches. 
Puis rends toi sur l'onglet "Processus". Clique en haut à gauche sur "Fichiers" et choisis "Exécuter" 
Tape "explorer.exe"(sans les guillemèts) et valide. Cela fera réapparaître le Bureau. 

ensuite,on essaye comme ça d'abord,

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 
et sauvegarde le sur ton bureau et pas ailleurs! 

**Désactive les logiciels de protection** (Antivirus, Antispywares) puis : 
deconnecte toi d'internet,ferme tout les programmes 

Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider. 
ne touche plus à rien même pas ta souris!! 
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport. 

Copie/colle un nouveau rapport HiJackThis avec.

comakepi · Answer

Voila pour OT, je lance combo fix:

C:\WINDOWS\exefld moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 09012008_174909

comakepi · Answer

rapport HTJ:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:25:11, on 01/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Hitjackthis\HJT.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Glock Suite 1.1] C:\WINDOWS\system32\glock32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Piratrax] C:\Program Files\Piratrax\piratrax.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\RunOnce: [patch Piratrax] C:\Program Files\Piratrax\patch.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32
wprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: avast! iAVS4 Control Service (aswupdsv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus (avast! antivirus) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner (avast! mail scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner (avast! web scanner) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

chimay8 · Answer

manque le rapport combo

comakepi · Answer

5 fois que je la poste, mais probleme avec le forum, il m'a meme dit que cette discussion n'existait pas!!

chimay8 · Answer

oui,ca bug un peu
j'ai bien toutes mes interventions qui ont disparu....pas cool du tout!!

