Win 32 Rootkit; Gen et VBS MALWARE GEN Help!!

Résolu
nul en pc -  
 libellule -
Bonjour,

j'ai recemment ete infecté par plusieur cochonnerie, en effet
Avast detecte WIN 32 rootkit-gen [Rtk]
WIN 32 adware-gen [Rtk]
Win 32 PureMorph [Cryp]
VBS Malware-gen
JS: Redirector-b [Trj]
WIN32 Trojan-gen {Other}

j'ai windows Vista, a chaque demarage ca change mon fond d'ecran!!!

alors si quelqu'un peu m'aider je lui en serais vraiment tres reconnaissant
merci a vous
@ plus
Hervé
Configuration: Windows Vista
Internet Explorer 7.0

41 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une machine sous Windows Vista est infectée par plusieurs malwares détectés par Avast, incluant des rootkits, des adwares et des trojans, et le problème se manifeste notamment par un changement du fond d'écran au démarrage.
Plusieurs réponses suggèrent d'utiliser des outils spécialisés tels que Malwarebytes Anti-Malware, HijackThis et Combofix pour diagnostiquer le système et nettoyer les traces, puis redémarrer et vérifier l'absence d'infections.
D'autres conseils recommandent d'exécuter des scans en mode sécurité, d'analyser les rapports générés et de supprimer soigneusement les éléments identifiés, avec sauvegarde des journaux pour vérification ultérieure.
En cas d'infection persistante, certains proposent l'utilisation d'autres utilitaires et, en dernier recours, une réinstallation du système avec sauvegarde des données, afin de réduire les risques de réinfection.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    Salut,

    Télécharge HijackThis (outils de dignostic) ici :

    -> Fais un clic droit sur un des liens et choisi enregistrer la cible sous .... le bureau
    -> http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe
    -> ftp://ftp.commentcamarche.com/download/HJTInstall.exe

    -> Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

    -> Clique sur Install ensuite sur I Accept

    -> Clique sur Do a scan system and save log file

    -> Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse
    1
    1. jimbo21
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:34:12, on 2009-02-20
      Platform: Windows Vista SP1 (WinNT 6.00.1905)
      MSIE: Internet Explorer v7.00 (7.00.6001.18000)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\hp\support\hpsysdrv.exe
      C:\hp\KBD\kbd.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Windows\vVX1000.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
      C:\Program Files\Microsoft IntelliType Pro\itype.exe
      C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Fighters\Spywarefighter\SpywarefighterUser.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\MSN Messenger\msnmsgr.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      c:\program files\fighters\spywarefighter\SPYWAREfighterTray.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Skype\Plugin Manager\SkypePM.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
      C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Alwil Software\Avast4\ashChest.exe
      C:\Program Files\Internet Explorer\ieuser.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
      O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [VX1000] C:\Windows\vVX1000.exe
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
      O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\Fighters\spywarefighter\SpywarefighterUser.exe
      O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
      O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O13 - Gopher Prefix:
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\Windows\System32\ati2sgag.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: PTK License-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\licenseservice.exe
      O23 - Service: PTK Live Update-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\updateservice.exe
      O23 - Service: PTK Scanner-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\ScannerService.exe
      O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - SPAMfighter - C:\Program Files\Fighters\configservice.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
    2. marie
       
      Bonjour,

      j'ai le meme soucis , je viens de choper un rootkit et avast me dit qu'il s'appel win32 rootkit gen rtk.

      J'ai essayer avast et superantipyware, sa me supprime des trucs mai des que je redemarre mon pc tout reviens.


      Pouvez vou m'aider, je sui archi nul en pc.


      Merci
      0
  2. Utilisateur anonyme
     
    re

    j ai vu pire , t as un rogue un faux antivirus

    Telecharge malwarebytes

    Tu l´instale; le programme va se mettre automatiquement a jour.

    Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

    Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

    Puis click sur "rechercher".

    Laisse le scanner le pc...

    Si des elements on ete trouvés > click sur supprimer la selection.

    si il t´es demandé de redemarrer > click sur "yes".

    A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
    Copie et colle le rapport stp.

