Sujet Précédent Sujet Suivant

Infection av2009

Résolu
Roland49 Messages postés 8 Statut Membre -  
chimay8 Messages postés 7947 Statut Contributeur sécurité -
Bonjour,

Comme beaucoup, me voilà moi aussi infecté (du moins je le pense) par av2009 et consorts.

Merci d'avance aux spécialistes de me venir en aide.

A bientôt de vous lire.

A toute fin utile, voici un rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:04, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\RmFnZXM\command.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\windows\system32\rnwnw64r.exe
C:\WINDOWS\system32\lphc36uj0e135.exe
C:\WINDOWS\system32\lcntotdl.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\rhc76uj0e135\rhc76uj0e135.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\pphc36uj0e135.exe
C:\Program Files\Messenger\msmsgs.exe
C:\documents and settings\fages\local settings\application data\qiugw.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Documents and Settings\Fages\Bureau\Analyse-PC.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: radbanner browser enhancer - {1438b3b6-ee9f-5046-78b9-fb4aa91c082a} - C:\WINDOWS\system32\lwfhjauuwfrv.dll
O2 - BHO: agadoo browser optimizer - {1ea1fcbc-67fe-21de-c728-16de811137ff} - C:\WINDOWS\system32\hdbwkokpdllrny.dll
O2 - BHO: (no name) - {51004C97-6CB5-4C50-8CCE-E55389077DF5} - C:\WINDOWS\system32\wvuVOiGA.dll
O2 - BHO: (no name) - {5BAA6837-F411-4513-F3B2-8868EAAB96A9} - C:\DOCUME~1\Fages\APPLIC~1\SECOND~1\Title wma.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: mysidesearch search enhancer - {8bf6739f-6b65-cfa6-a863-26973bea4052} - C:\WINDOWS\system32\knhpuelzoa.dll
O2 - BHO: (no name) - {8D439A74-A46D-45C8-ACCB-EA505514CDA8} - C:\WINDOWS\system32\atrac.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: {8a954b24-f5f7-5be8-a3a4-dba281622cad} - {dac22618-2abd-4a3a-8eb5-7f5f42b459a8} - C:\WINDOWS\system32\zargts.dll
O2 - BHO: (no name) - {E3AB1349-922F-4CD9-B6F2-B189D9B6BB98} - C:\WINDOWS\system32\ddcDusqq.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [{07-7A-A5-50-DW}] C:\windows\system32\rnwnw64r.exe DWram03
O4 - HKLM\..\Run: [{2c33ee8f-335c-202f-b0de-d67f8e15d4c7}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\lwfhjauuwfrv.dll" DllStart
O4 - HKLM\..\Run: [lphc36uj0e135] C:\WINDOWS\system32\lphc36uj0e135.exe
O4 - HKLM\..\Run: [{1ee1da1c-c814-2316-fe23-6466814828f5}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\hdbwkokpdllrny.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntotdl.exe DWram03
O4 - HKLM\..\Run: [SMrhc76uj0e135] C:\Program Files\rhc76uj0e135\rhc76uj0e135.exe
O4 - HKLM\..\Run: [BM4b134963] Rundll32.exe "C:\WINDOWS\system32\ebsrxouo.dll",s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [qiugw] "c:\documents and settings\fages\local settings\application data\qiugw.exe" qiugw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntotdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\rnwnw64r.exe
O4 - Startup: PurFlirt.lnk = C:\Program Files\PurFlirt\PurFlirt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bullseye-network.com/download/bargain_buddy/cab/installer_ETE_AX.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: ,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll zargts.dll
O20 - Winlogon Notify: ddcDusqq - C:\WINDOWS\SYSTEM32\ddcDusqq.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RmFnZXM\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

15 réponses

Réponse 1 / 15
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
éh bien,
je peux te dire que tu es multi infecté...

y en a pour la journée...

fais ceci pour commencer

Télécharge SDfix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. Tu peux suivre le tutorial SDFix de Malekal pour t'aider :

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
[*]Redémarre ton ordinateur
[*]Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
[*]A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
[*]Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
[*]Choisis ton compte.
Déroule la liste des instructions ci-dessous :
[*]Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
[*]Appuie sur Y pour commencer le processus de nettoyage.
[*]Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
[*]Appuie sur une touche pour redémarrer le PC.
[*]Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
[*]Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
[*]Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
[*]Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
[*]Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !
0
Réponse 2 / 15
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
tes infections