essaye de poster dans dix minutes

noctambule28 · Answer

il est là le rapport combo ********************* ComboFix 08-08-31.01 - lea 2008-09-01 17:56:17.1 - NTFSx86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.398 [GMT 2:00] Endroit: C:\Documents and Settings\lea\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Antivirus XP 2008 C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Antivirus XP 2008.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk C:\Documents and Settings\lea\Application Data\macromedia\Flash Player\#SharedObjects\B4VTFM8V\bin.clearspring.com C:\Documents and Settings\lea\Application Data\macromedia\Flash Player\#SharedObjects\B4VTFM8V\bin.clearspring.com\clearspring.sol C:\Documents and Settings\lea\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com C:\Documents and Settings\lea\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol C:\Documents and Settings\lea\Cookies\lea@clicktorrent[1].txt C:\Documents and Settings\lea\Cookies\lea@clicktorrent[2].txt C:\Documents and Settings\lea\Cookies\lea@edt02[1].txt C:\Documents and Settings\lea\Local Settings\Temporary Internet Files\RoE.dat C:\Program Files\Fichiers communs\WinSoftware C:\WINDOWS\system32\B.tmp C:\WINDOWS\system32\C.tmp C:\WINDOWS\system32\Cache C:\WINDOWS\system32\D.tmp C:\WINDOWS\system32\drivers\agn41.sys C:\WINDOWS\system32\drivers\cjp53.sys C:\WINDOWS\system32\drivers\dkq63.sys C:\WINDOWS\system32\drivers\elr75.sys C:\WINDOWS\system32\drivers\fms75.sys C:\WINDOWS\system32\drivers\fmt63.sys C:\WINDOWS\system32\drivers\fmt74.sys C:\WINDOWS\system32\drivers\gnt30.sys C:\WINDOWS\system32\drivers\gnt74.sys C:\WINDOWS\system32\drivers\gnu85.sys C:\WINDOWS\system32\drivers\lsa41.sys C:\WINDOWS\system32\drivers\msa52.sys C:\WINDOWS\system32\drivers yf06.sys C:\WINDOWS\system32\drivers yf42.sys C:\WINDOWS\system32\drivers\ucj74.sys C:\WINDOWS\system32\drivers\wek06.sys C:\WINDOWS\system32\drivers\wel74.sys C:\WINDOWS\system32\drivers\xfl85.sys C:\WINDOWS\system32\F.tmp . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AGN41 -------\Legacy_CJP53 -------\Legacy_DKQ63 -------\Legacy_ELR75 -------\Legacy_FMS75 -------\Legacy_FMT63 -------\Legacy_FMT74 -------\Legacy_GNT30 -------\Legacy_GNT74 -------\Legacy_GNU85 -------\Legacy_LSA41 -------\Legacy_MSA52 -------\Legacy_RYF06 -------\Legacy_RYF42 -------\Legacy_TCPSR -------\Legacy_UCJ74 -------\Legacy_WEK06 -------\Legacy_WEL74 -------\Legacy_XFL85 -------\Service_agn41 -------\Service_cjp53 -------\Service_dkq63 -------\Service_elr75 -------\Service_fms75 -------\Service_fmt63 -------\Service_fmt74 -------\Service_gnt30 -------\Service_gnt74 -------\Service_gnu85 -------\Service_lsa41 -------\Service_msa52 -------\Service_ryf06 -------\Service_ryf42 -------\Service_ucj74 -------\Service_wek06 -------\Service_wel74 -------\Service_xfl85 ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))))))) . 2008-09-01 17:49 . 2008-09-01 17:49 d-------- C:\_OTMoveIt 2008-09-01 17:23 . 2008-09-01 17:23 2,942 --a------ C:\Documents and Settings\Orph.egd 2008-09-01 17:22 . 2008-09-01 17:24 d-------- C:\ToolBar SD 2008-09-01 17:11 . 2008-09-01 17:15 d-------- C:\Program Files\Hitjackthis 2008-09-01 11:31 . 2004-08-04 01:32 468,517 -ra------ C: xtsetup.sif 2008-09-01 11:31 . 2004-08-03 23:00 263,488 -ra------ C:\$LDR$ 2008-09-01 11:30 . 2008-09-01 11:31 d-------- C:\$WIN_NT$.~BT 2008-09-01 11:23 . 2004-08-04 00:55 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe 2008-09-01 11:23 . 2004-08-04 00:55 57,856 --a--c--- C:\WINDOWS\system32\dllcache\spoolsv.exe 2008-08-29 23:44 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-23 18:02 . 2008-08-24 11:08 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-01 14:07 --------- d-----w C:\Program Files\Wanadoo 2008-09-01 13:21 --------- d-----w C:\Program Files\Microsoft AntiSpyware 2008-09-01 09:05 --------- d-----w C:\Program Files\eMule 2008-08-31 13:04 --------- d-----w C:\Program Files\Piratrax 2008-08-30 10:22 --------- d-----w C:\Program Files\Alwil Software 2008-08-30 07:51 --------- d-----w C:\Program Files\uTorrent 2008-08-30 07:22 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-24 15:40 --------- d-----w C:\Documents and Settings\lea\Application Data\uTorrent 2008-08-17 13:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-07-14 07:44 --------- d-----w C:\Documents and Settings\lea\Application Data\Malwarebytes 2008-07-14 07:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-01-23 16:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-03-14 21:49 213 -c--a-w C:\Program Files\INSTALL.LOG 2006-02-21 08:37 2,338,067 ----a-w C:\Program Files\xanadusetup.exe 2006-02-20 08:22 9,192,136 ----a-w C:\Program Files\INSTALL_MSN_MESSENGER_NT.EXE 2004-04-14 20:57 33,792 ----a-w C:\Documents and Settings\Realone player\Activator31.exe 2004-03-24 20:14 10,196,336 ----a-w C:\Documents and Settings\Realone player\RealPlayer10GOLD.exe 2004-01-07 04:51 5,471 -c--a-w C:\Program Files bu-php.nfo 2004-01-01 14:14 596 -c--a-w C:\Program Files\setup.ini 2004-01-01 14:14 563 -c--a-w C:\Program Files\layout.bin 2004-01-01 14:14 540,056 -c--a-w C:\Program Files\Setup.bmp 2004-01-01 14:14 517,155 -c--a-w C:\Program Files\setup.inx 2004-01-01 14:14 420,432 -c--a-w C:\Program Files\engine32.cab 2004-01-01 14:14 392,284 -c--a-w C:\Program Files\setup.boot 2004-01-01 14:14 243,858 -c--a-w C:\Program Files\setup.skin 2004-01-01 14:14 165 -c--a-w C:\Program Files\setup.iss 2004-01-01 14:14 157,608,569 -c--a-w C:\Program Files\data2.cab 2004-01-01 14:13 5,791 -c--a-w C:\Program Files\Abcpy.ini 2004-01-01 14:13 430,319 -c--a-w C:\Program Files\data1.hdr 2004-01-01 14:13 2,280,745 -c--a-w C:\Program Files\data1.cab . ------- Sigcheck ------- 2004-08-04 00:55 17408 24b639058333ddabe8ab128ed71dfd20 C:\WINDOWS\system32\svchost.exe 2004-08-04 00:55 510464 d615aaa55cd3c2e92e91fe1cf26c09cf C:\WINDOWS\system32\winlogon.exe 2004-08-04 00:54 1038848 7da3710f8fb5f6ad478009392627ebb8 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe 2004-08-04 00:55 110592 5438cedfda6cf4ae1203547b6adb7d37 C:\WINDOWS\system32\services.exe 2004-08-04 00:54 14848 185cdc453e6498512040707794b7b510 C:\WINDOWS\system32\lsass.