Antivirus XP 2008

Résolu
Pimz08 Messages postés 157 Statut Membre -  
gil le fantom Messages postés 2809 Statut Membre -
Bonjour,
Je dois nettoyer le PC d'un ami (et oui, encore ^^) infecté par Antivirus XP 2008
Je ne peux installer certains log comme AD-Aware car il me dit que l'admin à supprimer ce droit ou un truc du genre...
J'ai fais un petit Hijackthis dont voici le rapport :

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:40, on 19/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.brightfort.com/sb-link/autoupdate.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8FB408DD-9543-7353-B227-E593ADDB652E} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Multi Media Toolbar - {b5146c40-189a-4311-bda9-fbae3e023187} - C:\Program Files\Multi_Media\tbMul1.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [ADSL_A2] A2Installed
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lsass driver] C:\WINDOWS\msauc.exe
O4 - HKLM\..\Run: [lphcelvj0evbp] C:\WINDOWS\system32\lphcelvj0evbp.exe
O4 - HKLM\..\Run: [jjaczacz] %systemroot%\jjaczacz.exe
O4 - HKLM\..\Run: [SMrhcalvj0evbp] C:\Program Files\rhcalvj0evbp\rhcalvj0evbp.exe
O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
O4 - HKLM\..\Policies\Explorer\Run: [bTfoyZeMTC] C:\Documents and Settings\All Users\Application Data\qhcnunuj\mnorslwj.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\euro-kazemule-00\index.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: TruePass LocalEPF 6,0,0,499 - https://ssl.nbb.be/nbblogin/applets/entrusttruepassapplet-localepf.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - https://www.afternic.com/domains/drivecleaner.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
O16 - DPF: {7D5DD829-6C90-42C5-B54C-2AFA82F988BA} (CLoader Object) - http://antivirusxp08.net/tools/virusremover.dll
O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {99F9EF50-DEA2-4042-AF00-B1750610EA0F} (NetManage IE Frame) - https://www.ecom.honda-eu.com/w2hlegacy/express/hostexpress.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4BC6741-A15C-4E0E-A69E-701A3140C9CA}: NameServer = 85.255.114.100,85.255.112.99
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.100 85.255.112.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.100 85.255.112.99
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\prn.wul
O21 - SSODL: actappset - {6C032D35-282B-CD35-91F5-0B2019E4494C} - C:\Program Files\ahcnkid\actappset.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DKService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\vhosts.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9263 bytes
J'ai déjà en ma possession Navilog1 et MalwareBytes mais non installé encore

Scan avec une ancienne version de Spybot (1.4) en cour ca rje ne sais pas connecter le PC au net

Merci de votre aide
Configuration: Windows XP
Internet Explorer 7.0

15 réponses

  1. gil le fantom Messages postés 2809 Statut Membre 25
     
    Bonsoir,
    tu fais malwarebytes ,tu suis les indications et tu n'apporte aucune modication aux réglages par défaut et en fin d'installation,vérifie que les options Update Malwarebytes' Anti-Malware et Launch Malwarebytes' Anti-Malware sont cochées.

    tu fais "Exécuter un examen complet"

    Si des malwares ont été détectés, leur liste s'affiche.
    tu clique sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

    MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

    tu me poste le rapport
    -1
  2. Pimz08 Messages postés 157 Statut Membre
     
    Voila, analyse effectuée, en une minute, 17 infections trouvées xD

    Rapport de malwarebytes :

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1134
    Windows 5.1.2600 Service Pack 2

    19/09/2008 20:39:41
    mbam-log-2008-09-19 (20-39-41).txt

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 124357
    Temps écoulé: 1 hour(s), 4 minute(s), 35 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 21
    Valeur(s) du Registre infectée(s): 6
    Elément(s) de données du Registre infecté(s): 10
    Dossier(s) infecté(s): 13
    Fichier(s) infecté(s): 89