Infection SD
Infection SmitFraud
Infection Combo
Infection LOP
Infection Vundo
Infection MagicControl

bref ici

C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\lcntotdl.exe
C:\WINDOWS\system32\pphc36uj0e135.exe
C:\documents and settings\fages\local settings\application data\qiugw.exe
O2 - BHO: (no name) - {5BAA6837-F411-4513-F3B2-8868EAAB96A9} - C:\DOCUME~1\Fages\APPLIC~1\SECOND~1\Title wma.exe (file missing)
O2 - BHO: mysidesearch search enhancer - {8bf6739f-6b65-cfa6-a863-26973bea4052} - C:\WINDOWS\system32\knhpuelzoa.dll
O2 - BHO: {8a954b24-f5f7-5be8-a3a4-dba281622cad} - {dac22618-2abd-4a3a-8eb5-7f5f42b459a8} - C:\WINDOWS\system32\zargts.dll
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [lphc36uj0e135] C:\WINDOWS\system32\lphc36uj0e135.exe
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntotdl.exe DWram03
O4 - HKLM\..\Run: [SMrhc76uj0e135] C:\Program Files\rhc76uj0e135\rhc76uj0e135.exe
O4 - HKLM\..\Run: [BM4b134963] Rundll32.exe "C:\WINDOWS\system32\ebsrxouo.dll",s
O4 - HKCU\..\Run: [qiugw] "c:\documents and settings\fages\local settings\application data\qiugw.exe" qiugw
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntotdl.exe
O20 - Winlogon Notify: ddcDusqq - C:\WINDOWS\SYSTEM32\ddcDusqq.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RmFnZXM\command.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe

faut faire attention à ce que tu fais sur internet...

0
Réponse 3 / 15
Roland49 Messages postés 8 Statut Membre
 
Bonjour Chimay8,

Merci de me venir en aide.

Voici le Report.txt de SDFix et un nouveau log Highjackthis :

[b]SDFix: Version 1.222 [/b]
Run by Fages on 09/09/2008 at 14:32

Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Fages\Bureau\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
cmdService
Network Monitor

[b]Path [/b]:
C:\WINDOWS\RmFnZXM\command.exe
C:\Program Files\Network Monitor\netmon.exe service

cmdService - Deleted
Network Monitor - Deleted

Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Restoring Default ScreenSaver value

Rebooting

Service asc3550p - Deleted

[b]Checking Files [/b]:

Trojan Files Found:

C:\WINDOWS\system32\lphc36uj0e135.exe - Deleted
C:\WINDOWS\system32\pphc36uj0e135.exe - Deleted
C:\Program Files\rhc76uj0e135\database.dat - Deleted
C:\Program Files\rhc76uj0e135\license.txt - Deleted
C:\Program Files\rhc76uj0e135\MFC71.dll - Deleted
C:\Program Files\rhc76uj0e135\MFC71ENU.DLL - Deleted
C:\Program Files\rhc76uj0e135\msvcp71.dll - Deleted
C:\Program Files\rhc76uj0e135\msvcr71.dll - Deleted
C:\Program Files\rhc76uj0e135\rhc76uj0e135.exe - Deleted
C:\Program Files\rhc76uj0e135\rhc76uj0e135.exe.local - Deleted
C:\Program Files\rhc76uj0e135\Uninstall.exe - Deleted
C:\WINDOWS\system32\ddcDusqq.dll - Deleted
C:\WINDOWS\system32\knhpuelzoa.dll - Deleted
C:\WINDOWS\system32\hdbwkokpdllrny.dll - Deleted
C:\WINDOWS\system32\lwfhjauuwfrv.dll - Deleted
C:\WINDOWS\RmFnZXM\asappsrv.dll - Deleted
C:\WINDOWS\RmFnZXM\command.exe - Deleted
C:\WINDOWS\RmFnZXM\lAIBtrg.vbs - Deleted
C:\WINDOWS\system32\phc36uj0e135.bmp - Deleted
C:\WINDOWS\system32\blphc36uj0e135.scr - Deleted
C:\Documents and Settings\Fages\Local Settings\Temp\.tt3B.tmp.exe - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt - Deleted
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt - Deleted
C:\Program Files\Antivirus 2009\av2009.exe - Deleted
C:\Program Files\PlayMP3z\uninstall.exe - Deleted
C:\Program Files\VirusRemover2008\VRM2008.exe - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt10C.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt11C.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt12D.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt13F.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt152.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt163.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt2.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt3.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt38.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt4.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt5.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt50.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt6.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt60.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt7.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt71.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt8.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt81.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt93.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.ttA6.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.ttB7.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.ttC9.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.ttD9.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.ttEB.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.ttFB.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt3B.tmp.exe - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt2.tmp.vbs - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt3.tmp.vbs - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt38.tmp.vbs - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt4.tmp.vbs - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt5.tmp.vbs - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt6.tmp.vbs - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt7.tmp.vbs - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\.tt8.tmp.vbs - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\TMP11.tmp - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\TMP17.tmp - Deleted
C:\WINDOWS\system32\10.tmp - Deleted
C:\WINDOWS\system32\11.tmp - Deleted
C:\WINDOWS\system32\12.tmp - Deleted
C:\Program Files\Network Monitor\netmon.exe - Deleted
C:\Documents and Settings\Fages\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\Fages\real.txt - Deleted
C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk - Deleted
C:\DOCUME~1\Fages\LOCALS~1\Temp\removalfile.bat - Deleted
C:\WINDOWS\system32\atmtd.dll - Deleted
C:\WINDOWS\system32\atmtd.dll._ - Deleted
C:\WINDOWS\system32\ieupdates.exe - Deleted
C:\WINDOWS\system32\msnav32.ax - Deleted
C:\WINDOWS\system32\pac.txt - Deleted
C:\WINDOWS\system32\real.txt - Deleted
C:\WINDOWS\system32\scui.cpl - Deleted
C:\WINDOWS\system32\sysrest32.exe - Deleted
C:\WINDOWS\system32\winsrc.dll - Deleted
C:\WINDOWS\system32\winsrc.dll.tmp - Deleted
C:\WINDOWS\system32\zxdnt3d.cfg - Deleted
C:\WINDOWS\uninstall_nmon.vbs - Deleted
C:\WINDOWS\system32\sysrest.sys - Deleted