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 16:19 68856] "Piratrax"="C:\Program Files\Piratrax\piratrax.exe" [2008-03-23 14:20 3461632] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "patch Piratrax"="C:\Program Files\Piratrax\patch.exe" [2008-03-23 14:20 400384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 13:12 473928] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-02-10 18:52 180269] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-05-13 17:11 1397760] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35 327720] "Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-04 00:54 13312] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008] "MsmqIntCert"="mqrt.dll" [2004-08-04 00:54 177152 C:\WINDOWS\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 22:32 8699904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"= 1 (0x1) "NoDispScrSavPage"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Agn41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\biO07.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cjp53.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cjq28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dkq20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dkq63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Elr75.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fms75.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fms86.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fmt63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fmt74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnt30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnt74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnu85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hoU20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ipv06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ipv52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ipw74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrY20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lsa41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Msa52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mtA17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mtA20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\muB06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ntb52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal uB17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nub30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nub74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovD06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pel42.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwe20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxf63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ryf06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal yF17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ryf42.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saG06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saG64.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh18.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ubi28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uci17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ucI28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uci42.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ucj74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wek06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wel74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winah85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbh30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhn64.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhn85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhr33.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjs86.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winub85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winub86.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvc18.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvd28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwe64.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyf18.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xfL18.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xfL28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xfL64.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xfl85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yfm52.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\eMule\emule.exe"= "C:\WINDOWS\system32\mqsvc.exe"= "C:\Program Files\Inventel\Gateway\RGWRepair.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE"= "C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\French\setup.exe"= "C:\Program Files\MySpace\IM\MySpaceIM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11250:TCP"= 11250:TCP:emule tcp entrant "11260:UDP"= 11260:UDP:emule udp R3 netflx3;Pilote de carte Compaq NetFlex-3/Netelligent;C:\WINDOWS\system32\DRIVERS etflx3.sys [2001-08-23 18:10] S1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-07-19 16:35] S2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] S3 ewdmaudn;ewdmaudn;C:\DOCUME~1\lea\LOCALS~1\Temp\ewdmaudn.sys [] S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-24 14:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd25270-4dda-11dd-bf94-00805f8bfc88}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68cbe2f0-9545-11dc-a413-00805f8bfc88}] \Shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a052772-4df0-11dd-bf95-00805f8bfc88}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f618e1-785b-11da-b58d-806d6172696f}] \Shell\AutoRun\command - F:\_SETIMG\EPDETECT.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd51ab00-8f7f-11dc-a406-806d6172696f}] \shell\autorun\command - D:\setup.exe . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - HKCU-Run-WhenUSave - C:\Program Files\Save\Save.exe HKLM-Run-DaemonUI - C:\Program Files\DaemonUI\DaemonUI.exe SSODL-wZYaRtRWQWJ-{1CC099CD-B66A-3367-AA4F-C42A57F64FB8} - C:\WINDOWS\system32\ciga.dll Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\lea\Application Data\Mozilla\Firefox\Profiles\qdtri0r4.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/index.php?rvs=hompag . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 18:15:48 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-01 18:21:34 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-01 16:21:30 Pre-Run: 19,132,424,192 octets libres Post-Run: 19,590,602,752 octets libres 381 --- E O F --- 2008-07-08 19:51:33