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_CLASSES_ROOT\CLSID\{6C032D35-282B-CD35-91F5-0B2019E4494C} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\axloader.loader (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/virusremover.dll (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\TypeLib\{c9357b1e-b28b-4f7e-8505-8c83672fd6d8} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{326cfa75-1073-48e3-a411-221f72e8d76e} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\axloader.loader.1 (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{09f1adac-76d8-4d0f-99a5-5c907dadb988} (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\25d4dbcf (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\25d4dbcf (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\25d4dbcf (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nscyvsvt (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nscyvsvt (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nscyvsvt (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhcalvj0evbp (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\actappset (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\btfoyzemtc (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\virusremover.dll (Rogue.Installer) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcalvj0evbp (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lsass driver (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcelvj0evbp (Trojan.FakeAlert) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\System (Rootkit.DNSChanger.H) -> Data: kdxbu.exe -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.100 85.255.112.99 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3a545cfe-ba0a-495a-8920-4fc0b0e9e3b7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.99 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f4bc6741-a15c-4e0e-a69e-701a3140c9ca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.99 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.100 85.255.112.99 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3a545cfe-ba0a-495a-8920-4fc0b0e9e3b7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.99 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f4bc6741-a15c-4e0e-a69e-701a3140c9ca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.99 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.100 85.255.112.99 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{3a545cfe-ba0a-495a-8920-4fc0b0e9e3b7}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.99 -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{f4bc6741-a15c-4e0e-a69e-701a3140c9ca}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.100,85.255.112.99 -> Quarantined and deleted successfully.

    Dossier(s) infecté(s):
    C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\rhcalvj0evbp\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\ahcnkid\actappset.dll (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Application Data\qhcnunuj\mnorslwj.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
    C:\WINDOWS\Downloaded Program Files\virusremover.dll (Rogue.Installer) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\25d4dbcf.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\nscyvsvt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp\rhcalvj0evbp.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp\rhcalvj0evbp.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Program Files\rhcalvj0evbp\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
    C:\WINDOWS\msauc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\shell31.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wpx44.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wpx105.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\wpx115.cpx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msliksurdns.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vhosts.exe (Rootkit.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\blphcelvj0evbp.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\lphcelvj0evbp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\phcelvj0evbp.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\pphcelvj0evbp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\Documents and Settings\All Users\Bureau\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\Documents and Settings\Stouvenakers\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\drivers\msliksurserv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.

    Rapport Hijackthis dans un prochain post afin de voir ce qu'il dit
    -1
  3. gil le fantom Messages postés 2809 Statut Membre 25
     
    tu télécharge FixWareout d'un de ces deux sites sur le bureau:
    http://downloads.subratam.org/Fixwareout.exe
    http://swandog46.geekstogo.com/Fixwareout.exe

    tu lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
    Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

    tu poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)
    -1
  4. Pimz08 Messages postés 157 Statut Membre
     
    voila le rapport de FixWareout :

    Username "Stouvenakers" - 19/09/2008 23:02:42 [Fixwareout edited 9/01/2007]

    ~~~~~ Prerun check

    Cache de résolution DNS vidé.
    System was rebooted successfully.

    ~~~~~ Postrun check
    HKLM\SOFTWARE\~\Winlogon\ "System"=""
    ....
    ....
    ~~~~~ Misc files.
    ....
    ~~~~~ Checking for older varients.
    ....

    C:\Program Files\VideoPlugin < Found
    Additional tools are recommended.

    ~~~~~ Current runs (hklm hkcu "run" Keys Only)
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe"
    "SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
    "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
    "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
    "IMONTRAY"="C:\\Program Files\\Intel\\Intel(R) Active Monitor\\imontray.exe"
    "ADSL_A2"="A2Installed"
    "zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
    "Logitech Utility"="Logi_MwX.Exe"
    "SpeedTouch USB Diagnostics"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\""
    "MemoryCardManager"="C:\\Program Files\\Lexmark\\Lexmark Precision Photo\\MemCard.exe -startup"
    "UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
    6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
    "MsgCenterExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
    "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
    "jjaczacz"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,6a,6a,61,63,7a,61,63,\
    7a,2e,65,78,65,00
    "LXBSCATS"="rundll32 C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LXBStime.dll,_RunDLLEntry@16"
    "NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe"
    "NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE\""
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe"
    "iexplorer"="C:\\WINDOWS\\iexplorer.exe --system"
    "DbApiChk"="C:\\WINDOWS\\system32\\ijkhubkp.exe"
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMIndexStoreSvr.exe\" ASO-616B5711-6DAE-4795-A05F-39A1E5104020"
    ....
    Hosts file was reset, If you use a custom hosts file please replace it...
    ~~~~~ End report ~~~~~

    On en est où maintenant ? Il reste beaucoup de crasses ?
    -1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gil le fantom Messages postés 2809 Statut Membre 25
     
    Bonjour,
    tu poste un nouveau rpport hijackthis stp
    -1
  7. Pimz08 Messages postés 157 Statut Membre
     