    PS : les rapport sont aussi rangé dans l onglet rapport/log
    1
    1. nul en pc
       
      voila le scan est terminé :

      par contre une nouvelle icone est apparue dans la barre de lancement rapide a cote de avast, quand je met le souris dessus il est marqué "programme de demarrage bloqués" qu'est ce que c'est ?

      Malwarebytes' Anti-Malware 1.28
      Version de la base de données: 1155
      Windows 6.0.6001 Service Pack 1

      15/09/2008 17:40:48
      mbam-log-2008-09-15 (17-40-48).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 126362
      Temps écoulé: 38 minute(s), 22 second(s)

      Processus mémoire infecté(s): 1
      Module(s) mémoire infecté(s): 1
      Clé(s) du Registre infectée(s): 33
      Valeur(s) du Registre infectée(s): 7
      Elément(s) de données du Registre infecté(s): 3
      Dossier(s) infecté(s): 4
      Fichier(s) infecté(s): 68

      Processus mémoire infecté(s):
      C:\Windows\System32\lphcnaoj0eec0.exe (Trojan.FakeAlert) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      C:\Windows\System32\blphcnaoj0eec0.scr (Trojan.FakeAlert) -> Delete on reboot.

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\NetProject (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcnaoj0eec0 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcnaoj0eec0 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      C:\Windows\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\System32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Windows\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Windows\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Windows\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\System32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Windows\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
      C:\Windows\System32\blphcnaoj0eec0.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Windows\System32\lphcnaoj0eec0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Windows\System32\phcnaoj0eec0.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      0
    2. nul en pc
       
      je viens de relancer un scan avast
      et il trouve encore quelque chose est-ce normale, doc ?

      encore merci pour ton aide
      0
  3. nul en pc
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:50:19, on 15/09/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\lphcnaoj0eec0.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\rundll32.exe
    D:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Alwil Software\Avast4\ashChest.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lphcnaoj0eec0] C:\Windows\system32\lphcnaoj0eec0.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [lphcnaoj0eec0] C:\Windows\system32\lphcnaoj0eec0.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplusactive.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O21 - SSODL: cmdcom - {740DF498-8757-3867-8355-0BCB7D320181} - C:\Program Files\csiuhj\cmdcom.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    0
  4. nul en pc
     
    alors docteur c'est grave ?

    merci a toi d'etre aussi Reactive
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    réouvre malewarebyte
    va sur quarantaine
    supprime tout

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message
    0
  7. nul en pc
     
    combo fix ne veux pas s'installe :

    message d'erreur
    YOu cannot be rename ComboFix to ComboFix[1]
    please use another name, preferbaly made up of alphanumeric characters.
    0
  8. Utilisateur anonyme
     
    supprime le

    ensuite :

    Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Avant de telecharger clic sur enregistrer renome le en killbagle et enregistre le sur le bureau

    ensuite suis la procedure combofix
    0
  9. nul en pc
     
    finalement ca a marché voici le scan :