chimay8 · Answer

bon,je sais c'est pas très amusant,mais bagle est coriace

Menu Démarrer>Exécuter> 
tape ComboFix /u
clique sur ok

ensuite,

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau 


-> Double clique sur killbagle.exe. 
-> Tape sur la touche 1 (Yes) pour démarrer le scan. 
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt 

Avant d'utiliser ComboFix : 

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 


Une fois fait, sur ton bureau double-clic sur killbagle.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 


-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

comakepi · Answer

toujours des problemes d'envoi...

noctambule28 · Answer

c'est ici **************** ComboFix 08-08-31.01 - lea 2008-09-01 20:19:30.2 - NTFSx86 NETWORK Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.444 [GMT 2:00] Endroit: C:\Documents and Settings\lea\Bureau\killbagle.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . ((((((((((((((((((((((((((((( Fichiers créés 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))))))) . 2008-09-01 20:16 . 2008-09-01 20:16 d-------- C:\ComboFix 2008-09-01 17:23 . 2008-09-01 17:23 2,942 --a------ C:\Documents and Settings\Orph.egd 2008-09-01 17:22 . 2008-09-01 17:24 d-------- C:\ToolBar SD 2008-09-01 17:11 . 2008-09-01 18:25 d-------- C:\Program Files\Hitjackthis 2008-09-01 11:31 . 2004-08-04 01:32 468,517 -ra------ C: xtsetup.sif 2008-09-01 11:31 . 2004-08-03 23:00 263,488 -ra------ C:\$LDR$ 2008-09-01 11:30 . 2008-09-01 11:31 d-------- C:\$WIN_NT$.~BT 2008-09-01 11:23 . 2004-08-04 00:55 57,856 --a------ C:\WINDOWS\system32\spoolsv.exe 2008-09-01 11:23 . 2004-08-04 00:55 57,856 --a--c--- C:\WINDOWS\system32\dllcache\spoolsv.exe 2008-08-29 23:44 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-23 18:02 . 2008-08-24 11:08 d-a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-01 14:07 --------- d-----w C:\Program Files\Wanadoo 2008-09-01 13:21 --------- d-----w C:\Program Files\Microsoft AntiSpyware 2008-09-01 09:05 --------- d-----w C:\Program Files\eMule 2008-08-31 13:04 --------- d-----w C:\Program Files\Piratrax 2008-08-30 10:22 --------- d-----w C:\Program Files\Alwil Software 2008-08-30 07:51 --------- d-----w C:\Program Files\uTorrent 2008-08-30 07:22 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-08-24 15:40 --------- d-----w C:\Documents and Settings\lea\Application Data\uTorrent 2008-08-17 13:01 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll 2008-07-14 17:46 60,928 ----a-w C:\WINDOWS\system32\7D.tmp 2008-07-14 17:36 60,928 ----a-w C:\WINDOWS\system32\7A.tmp 2008-07-14 17:26 60,928 ----a-w C:\WINDOWS\system32\77.tmp 2008-07-14 17:16 60,928 ----a-w C:\WINDOWS\system32\73.tmp 2008-07-14 17:06 60,928 ----a-w C:\WINDOWS\system32\70.tmp 2008-07-14 16:46 60,928 ----a-w C:\WINDOWS\system32\6B.tmp 2008-07-14 16:36 60,928 ----a-w C:\WINDOWS\system32\68.tmp 2008-07-14 15:55 60,928 ----a-w C:\WINDOWS\system32\5E.tmp 2008-07-14 15:45 60,928 ----a-w C:\WINDOWS\system32\5B.tmp 2008-07-14 15:35 60,928 ----a-w C:\WINDOWS\system32\58.tmp 2008-07-14 15:25 60,928 ----a-w C:\WINDOWS\system32\54.tmp 2008-07-14 15:15 60,928 ----a-w C:\WINDOWS\system32\51.tmp 2008-07-14 15:05 60,928 ----a-w C:\WINDOWS\system32\4E.tmp 2008-07-14 14:55 60,928 ----a-w C:\WINDOWS\system32\4B.tmp 2008-07-14 14:45 60,928 ----a-w C:\WINDOWS\system32\48.tmp 2008-07-14 14:35 60,928 ----a-w C:\WINDOWS\system32\45.tmp 2008-07-14 14:25 60,928 ----a-w C:\WINDOWS\system32\42.tmp 2008-07-14 14:14 60,928 ----a-w C:\WINDOWS\system32\3F.tmp 2008-07-14 14:04 60,928 ----a-w C:\WINDOWS\system32\3C.tmp 2008-07-14 13:54 60,928 ----a-w C:\WINDOWS\system32\39.tmp 2008-07-14 13:44 60,928 ----a-w C:\WINDOWS\system32\36.tmp 2008-07-14 13:34 60,928 ----a-w C:\WINDOWS\system32\30.tmp 2008-07-14 13:24 60,928 ----a-w C:\WINDOWS\system32\28.tmp 2008-07-14 13:14 60,928 ----a-w C:\WINDOWS\system32\22.tmp 2008-07-14 13:04 60,928 ----a-w C:\WINDOWS\system32\1E.tmp 2008-07-14 12:54 60,928 ----a-w C:\WINDOWS\system32\1A.tmp 2008-07-14 12:44 60,928 ----a-w C:\WINDOWS\system32\16.tmp 2008-07-14 12:33 60,928 ----a-w C:\WINDOWS\system32\13.tmp 2008-07-14 11:28 60,928 ----a-w C:\WINDOWS\system32\2F.tmp 2008-07-14 11:18 60,928 ----a-w C:\WINDOWS\system32\2A.tmp 2008-07-14 11:07 60,928 ----a-w C:\WINDOWS\system32\26.tmp 2008-07-14 10:57 60,928 ----a-w C:\WINDOWS\system32\21.tmp 2008-07-14 10:47 60,928 ----a-w C:\WINDOWS\system32\1C.tmp 2008-07-14 10:37 60,928 ----a-w C:\WINDOWS\system32\19.tmp 2008-07-14 07:44 --------- d-----w C:\Documents and Settings\lea\Application Data\Malwarebytes 2008-07-14 07:44 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-07-14 07:37 60,928 ----a-w C:\WINDOWS\system32\20.tmp 2008-01-23 16:51 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe 2006-03-14 21:49 213 -c--a-w C:\Program Files\INSTALL.LOG 2006-02-21 