    Voici le rapport ... et merci pour votre aide !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:21:03, on 20/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ijkhubkp.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\oodtray.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - Default URLSearchHook is missing
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {8FB408DD-9543-7353-B227-E593ADDB652E} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [ADSL_A2] A2Installed
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Lexmark\Lexmark Precision Photo\MemCard.exe -startup
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DbApiChk] C:\WINDOWS\system32\ijkhubkp.exe
    O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\euro-kazemule-00\index.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: TruePass LocalEPF 6,0,0,499 - https://ssl.nbb.be/nbblogin/applets/entrusttruepassapplet-localepf.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {5F426A93-0821-47D2-A126-5A48A874B289} - http://212.145.159.194/251065/dialercab/WebRecomendada.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
    O16 - DPF: {99F9EF50-DEA2-4042-AF00-B1750610EA0F} (NetManage IE Frame) - https://www.ecom.honda-eu.com/w2hlegacy/express/hostexpress.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\prn.wul
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    -1
  8. gil le fantom Messages postés 2809 Statut Membre 25
     
    tu télécharge navilog1
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Laisse-toi guider. Au menu principal, choisis 1 et valides.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le blocnote.
    Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
    -1
  9. Pimz08 Messages postés 157 Statut Membre
     
    Search Navipromo version 3.6.5 commencé le sam. 20/09/2008 à 12:59:29,57

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Session actuelle : "Stouvenakers"

    Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180
    Système de fichiers : NTFS

    Recherche executé en mode normal

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans "C:\WINDOWS" ***

    *** Recherche dossiers dans "C:\Program Files" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\All Users\menudm~1" ***

    *** Recherche dossiers dans "c:\docume~1\alluse~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Stouvenakers\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\TBC\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Stouvenakers\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\TBC\locals~1\applic~1" ***

    *** Recherche dossiers dans "C:\Documents and Settings\Stouvenakers\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\menudm~1\progra~1" ***

    *** Recherche dossiers dans "C:\DOCUME~1\TBC\menudm~1\progra~1" ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans "C:\WINDOWS\system32" *

    * Recherche dans "C:\Documents and Settings\Stouvenakers\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *

    * Recherche dans "C:\DOCUME~1\TBC\locals~1\applic~1" *

    *** Recherche fichiers ***

    *** Recherche clés spécifiques dans le Registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche nouveaux fichiers Instant Access :

    2)Recherche Heuristique :

    * Dans "C:\WINDOWS\system32" :

    * Dans "C:\Documents and Settings\Stouvenakers\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" :

    * Dans "C:\DOCUME~1\TBC\locals~1\applic~1" :

    3)Recherche Certificats :

    Certificat Egroup absent !
    Certificat Electronic-Group absent !
    Certificat Montorgueil absent !
    Certificat OOO-Favorit absent !
    Certificat Sunny-Day-Design-Ltd absent !

    4)Recherche fichiers connus :

    *** Analyse terminée le sam. 20/09/2008 à 13:06:00,70 ***
    -1
  10. gil le fantom Messages postés 2809 Statut Membre 25
     
    rien sur navilog
    sur ton rapport hijackthis il y a cette ligne:
    C:\WINDOWS\system32\ijkhubkp.exe
    je ne sais pas c'est quoi?

    tu télécharge ComboFix :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    tuto https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    tu l'enregistre sur le bureau.

    Avant d'utiliser ComboFix :

    tu déconnecte internet et referme les fenêtres de tous les programmes en cours.
    tu désactive provisoirement la protection en temps réel de ton Antivirus et de tes Antispywares.



    sur ton bureau tu double-clic sur Combofix.exe.

    tu répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    Pendant la durée de cette étape,tu ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    tu réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    tu reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt .
    -1
  11. Pimz08 Messages postés 157 Statut Membre
     
    ComboFix 08-09-19.09 - Stouvenakers 2008-09-20 15:07:20.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.714 [GMT 2:00]
    Lancé depuis: C:\Documents and Settings\Stouvenakers\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    C:\Program Files\videoplugin
    C:\Program Files\videoplugin\uninstall.exe
    C:\WINDOWS\system32\_000026_.tmp.dll
    C:\WINDOWS\system32\mdm.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_MSUPDATE

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-08-20 au 2008-09-20 ))))))))))))))))))))))))))))))))))))
    .