    ComboFix 08-09-14.06 - hervé 2008-09-15 18:17:47.1 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6001.1.1252.1.1036.18.2433 [GMT 2:00]
    Lancé depuis: C:\Users\hervé\Desktop\ComboFix.exe
    * Un nouveau point de restauration a été créé
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-15 au 2008-09-15 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-15 16:58 . 2008-09-15 16:58 <REP> d-------- C:\Users\hervé\AppData\Roaming\Malwarebytes
    2008-09-15 16:58 . 2008-09-15 16:58 <REP> d-------- C:\Users\All Users\Malwarebytes
    2008-09-15 16:58 . 2008-09-15 16:58 <REP> d-------- C:\ProgramData\Malwarebytes
    2008-09-15 16:58 . 2008-09-15 16:58 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-15 16:58 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
    2008-09-15 16:58 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
    2008-09-15 16:49 . 2008-09-15 16:49 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-14 14:51 . 2008-09-13 12:02 90,112 --------- C:\Windows\System32\trzE31F.tmp
    2008-09-13 12:03 . 2008-09-13 12:03 <REP> d-------- C:\Program Files\csiuhj
    2008-09-13 12:02 . 2008-09-14 14:51 <REP> d-------- C:\Users\All Users\odgvelkf
    2008-09-13 12:02 . 2008-09-14 14:51 <REP> d-------- C:\ProgramData\odgvelkf
    2008-09-11 21:25 . 2008-09-11 21:26 <REP> d-------- C:\Users\hervé\AppData\Roaming\SPORE
    2008-09-11 21:21 . 2008-09-11 21:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Videos
    2008-09-11 21:21 . 2008-09-11 21:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
    2008-09-11 21:21 . 2008-09-11 21:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Saved Games
    2008-09-11 21:21 . 2008-09-11 21:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Pictures
    2008-09-11 21:21 . 2008-09-11 21:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Music
    2008-09-11 21:21 . 2008-09-11 21:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Links
    2008-09-11 21:21 . 2008-09-11 21:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Downloads
    2008-09-11 21:21 . 2008-09-11 21:21 <REP> dr------- C:\Windows\System32\config\systemprofile\Documents
    2008-09-11 21:21 . 2008-09-11 21:21 1,878 --a------ C:\Windows\System32\ealregsnapshot1.reg
    2008-09-11 21:02 . 2008-09-11 21:22 <REP> d-------- C:\Program Files\Electronic Arts
    2008-09-09 21:49 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
    2008-09-09 21:49 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
    2008-09-09 21:48 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
    2008-09-09 21:48 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
    2008-09-09 21:48 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
    2008-09-09 21:48 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
    2008-09-09 21:48 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
    2008-09-09 21:48 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
    2008-09-09 21:48 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
    2008-09-04 09:41 . 2008-07-19 07:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
    2008-09-04 09:41 . 2008-07-19 05:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
    2008-09-04 09:41 . 2008-07-19 07:09 563,912 --a------ C:\Windows\System32\wuapi.dll
    2008-09-04 09:41 . 2008-07-19 05:44 83,456 --a------ C:\Windows\System32\wudriver.dll
    2008-09-04 09:41 . 2008-07-19 07:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
    2008-09-04 09:41 . 2008-07-19 07:10 45,768 --a------ C:\Windows\System32\wups2.dll
    2008-09-04 09:41 . 2008-07-19 07:10 36,552 --a------ C:\Windows\System32\wups.dll
    2008-09-04 09:40 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
    2008-09-04 09:40 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
    2008-08-28 18:35 . 2008-08-28 18:35 <REP> d-------- C:\Program Files\GameSpy
    2008-08-28 18:33 . 2008-08-28 18:33 <REP> d-------- C:\Windows\System32\URTTEMP
    2008-08-28 18:31 . 2008-07-11 17:09 107,840 --a------ C:\Windows\System32\GameuxInstallHelper.dll
    2008-08-28 18:31 . 2007-04-04 18:53 44,904 --a------ C:\Windows\System32\FirewallInstallHelper.dll
    2008-08-28 18:18 . 2008-08-28 18:18 <REP> d-------- C:\Program Files\SEGA
    2008-08-28 17:25 . 2008-08-28 17:25 1,830,037 --a------ C:\Windows\screensaver1_1024x768.scr
    2008-08-28 17:25 . 2008-08-28 17:25 11 --a------ C:\Windows\wanpatan.ini
    2008-08-28 17:24 . 2008-08-28 17:24 2,601,011 --a------ C:\Windows\screensaver2_1024x768.scr
    2008-08-22 16:22 . 2008-08-22 16:22 <REP> d-------- C:\Users\hervé\AppData\Roaming\Microsoft Games
    2008-08-22 16:22 . 2008-08-22 16:22 <REP> d-------- C:\Users\All Users\Microsoft Games
    2008-08-22 16:22 . 2008-08-22 16:22 <REP> d-------- C:\ProgramData\Microsoft Games
    2008-08-21 15:44 . 2008-08-21 15:44 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
    2008-08-20 13:32 . 2008-08-20 13:32 <REP> d-------- C:\Users\hervé\AppData\Roaming\Summer Athletics 2008
    2008-08-17 22:51 . 2008-08-17 22:51 <REP> d-------- C:\Program Files\Apple Software Update
    2008-08-17 22:50 . 2008-08-17 22:50 <REP> d-------- C:\Program Files\iTunes
    2008-08-17 22:50 . 2008-08-17 22:50 <REP> d-------- C:\Program Files\iPod
    2008-08-17 22:48 . 2008-08-17 22:48 <REP> d-------- C:\Program Files\Bonjour
    2008-08-17 22:47 . 2008-08-17 22:48 <REP> d-------- C:\Program Files\QuickTime
    2008-08-15 00:34 . 2008-07-16 03:32 2,048 --a------ C:\Windows\System32\tzres.dll