Folder C:\Program Files\rhc76uj0e135 - Removed
Folder C:\Documents and Settings\Fages\Application Data\rhc76uj0e135 - Removed
Folder C:\Program Files\Antivirus 2009 - Removed
Folder C:\Program Files\Network Monitor - Removed
Folder C:\Program Files\PlayMP3z - Removed
Folder C:\Program Files\VirusRemover2008 - Removed
Folder C:\Documents and Settings\LocalService\Application Data\NetMon - Removed

Removing Temp Files

[b]ADS Check [/b]:

[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 14:49:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000a1
"TracesSuccessful"=dword:00000004

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

[b]Remaining Services [/b]:

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaSync.exe:LocalSubNet:Enabled:Media Synchoronizer"
"C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe"="C:\\Program Files\\Acer\\Acer eConsole\\eConsole.exe:LocalSubNet:Enabled:eConsole"
"C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe"="C:\\Program Files\\Acer\\Acer eConsole\\MediaServerService.exe:LocalSubNet:Enabled:Acer Media Server"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\WINDOWS\\taskmon.exe"="C:\\WINDOWS\\taskmon.exe:*:Enabled:enable"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:

File Backups: - C:\DOCUME~1\Fages\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Wed 6 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\KCMDNIns.exe"
Wed 7 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Wed 7 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 7 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 7 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 7 Dec 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Thu 7 Aug 2003 24,576 A..H. --- "C:\WINDOWS\system32\reboot.exe"
Mon 30 Aug 2004 44,032 A..H. --- "C:\WINDOWS\system32\rescan.exe"
Mon 2 Oct 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 18 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Thu 8 May 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\24af2a69c06a4de03e35dc89d706475f\BIT2.tmp"
Fri 17 Nov 2006 989,096 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\5a0d771158cfd69be5ddd26d8f58c73b\BIT29.tmp"

[b]Finished![/b]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:03:55, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\windows\system32\dwwnw64r.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\documents and settings\fages\local settings\application data\qiugw.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\lcntotdl.exe
C:\Program Files\PurFlirt\PurFlirt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Fages\Bureau\Analyse-PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4831FCEA-3C4D-423B-96D5-81C2A80D32A4} - C:\WINDOWS\system32\wvuVOiGA.dll
O2 - BHO: (no name) - {5BAA6837-F411-4513-F3B2-8868EAAB96A9} - C:\DOCUME~1\Fages\APPLIC~1\SECOND~1\Title wma.exe (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8D439A74-A46D-45C8-ACCB-EA505514CDA8} - C:\WINDOWS\system32\atrac.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {BEA21A30-1DD3-46FE-A34A-59FF6E22B893} - C:\WINDOWS\system32\atrac.dll
O2 - BHO: {8a954b24-f5f7-5be8-a3a4-dba281622cad} - {dac22618-2abd-4a3a-8eb5-7f5f42b459a8} - C:\WINDOWS\system32\zargts.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [Spyware-Secure] C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe
O4 - HKLM\..\Run: [{07-7A-A5-50-DW}] c:\windows\system32\dwwnw64r.exe DWram03
O4 - HKLM\..\Run: [{2c33ee8f-335c-202f-b0de-d67f8e15d4c7}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\lwfhjauuwfrv.dll" DllStart
O4 - HKLM\..\Run: [{1ee1da1c-c814-2316-fe23-6466814828f5}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\hdbwkokpdllrny.dll" DllStart
O4 - HKLM\..\Run: [BM4b134963] Rundll32.exe "C:\WINDOWS\system32\ebsrxouo.dll",s
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\lcntotdl.exe DWram03
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [qiugw] "c:\documents and settings\fages\local settings\application data\qiugw.exe" qiugw
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntotdl.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\dwwnw64r.exe
O4 - Startup: PurFlirt.lnk = C:\Program Files\PurFlirt\PurFlirt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0878B424-1F95-4E26-B5AB-F0D349D89650} - http://download.bullseye-network.com/download/bargain_buddy/cab/installer_ETE_AX.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: ,c:\progra~1\kasper~1\kasper~1\mzvkbd.dll zargts.dll
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
0
Réponse 4 / 15
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
ok,