08:37 2,338,067 ----a-w C:\Program Files\xanadusetup.exe 2006-02-20 08:22 9,192,136 ----a-w C:\Program Files\INSTALL_MSN_MESSENGER_NT.EXE 2004-04-14 20:57 33,792 ----a-w C:\Documents and Settings\Realone player\Activator31.exe 2004-03-24 20:14 10,196,336 ----a-w C:\Documents and Settings\Realone player\RealPlayer10GOLD.exe 2004-01-07 04:51 5,471 -c--a-w C:\Program Files bu-php.nfo 2004-01-01 14:14 596 -c--a-w C:\Program Files\setup.ini 2004-01-01 14:14 563 -c--a-w C:\Program Files\layout.bin 2004-01-01 14:14 540,056 -c--a-w C:\Program Files\Setup.bmp 2004-01-01 14:14 517,155 -c--a-w C:\Program Files\setup.inx 2004-01-01 14:14 420,432 -c--a-w C:\Program Files\engine32.cab 2004-01-01 14:14 392,284 -c--a-w C:\Program Files\setup.boot 2004-01-01 14:14 243,858 -c--a-w C:\Program Files\setup.skin 2004-01-01 14:14 165 -c--a-w C:\Program Files\setup.iss 2004-01-01 14:14 157,608,569 -c--a-w C:\Program Files\data2.cab 2004-01-01 14:13 5,791 -c--a-w C:\Program Files\Abcpy.ini 2004-01-01 14:13 430,319 -c--a-w C:\Program Files\data1.hdr 2004-01-01 14:13 2,280,745 -c--a-w C:\Program Files\data1.cab . ------- Sigcheck ------- 2004-08-04 00:55 17408 24b639058333ddabe8ab128ed71dfd20 C:\WINDOWS\system32\svchost.exe 2004-08-04 00:55 510464 d615aaa55cd3c2e92e91fe1cf26c09cf C:\WINDOWS\system32\winlogon.exe 2004-08-04 00:54 1038848 7da3710f8fb5f6ad478009392627ebb8 C:\WINDOWS\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe 2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2gdr\explorer.exe 2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\SoftwareDistribution\Download\aa7b28efbf5e224a2f6b995008501967\sp2qfe\explorer.exe 2004-08-04 00:55 110592 5438cedfda6cf4ae1203547b6adb7d37 C:\WINDOWS\system32\services.exe 2004-08-04 00:54 14848 185cdc453e6498512040707794b7b510 C:\WINDOWS\system32\lsass.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 15:50 122880] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 12:34 5724184] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 16:19 68856] "Piratrax"="C:\Program Files\Piratrax\piratrax.exe" [2008-03-23 14:20 3461632] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "patch Piratrax"="C:\Program Files\Piratrax\patch.exe" [2008-03-23 14:20 400384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 13:12 473928] "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 12:00 49152] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-02-10 18:52 180269] "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2005-05-13 17:11 1397760] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 15:49 20480] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 17:55 32768] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-04-02 10:35 327720] "Glock Suite 1.1"="C:\WINDOWS\system32\glock32.exe" [2004-08-04 00:54 13312] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008] "MsmqIntCert"="mqrt.dll" [2004-08-04 00:54 177152 C:\WINDOWS\system32\mqrt.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360] "MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 22:32 8699904] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "PromptOnSecureDesktop"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system] "NoDispBackgroundPage"= 1 (0x1) "NoDispScrSavPage"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.DIV3"= DivXc32.dll "msacm.divxa32"= DivXa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Agn41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\biO07.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cjp53.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Cjq28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dkq20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Dkq63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Elr75.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fms75.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fms86.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fmt63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Fmt74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnt30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnt74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Gnu85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hoU20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ipv06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ipv52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ipw74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lrY20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lsa41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Msa52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mtA17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mtA20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\muB06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ntb52.