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-15 16:18 2,621,440 --sha-w C:\Users\hervé\NTUSER.DAT
    2008-09-15 16:18 2,621,440 --sha-w C:\Users\hervé\NTUSER.DAT
    2008-09-15 15:43 --------- d-----w C:\Users\hervé\AppData\Roaming\OpenOffice.org2
    2008-09-15 14:58 --------- d-----w C:\Users\hervé\AppData\Roaming\Malwarebytes
    2008-09-15 14:22 --------- d-s---w C:\Users\hervé\AppData\Roaming\Microsoft
    2008-09-14 11:30 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
    2008-09-11 19:26 --------- d-----w C:\Users\hervé\AppData\Roaming\SPORE
    2008-09-11 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-09-11 19:21 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-08-30 10:06 --------- d-----w C:\ProgramData\Soulseek
    2008-08-22 14:22 --------- d-----w C:\Users\hervé\AppData\Roaming\Microsoft Games
    2008-08-20 23:39 --------- d-----w C:\Program Files\Microsoft Silverlight
    2008-08-20 11:32 --------- d-----w C:\Users\hervé\AppData\Roaming\Summer Athletics 2008
    2008-08-17 20:41 --------- d-----w C:\Program Files\Safari
    2008-08-14 22:32 --------- d-----w C:\Program Files\Windows Mail
    2008-08-10 23:10 --------- d-----w C:\Users\hervé\AppData\Roaming\Apple Computer
    2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
    2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
    2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
    2008-07-27 15:12 --------- d-----w C:\Users\hervé\AppData\Roaming\CamfrogWEB
    2008-07-27 15:03 --------- d-----w C:\Program Files\CFWebAdvancedU
    2008-07-23 20:35 --------- d-----w C:\Users\hervé\AppData\Roaming\Sports Interactive
    2008-07-23 20:34 --------- d--h--w C:\Program Files\Zero G Registry
    2008-07-22 18:32 32,000 ----a-w C:\Windows\system32\drivers\usbaapl.sys
    2008-07-21 19:24 --------- d-----w C:\Users\hervé\AppData\Roaming\temp
    2008-07-21 17:30 --------- d-----w C:\ProgramData\NVIDIA
    2008-07-21 17:27 174 --sha-w C:\Program Files\desktop.ini
    2008-07-21 17:20 --------- d-----w C:\Program Files\Windows Sidebar
    2008-07-21 17:20 --------- d-----w C:\Program Files\Windows Photo Gallery
    2008-07-21 17:20 --------- d-----w C:\Program Files\Windows Defender
    2008-07-21 17:20 --------- d-----w C:\Program Files\Windows Collaboration
    2008-07-21 17:20 --------- d-----w C:\Program Files\Windows Calendar
    2008-07-21 17:05 82,432 ----a-w C:\Windows\System32\axaltocm.dll
    2008-07-21 17:05 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
    2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
    2008-06-27 04:15 827,392 ----a-w C:\Windows\System32\wininet.dll
    2008-06-26 03:29 801,280 ----a-w C:\Windows\System32\NaturalLanguage6.dll
    2008-06-26 01:45 2,644,480 ----a-w C:\Windows\System32\NlsLexicons0009.dll
    2008-06-26 01:45 12,240,896 ----a-w C:\Windows\System32\NlsLexicons0007.dll
    2008-06-19 03:31 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
    "TomTomHOME.exe"="D:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
    "EA Core"="C:\Program Files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
    "WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 C:\Windows\System32\oobefldr.dll]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "snpstd"="C:\Windows\vsnpstd.exe" [2003-12-31 40960]
    "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 86016]
    "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 8497696]
    "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 81920]
    "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
    "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-03-23 C:\Windows\RtHDVCpl.exe]