fais ceci

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes

Double-clique sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

Copie/colle un nouveau rapport HiJackThis avec.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 15
Roland49 Messages postés 8 Statut Membre
 
J'ai suivi tes recommandations.

Je n'ai pas eu de question, si ce n'est une demande de validation pour utiliser ComboFix avec le bouton OK activé. J'ai donc appuyer sur la touche Entrée et ComboFix a démarré.
En fin de traitement, le PC a redémarré automatiquement et le rapport a été créé.

Je suis désolé, mais je dois m'absenter. Je reprends contact demain.

Voici donc le rapport ComboFix ainsi qu'un nouveau log HighjackThis :

ComboFix 08-09-05.12 - Fages 2008-09-09 19:06:41.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.121 [GMT 2:00]
Endroit: C:\Documents and Settings\Fages\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Bureau\webmediaplayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Conditions générales.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Confidentialité.url
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Désinstaller.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\WebMediaPlayer.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WebMediaPlayer\Website.url
C:\Documents and Settings\Fages\Bureau\Spyware-Secure trial.lnk
C:\Documents and Settings\Fages\Cookies\fages@ad.yieldmanager[1].txt
C:\Documents and Settings\Fages\Cookies\fages@ad.yieldmanager[2].txt
C:\Documents and Settings\Fages\Cookies\fages@ad.yieldmanager[4].txt
C:\Documents and Settings\Fages\Cookies\fages@ad.yieldmanager[5].txt
C:\Documents and Settings\Fages\Cookies\fages@europacasino[2].txt
C:\Documents and Settings\Fages\Cookies\fages@metaffiliation[2].txt
C:\Documents and Settings\Fages\Cookies\fages@serving-sys[1].txt
C:\Documents and Settings\Fages\Local Settings\Application Data\qiugw.dat
C:\Documents and Settings\Fages\Local Settings\Application Data\qiugw.exe
C:\Documents and Settings\Fages\Local Settings\Application Data\qiugw_nav.dat
C:\Documents and Settings\Fages\Local Settings\Application Data\qiugw_navps.dat
C:\Documents and Settings\Fages\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\Fages\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\Documents and Settings\Fages\Menu Démarrer\Programmes\PlayMP3z
C:\Documents and Settings\Fages\Menu Démarrer\Programmes\PlayMP3z\Run PlayMP3z.lnk
C:\Documents and Settings\Fages\Menu Démarrer\Programmes\Spyware-Secure
C:\Documents and Settings\Fages\Menu Démarrer\Programmes\Spyware-Secure\Spyware-Secure trial.lnk
C:\Documents and Settings\Fages\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk
C:\Documents and Settings\marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
C:\Documents and Settings\marc\Application Data\rhc76uj0e135
C:\Documents and Settings\marc\Bureau\Antivirus 2009.lnk
C:\Documents and Settings\marc\Local Settings\Application Data\uogumgq.dat
C:\Documents and Settings\marc\Local Settings\Application Data\uogumgq.exe
C:\Documents and Settings\marc\Local Settings\Application Data\uogumgq_nav.dat
C:\Documents and Settings\marc\Local Settings\Application Data\uogumgq_navps.dat
C:\Documents and Settings\marc\Menu Démarrer\Antivirus 2009
C:\Documents and Settings\marc\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk
C:\Documents and Settings\marc\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk
C:\Documents and Settings\marc\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\marc\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\Documents and Settings\matthieu\Application Data\rhc76uj0e135
C:\Documents and Settings\matthieu\Cookies\matthieu@ad.yieldmanager[3].txt
C:\Documents and Settings\matthieu\Cookies\matthieu@ad.yieldmanager[4].txt
C:\Documents and Settings\matthieu\Local Settings\Application Data\uogumgq.dat
C:\Documents and Settings\matthieu\Local Settings\Application Data\uogumgq.exe
C:\Documents and Settings\matthieu\Local Settings\Application Data\uogumgq_nav.dat
C:\Documents and Settings\matthieu\Local Settings\Application Data\uogumgq_navps.dat
C:\Documents and Settings\matthieu\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
C:\Documents and Settings\matthieu\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
C:\Program Files\Hot internet offers
C:\Program Files\Hot internet offers\offers.exe
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\WINDOWS\BM4b134963.txt
C:\WINDOWS\BM4b134963.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\AGiOVuvw.ini
C:\WINDOWS\system32\AGiOVuvw.ini2
C:\WINDOWS\system32\atrac.dll
C:\WINDOWS\system32\dvmrti.dll
C:\WINDOWS\system32\dwwnw64r.exe
C:\WINDOWS\system32\ebsrxouo.dll
C:\WINDOWS\system32\eyinncbm.dll
C:\WINDOWS\system32\gahtkpdu.dll
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hgglrgkw.ini
C:\WINDOWS\system32\hssdlh.dll
C:\WINDOWS\system32\igodtqqv.dll
C:\WINDOWS\system32\jjucaw.dll
C:\WINDOWS\system32\kgvtnxtj.dll
C:\WINDOWS\system32\klmhxgya.ini
C:\WINDOWS\system32\lcntotdm.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nnnOETKe.dll
C:\WINDOWS\system32\nojlymjf.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\rnwnw64r.exe
C:\WINDOWS\system32\tilanpno.dll
C:\WINDOWS\system32\udpkthag.ini
C:\WINDOWS\system32\uttehodx.dll
C:\WINDOWS\system32\uundqrxs.ini
C:\WINDOWS\system32\uxykhgym.dll
C:\WINDOWS\system32\vapkathv.ini
C:\WINDOWS\system32\vauybprr.dll
C:\WINDOWS\system32\vhtakpav.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wvmujh.dll
C:\WINDOWS\system32\wvuVOiGA.dll
C:\WINDOWS\system32\x1
C:\WINDOWS\system32\x1\ATV5105nt.exe
C:\WINDOWS\system32\xkiygq.dll
C:\WINDOWS\system32\zargts.dll
C:\WINDOWS\system32\zxdnt3d.cfg