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal uB17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nub30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Nub74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ovD06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pel42.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Pwe20.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Rxf63.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ryf06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal yF17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ryf42.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saG06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\saG64.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Tbh18.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ubi28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uci17.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ucI28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Uci42.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ucj74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wek06.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wel74.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winah85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winbh30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winel30.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhn64.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhn85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhr33.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winjs86.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winub85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winub86.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvc18.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winvd28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd41.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwe64.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyf18.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xfL18.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xfL28.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\xfL64.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Xfl85.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Yfm52.sys] @="Driver" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\eMule\emule.exe"= "C:\WINDOWS\system32\mqsvc.exe"= "C:\Program Files\Inventel\Gateway\RGWRepair.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Microsoft Games\Age of Empires II\empires2.EXE"= "C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 7.0.1.325\French\setup.exe"= "C:\Program Files\MySpace\IM\MySpaceIM.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11250:TCP"= 11250:TCP:emule tcp entrant "11260:UDP"= 11260:UDP:emule udp R3 netflx3;Pilote de carte Compaq NetFlex-3/Netelligent;C:\WINDOWS\system32\DRIVERS etflx3.sys [2001-08-23 18:10] S1 aswsp;avast! Self Protection;C:\WINDOWS\system32\drivers\aswsp.sys [2008-07-19 16:35] S2 aswfsblk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37] S3 ewdmaudn;ewdmaudn;C:\DOCUME~1\lea\LOCALS~1\Temp\ewdmaudn.sys [] S3 NtApm;Pilote d'interface NT APM/hérité;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-24 14:00] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2fd25270-4dda-11dd-bf94-00805f8bfc88}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68cbe2f0-9545-11dc-a413-00805f8bfc88}] \Shell\AutoRun\command - H:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a052772-4df0-11dd-bf95-00805f8bfc88}] \Shell\Auto\command - cmd /C launch.bat \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmd /C launch.bat [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8f618e1-785b-11da-b58d-806d6172696f}] \Shell\AutoRun\command - F:\_SETIMG\EPDETECT.EXE [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd51ab00-8f7f-11dc-a406-806d6172696f}] \shell\autorun\command - D:\setup.exe *Newly Created Service* - MBAMSWISSARMY . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\lea\Application Data\Mozilla\Firefox\Profiles\qdtri0r4.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://french.eazel.com/index.php?rvs=hompag . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-01 20:22:20 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-09-01 20:24:32 ComboFix-quarantined-files.txt 2008-09-01 18:24:01 ComboFix2.txt 2008-09-01 16:21:35 Pre-Run: 19,612,540,928 octets libres Post-Run: 19,622,326,272 octets libres

comakepi · Answer

Je dois partir pour le boulot, a bientot et encore merci.

comakepi · Answer

Apres reinstallation de windows, je n'ai plus de virus detecté ni par malwarebytes, ni avast, ni anti-vir. J'ai envoyé les 4 fichiers qui étaient suspects sur virus total, apparement c'est clean.

chimay8 · Answer

ok

Probleme privacyremover et virtumonde

21 réponses

Votre réponse

Discussions similaires

Newsletters