    C:\Users\herv‚\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "cmdcom"= {740DF498-8757-3867-8355-0BCB7D320181} - C:\Program Files\csiuhj\cmdcom.dll [2008-09-13 118784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.VP40"= vp4vfw.dll
    "midi2"= ma_cmidn.dll
    "midi1"= ma_cmidn.dll

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "TCP Query User{21FFDE7E-16A4-4E5F-A112-CB5E6D07F0F5}E:\\soulseek\\slsk.exe"= UDP:E:\soulseek\slsk.exe:SoulSeek
    "UDP Query User{576DADFC-90A3-4476-BEFA-87FDEA93CB94}E:\\soulseek\\slsk.exe"= TCP:E:\soulseek\slsk.exe:SoulSeek
    "{E76191EF-86E8-4C10-8F69-173EA3923342}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "TCP Query User{6BBF690A-C216-46B0-9D02-D3A99A019F4F}X:\\program files\\anno 1701\\anno1701.exe"= UDP:X:\program files\anno 1701\anno1701.exe:anno1701.exe
    "UDP Query User{6DD502B9-B5F4-478B-99A6-403E655B3542}X:\\program files\\anno 1701\\anno1701.exe"= TCP:X:\program files\anno 1701\anno1701.exe:anno1701.exe
    "TCP Query User{08A26F4E-F210-4F86-92C7-4C8E1AF12581}D:\\program files\\wdgold lite\\wdgold lite.exe"= UDP:D:\program files\wdgold lite\wdgold lite.exe:Gestion des contacts
    "UDP Query User{E48810DE-A77E-4FD1-8B53-59A0F1C231CB}D:\\program files\\wdgold lite\\wdgold lite.exe"= TCP:D:\program files\wdgold lite\wdgold lite.exe:Gestion des contacts
    "TCP Query User{AE740CE1-E044-4306-A1B8-3D66BAD99D5D}E:\\soulseek\\soulseekns\\slsk.exe"= UDP:E:\soulseek\soulseekns\slsk.exe:SoulSeek
    "UDP Query User{3D7CA31B-5B0E-4F12-A104-D0F8D4CB3592}E:\\soulseek\\soulseekns\\slsk.exe"= TCP:E:\soulseek\soulseekns\slsk.exe:SoulSeek
    "TCP Query User{0E80828A-0D81-4A74-B08F-0E72CAC9F4C9}C:\\program files\\soulseek\\slsk.exe"= UDP:C:\program files\soulseek\slsk.exe:SoulSeek
    "UDP Query User{1E823DAF-AA7A-4BEF-9E84-A657065C7E90}C:\\program files\\soulseek\\slsk.exe"= TCP:C:\program files\soulseek\slsk.exe:SoulSeek
    "{12A7332C-14D7-4236-8879-3256E1AF1859}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{59813BD3-4887-416B-B793-CD4205C8E1ED}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{04680EB2-7B16-4615-B88A-6A5292BBDDE9}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
    "{80E312ED-AC77-4911-AD27-5E7EDFAC10E2}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{325867DD-0458-42D9-89BA-185F20F2B265}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
    "{728766F0-1689-4F63-B834-57777EA83FC8}"= UDP:C:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008
    "{FFD0FAC4-6934-4D3B-9039-5BA8526BA341}"= TCP:C:\Program Files\SEGA\Beijing 2008\Beijing.exe:Beijing 2008
    "TCP Query User{095BA105-E853-467B-A314-344484B9F502}C:\\program files\\electronic arts\\eadm\\core.exe"= UDP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager
    "UDP Query User{047E0578-4754-4BC3-8719-48DD25F17667}C:\\program files\\electronic arts\\eadm\\core.exe"= TCP:C:\program files\electronic arts\eadm\core.exe:EA Download Manager

    R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
    R2 X4HSX32Ex;X4HSX32Ex;C:\Program Files\Player Metaboli\X4HSX32Ex.Sys [2007-11-14 29856]
    R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-03-15 48128]
    S3 MA_CMIDI;M-Audio USB Driver;C:\Windows\system32\drivers\ma_cmidi.sys [2006-08-16 21888]
    S3 Service CANALPLAY;Service CANALPLAY;C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe [2007-11-29 431776]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f0a066-dbb6-11dc-93b3-806e6f6e6963}]
    \shell\AutoRun\command - D:\.\Bin\Assetup.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c38737ee-dbc9-11dc-adf5-001e8c1c873d}]
    \shell\AutoRun\command - F:\autorun.exe readme.hta