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-09 to 2008-09-09 ))))))))))))))))))))))))))))))))))))
.

2008-09-09 14:28 . 2008-09-09 14:28 <REP> d-------- C:\WINDOWS\ERUNT
2008-09-09 14:25 . 2005-12-30 10:53 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-09-09 14:25 . 2005-12-07 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-09 14:25 . 2005-12-07 07:37 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-09 14:25 . 2005-12-30 10:53 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-09 14:25 . 2005-12-30 10:53 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-09 14:25 . 2005-12-30 10:53 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-09 14:25 . 2005-12-30 10:53 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-09 14:25 . 2005-12-30 10:53 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-09 14:25 . 2005-12-07 07:09 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-09-09 14:25 . 2008-09-09 14:25 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-05 14:13 . 2008-09-05 14:13 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\DivX
2008-09-05 14:10 . 2008-09-05 14:10 0 --a------ C:\WINDOWS\system32\F.tmp
2008-09-05 12:43 . 2008-09-05 12:43 0 --a------ C:\WINDOWS\system32\E.tmp
2008-09-04 19:27 . 2008-09-04 19:27 0 --a------ C:\WINDOWS\system32\D.tmp
2008-09-04 19:12 . 2008-09-04 19:12 0 --a------ C:\WINDOWS\system32\C.tmp
2008-09-03 13:50 . 2008-09-03 13:50 0 --a------ C:\WINDOWS\system32\B.tmp
2008-09-03 12:54 . 2008-09-03 12:54 0 --a------ C:\WINDOWS\system32\A.tmp
2008-09-02 20:26 . 2008-09-02 20:26 0 --a------ C:\WINDOWS\system32\6.tmp
2008-09-02 18:07 . 2008-09-02 18:07 0 --a------ C:\WINDOWS\system32\9.tmp
2008-09-02 12:30 . 2008-09-02 12:30 0 --a------ C:\WINDOWS\system32\8.tmp
2008-09-01 19:44 . 2008-09-01 19:44 0 --a------ C:\WINDOWS\system32\7.tmp
2008-09-01 14:06 . 2008-09-01 14:06 153,425 --a------ C:\WINDOWS\system32\g14.exe
2008-09-01 14:06 . 2008-09-01 14:06 64,859 --a------ C:\WINDOWS\system32\bybulzvumk.exe
2008-09-01 14:00 . 2008-09-09 14:35 <REP> d-------- C:\WINDOWS\RmFnZXM
2008-09-01 14:00 . 2008-09-02 10:23 90,921 --a------ C:\WINDOWS\system32\knhpuelzoa.dll-uninst.exe
2008-09-01 13:58 . 2008-09-01 13:58 99,328 --a------ C:\WINDOWS\stfMeane1000106.exe
2008-09-01 13:57 . 2008-09-01 13:57 <REP> d-------- C:\WINDOWS\system32\tem
2008-09-01 13:57 . 2008-09-01 13:57 <REP> d-------- C:\WINDOWS\system32\ecom
2008-09-01 13:57 . 2008-09-01 13:57 <REP> d-------- C:\WINDOWS\system32\am
2008-09-01 13:57 . 2008-09-01 13:58 548,928 --a------ C:\WINDOWS\system32\lcntotdl.exe
2008-09-01 13:57 . 2008-09-01 13:57 108,544 --a------ C:\ctfmon.exe
2008-09-01 13:57 . 2008-09-01 13:57 64,896 --a------ C:\WINDOWS\system32\gfoawxpsvcvwja.exe
2008-09-01 13:57 . 2008-09-01 13:57 355 --a------ C:\895.bat
2008-09-01 13:55 . 2008-09-01 13:55 <REP> d-------- C:\WINDOWS\system32\wTR02
2008-09-01 13:55 . 2008-09-09 09:45 <REP> d-------- C:\Temp
2008-08-31 20:55 . 2008-09-09 09:39 59 --a------ C:\WINDOWS\yesmessenger.ini
2008-08-31 20:53 . 2008-08-31 21:00 <REP> d-------- C:\Program Files\PurFlirt
2008-08-31 20:53 . 2007-11-26 14:46 316 --a------ C:\WINDOWS\yes_messenger.ini
2008-08-17 11:14 . 2008-08-17 11:14 <REP> d-------- C:\Documents and Settings\matthieu\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-09 17:11 442,400 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-09 17:11 2,592 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-09 17:11 15,948 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-09 17:11 1,903,136 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-09 17:03 --------- d-----w C:\Program Files\Spyware-Secure
2008-09-09 17:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-06 11:43 --------- d-----w C:\Documents and Settings\Fages\Application Data\LimeWire
2008-09-02 08:41 --------- d-----w C:\Program Files\Java
2008-08-19 12:33 --------- d-----w C:\Program Files\eMule
2008-08-06 17:09 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-07-24 11:05 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-07-23 12:55 --------- d-----w C:\Program Files\LimeWire
2008-07-16 16:17 --------- d-----w C:\Program Files\Google
2008-07-16 11:53 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-07-16 11:53 --------- d-----w C:\Program Files\Ahead
2008-07-16 11:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-16 11:50 --------- d-----w C:\Program Files\NewTech Infosystems
2008-07-16 11:47 --------- d-----w C:\Program Files\Panasonic
2008-07-16 11:46 --------- d-----w C:\Program Files\Yahoo!
2008-07-16 11:44 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-16 11:39 --------- d-----w C:\Program Files\CyberLink
2008-07-16 11:30 --------- d-----w C:\Program Files\InterActual
2008-07-16 11:28 --------- d-----w C:\Program Files\Free Audio Pack
2008-07-16 11:27 --------- d-----w C:\Program Files\Winamp
2008-07-16 11:27 --------- d-----w C:\Program Files\DivX
2008-07-10 16:56 120 ----a-w C:\drmHeader.bin
2008-07-10 14:41 --------- d-----w C:\Program Files\Kaspersky Lab
2007-05-10 13:13 39,440 ----a-w C:\Documents and Settings\Fages\Application Data\GDIPFONTCACHEV1.DAT
2006-10-17 11:10 15,926,792 ----a-w C:\Program Files\DivXPlay.exe
2006-10-17 11:00 133,273 ----a-w C:\Program Files\klcodec277f.exe
2006-10-01 12:38 9,336,520 ----a-w C:\Program Files\Install_MSN_Messenger.EXE
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"AspireService"="C:\Program Files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 114688]
"MediaSync"="C:\Program Files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 425984]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 35328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" [2006-12-15 75520]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 C:\WINDOWS\soundman.exe]
"VTTimer"="VTTimer.exe" [2005-05-13 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-05-13 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 SG762_XP;SAGEM 802.11g XG762 1211B Driver;C:\WINDOWS\system32\DRIVERS\WlanBZXP.sys [2006-01-18 402432]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b7df41-5c30-11db-8e82-0060b353867f}]
\Shell\AutoRun\command - K:\setupSNK.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