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce41392c-4145-11dd-87ee-001e8c1c873d}]
    \shell\AutoRun\command - F:\InstallTomTomHOME.exe

    *Newly Created Service* - CATCHME
    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Tâches planifiées'
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    HKLM-Run-CanalPlayerHelper - C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe

    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Users\hervé\AppData\Roaming\Mozilla\Firefox\Profiles\hhtk83t9.default\
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-15 18:19:41
    Windows 6.0.6001 Service Pack 1 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    Heure de fin: 2008-09-15 18:20:36
    ComboFix-quarantined-files.txt 2008-09-15 16:20:17

    Avant-CF: 3,601,948,672 octets libres
    AprŠs-CF: 3,532,132,352 octets libres

    208 --- E O F --- 2008-09-15 14:05:19
    0
  10. Utilisateur anonyme
     
    a quoi coresspond ceci : C:\Program Files\csiuhj ??
    0
  11. Utilisateur anonyme
     
    Copie le texte ci-dessous :

    File::
    C:\Windows\wanpatan.ini
    C:\Windows\System32\trzE31F.tmp
    C:\Program Files\csiuhj\cmdcom.dll
    C:\Windows\screensaver1_1024x768.scr
    C:\Windows\screensaver2_1024x768.scr
    C:\Windows\System32\ealregsnapshot1.reg

    Folder::
    C:\Program Files\csiuhj
    C:\Users\All Users\odgvelkf
    C:\ProgramData\odgvelkf

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    "cmdcom"=-

    DirLook::
    C:\Users\hervé\AppData\Roaming\SPORE
    C:\Windows\System32\URTTEMP


    Ouvre le Bloc-Notes puis colle le texte copié.
    (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
    Sauvegarde ce fichier sous le nom de CFScript.txt

    Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

    Cela va relancer Combofix,

    Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

    Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

    Ne touche à rien tant que le scan n'est pas terminé.

    Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

    S'il n'y a pas de rédémarrage, poste quand même les rapports.
    0
  12. nul en pc
     
    Faut il que je coupe mon anti virus comme plus haut en utilisant combofix ?
    0
  13. nul en pc
     
    scan hijack :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:50:19, on 15/09/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\System32\lphcnaoj0eec0.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Windows\System32\rundll32.exe
    D:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Electronic Arts\EADM\Core.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\ieuser.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
    C:\Program Files\Alwil Software\Avast4\ashChest.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [lphcnaoj0eec0] C:\Windows\system32\lphcnaoj0eec0.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [TomTomHOME.exe] "D:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
    O4 - HKCU\..\Run: [lphcnaoj0eec0] C:\Windows\system32\lphcnaoj0eec0.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O13 - Gopher Prefix:
    O15 - Trusted Zone: *.canalplay.com
    O15 - Trusted Zone: *.canalplusactive.com
    O15 - Trusted Zone: *.canalplay.com (HKLM)
    O15 - Trusted Zone: *.canalplusactive.com (HKLM)
    O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} (Module de délivrance de certificat MINEFI) - https://static.impots.gouv.fr/abos/static/securite/certdgi1.cab
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O21 - SSODL: cmdcom - {740DF498-8757-3867-8355-0BCB7D320181} - C:\Program Files\csiuhj\cmdcom.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
    0
  14. nul en pc
     
    Y'a t il un bug sur le forum ??
    parce que j'ai du mal a visualiser les messages ?
    0
  15. Utilisateur anonyme
     
    oui y a eu un bug

    t as le rapport combofix ??
    0
  16. nul en pc
     
    j'essaie de post le scan combofix mais il n'apparait pas sur le forum
    0
  17. nul en pc
     
    http://www.cijoint.fr/cjlink.php?file=cj200809/cijUYwzwR1.txt

    voici le lien
    0
  • 1
  • 2
  • 3