BHO-{5BAA6837-F411-4513-F3B2-8868EAAB96A9} - C:\DOCUME~1\Fages\APPLIC~1\SECOND~1\Title wma.exe
BHO-{8D439A74-A46D-45C8-ACCB-EA505514CDA8} - C:\WINDOWS\system32\atrac.dll
BHO-{BEA21A30-1DD3-46FE-A34A-59FF6E22B893} - C:\WINDOWS\system32\atrac.dll
BHO-{D511CE89-DB23-4FD9-8103-893DCE77BABE} - C:\WINDOWS\system32\wvuVOiGA.dll
BHO-{dac22618-2abd-4a3a-8eb5-7f5f42b459a8} - C:\WINDOWS\system32\zargts.dll
HKCU-Run-qiugw - c:\documents and settings\fages\local settings\application data\qiugw.exe
HKLM-Run-eRecoveryService - C:\Acer\Empowering Technology\eRecovery\Monitor.exe
HKLM-Run-{07-7A-A5-50-DW} - C:\windows\system32\dwwnw64r.exe
HKLM-Run-{2c33ee8f-335c-202f-b0de-d67f8e15d4c7} - C:\WINDOWS\system32\lwfhjauuwfrv.dll
HKLM-Run-{1ee1da1c-c814-2316-fe23-6466814828f5} - C:\WINDOWS\system32\hdbwkokpdllrny.dll
HKLM-Run-BM4b134963 - C:\WINDOWS\system32\ebsrxouo.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Fages\Application Data\Mozilla\Firefox\Profiles\xotf3qis.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-09 19:12:47
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PurFlirt\PurFlirt.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-09-09 19:16:14 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-09 17:16:08

Pre-Run: 37,748,928,512 octets libres
Post-Run: 38,056,042,496 octets libres

286 --- E O F --- 2008-08-13 20:04:41

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:17:36, on 09/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PurFlirt\PurFlirt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Fages\Bureau\Analyse-PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PurFlirt.lnk = C:\Program Files\PurFlirt\PurFlirt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
0
Réponse 6 / 15
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
ok,
il y a encore quelques fichiers infectieux,
mais normalement,MBAM doit les dégager

donc,

Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton Bureau.
https://www.malwarebytes.com/
A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône "Download_mbam-setup.exe" sur ton bureau pour démarrer le programme d'installation.
Pendant l'installation, suis les indications n'apporte aucune modification aux réglages par défaut et, en fin d'installation, vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
Ferme MBAM
Redémarre en mode sans échec, pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

Relance MBAM
La fenêtre principale de MBAM s'affiche :
Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares ont été détectés, leur liste s'affiche.
***EN CLIQUANT SUR SUPPRESSION(?)FAIT LE***, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
Poste le rapport dans ta réponse
0
Réponse 7 / 15
Roland49 Messages postés 8 Statut Membre
 
Bonjour,

Voici les éléments attendus : rapport MBAM et HighjackThis :

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1135
Windows 5.1.2600 Service Pack 2

10/09/2008 12:07:16
mbam-log-2008-09-10 (12-07-16).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 96125
Temps écoulé: 3 hour(s), 20 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 9
Fichier(s) infecté(s): 81

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\BrowsingEnhancer (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\radbanner (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\agadoo (Adware.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\am (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTR02 (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\config\45435566.Evt (Rootkit.Agent.H) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\dvmrti.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hssdlh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\jjucaw.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kgvtnxtj.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\uxykhgym.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\vauybprr.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\x1\ATV5105nt.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000197.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000203.dll (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000204.exe (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000210.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000216.cpl (Rogue.XPantivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000241.dll (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000245.exe (Adware.CommAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000251.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000254.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP5\A0000266.cpl (Rogue.XPantivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP6\A0000384.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP6\A0000386.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP6\A0000390.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP6\A0000392.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP6\A0000393.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP6\A0000398.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP6\A0000399.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\stfMeane1000106.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\am\Wi03550xi.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wTR02\wTR022328.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\config.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Gfx_fr.bin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\language (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\nbmw (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\quarantine.s3db (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\skin (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure.url (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\Spyware-Secure_trial.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sqlite3.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\sws_translations.xml (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\uninst.exe (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\unrar.dll (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR.zip (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_intro.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\explo_menu.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\file.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_f.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\folder_o.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\index.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\menu3.js (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\spy.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_coud.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_droit.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\trait_vert.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\fleche.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\folder.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\key.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\support.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\title-hepfile.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\dowload-file-antispyware.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\menu.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\images\FR\scstep2.gif (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\3differentscan.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\contactus.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\found-objects.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\lexic.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\navigtabs.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\quarantine.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\help\help_Trial_FR\rubs\register.htm (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\cookies_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesDesc_1-12.dic (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesExt_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesMulti_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\filesSimple_1-12.idx (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\malwaresDB_1-12 (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Program Files\Spyware-Secure\resources\register_1-12.dat (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\ctfmon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\marc\Bureau\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.
C:\Documents and Settings\marc\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk (Rogue.VirusRemove) -> Quarantined and deleted successfully.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:11:35, on 10/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\PurFlirt\PurFlirt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fages\Bureau\Analyse-PC.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PurFlirt.lnk = C:\Program Files\PurFlirt\PurFlirt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Statistiques de la protection du trafic Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
0
Réponse 8 / 15
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
Pour supprimer les outils/fix utilisés :

Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telechargement 34055291 toolscleaner

# Clique sur "Recherche" et laisse le scan agir ...
# Clique sur "Suppression" pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

Télécharges : - CCleaner
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnectes toi et fermes toutes applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y est plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

Suppression des points de restauration :
1.Ouvre le Menu Démarrer
2.Clique-droit sur Poste de travail
3.Clique sur Propriétés
4.Positionne-toi dans l'onglet Restauration du système
5.Coche "Désactiver la restauration système"
6.Valide par Ok
7.Redémarre ton pc
8.Reproduis les manipulations 1 à 3
9.Décoche "Désactiver la restauration système"
10.Valide par Ok

encore des problèmes??
0
Réponse 9 / 15
Roland49 Messages postés 8 Statut Membre
 
Bonjour,

J'ai suivi tes instructions à la lettre et tu trouveras ci-après le rapport ToolsCleaner. J'ai aussi conservé les nettoyages registre faits par CCleaner dans des fichiers. Si tu souhaites les visualiser dis-le moi je te les posterai dans un prochain message.

A priori tout semble OK : la désinfection a parfaitement fonctionné.

Ne serait-il pas prudent de créer un point de restauration maintenant que le PC est clean ?

Y a-t-il d'autres manips à effectuer ?

[ Rapport ToolsCleaner version 2.2.3 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Qoobox: trouvé !
C:\Documents and Settings\Fages\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Fages\Bureau\Combofix.txt: trouvé !
C:\Documents and Settings\Fages\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Fages\Bureau\SDFIX: trouvé !
C:\Documents and Settings\Fages\Bureau\SDFix\SdFix.exe: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\Fages\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Fages\Bureau\SDFix\SdFix.exe: supprimé !
C:\Documents and Settings\Fages\Bureau\Combofix.txt: supprimé !
C:\Documents and Settings\Fages\Bureau\hijackthis.log: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\Fages\Bureau\SDFIX: supprimé !
0
Réponse 10 / 15
Roland49 Messages postés 8 Statut Membre
 
Chimay8 es-tu là ?
0
Réponse 11 / 15
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
sorry,
panne pc,t'es là?

pour combofix,
Menu Démarrer>Exécuter>copie/colle ComboFix /u clic sur ok
0
Réponse 12 / 15
Roland49 Messages postés 8 Statut Membre
 
Bonjour,

J'ai effectué la manip. ComboFix a bien été désinstallé.

Peut-on considérer que le problème est clos ?
0
Réponse 13 / 15
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
pour moi,je ne vois plus de problème

si ton pc tourne correctement,c'est ok

coche résolu en début de topic stp

bon surf et prudence
@+
0
Réponse 14 / 15
Roland49 Messages postés 8 Statut Membre
 
Je fais le nécessaire pour le topic.

Sincèrement merci pour ton aide.
0
Réponse 15 / 15
chimay8 Messages postés 7947 Statut Contributeur sécurité 60
 
y a pas de quoi,
ce fût un plaisir,
bien à toi
0

Discussions similaires

infection
gladiator1952 -
gladiator1952 -

6 réponses
Infection pc
Nanie24 -
Nanie24 -

22 réponses
[pnkbstra]infection
swazolie -
billou631 -

9 réponses
infection virus
Utilisateur anonyme -
Utilisateur anonyme -

3 réponses
Infection Bloom ?
ccm81 -
fabul -

8 réponses