    2008-09-20 14:55 . 2008-09-20 15:02 2,540 --a------ C:\WINDOWS\system32\oodbs.lor
    2008-09-20 12:58 . 2008-09-20 13:07 <REP> d-------- C:\Program Files\Navilog1
    2008-09-20 09:27 . 2008-09-20 09:27 <REP> d-------- C:\Documents and Settings\Stouvenakers\Application Data\TuneUp Software
    2008-09-20 09:27 . 2008-09-20 09:27 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
    2008-09-20 09:27 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
    2008-09-20 09:26 . 2008-09-20 09:27 <REP> d-------- C:\Program Files\TuneUp Utilities 2008
    2008-09-20 09:26 . 2008-09-20 09:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
    2008-09-20 09:18 . 2008-09-20 09:18 0 --a------ C:\WINDOWS\oodcnt.INI
    2008-09-20 01:06 . 2008-09-20 09:24 <REP> d-------- C:\WINDOWS\system32\oodag
    2008-09-19 23:54 . 2008-09-19 23:54 <REP> d-------- C:\Program Files\OO Software
    2008-09-19 23:02 . 2008-09-19 23:09 <REP> d-------- C:\fixwareout
    2008-09-19 21:53 . 2008-09-19 21:53 <REP> d-------- C:\Program Files\CCleaner
    2008-09-19 21:49 . 2008-09-19 21:49 <REP> d-------- C:\Program Files\NeroInstall.bak
    2008-09-19 21:48 . 2008-09-19 21:48 <REP> d-------- C:\Documents and Settings\Stouvenakers\Application Data\Nero
    2008-09-19 21:43 . 2008-09-19 21:43 <REP> d-------- C:\Program Files\Nero
    2008-09-19 21:43 . 2008-09-19 21:46 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-09-19 21:43 . 2008-09-19 21:43 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-09-19 20:51 . 2008-09-19 20:51 <REP> d-------- C:\c534b4fa61ebf5aa92127854f9d5
    2008-09-19 20:51 . 2008-09-19 20:51 <REP> d-------- C:\8dea0f00b5056fdf0eeb7557925f
    2008-09-19 20:51 . 2008-09-19 20:51 <REP> d-------- C:\7f4d57b0b9f7e03aa42
    2008-09-19 20:51 . 2008-09-19 20:51 <REP> d-------- C:\68c061be394e818fa3e33347885
    2008-09-19 20:46 . 2008-09-19 20:46 <REP> d-------- C:\Documents and Settings\Stouvenakers\Application Data\Malwarebytes
    2008-09-19 19:12 . 2008-09-19 19:12 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-09-19 19:12 . 2008-09-19 19:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-09-19 19:12 . 2008-09-19 19:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
    2008-09-19 19:12 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2008-09-19 19:12 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-09-19 18:24 . 2008-09-19 18:24 <REP> d-------- C:\Program Files\Trend Micro
    2008-09-19 18:20 . 2008-09-19 18:20 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TEMP
    2008-09-19 18:18 . 2003-11-04 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
    2008-09-19 18:18 . 2003-11-04 23:39 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
    2008-09-19 18:18 . 2003-11-05 00:08 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
    2008-09-19 18:18 . 2003-11-04 23:39 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
    2008-09-19 18:18 . 2003-11-04 23:39 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
    2008-09-19 18:18 . 2008-09-19 18:20 <REP> d-------- C:\Documents and Settings\Administrateur\Favoris
    2008-09-19 18:18 . 2008-09-19 20:39 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
    2008-09-19 18:18 . 2008-09-19 18:18 <REP> d-------- C:\Documents and Settings\Administrateur
    2008-09-19 18:13 . 2008-09-19 18:22 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-09-19 09:14 . 2008-09-19 20:39 <REP> d-------- C:\Program Files\ahcnkid
    2008-09-19 09:14 . 2008-09-19 20:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\qhcnunuj
    2008-09-19 09:14 . 2008-09-19 09:14 90,112 --a------ C:\WINDOWS\system32\ijkhubkp.exe
    2008-09-15 17:31 . 2008-09-15 17:31 29 --a------ C:\WINDOWS\system32\yotahegq.tmp

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-09-19 19:07 --------- d-----w C:\Program Files\Fichiers communs\NetManage
    2008-09-19 19:06 --------- d-----w C:\Program Files\Ping
    2008-09-19 19:06 --------- d-----w C:\Program Files\GOTO.games
    2008-09-19 19:05 --------- d-----w C:\Program Files\Zylom Games
    2008-09-19 19:03 --------- d-----w C:\Program Files\MOX PC
    2008-09-19 18:59 --------- d-----w C:\Program Files\Kikoo
    2008-09-19 18:53 --------- d-----w C:\Program Files\Ahead
    2008-09-19 16:20 --------- d-----w C:\Program Files\SpywareBlaster
    2008-09-15 11:32 --------- d-----w C:\Program Files\Lx_cats
    2008-09-10 15:40 --------- d-----w C:\Program Files\eMule
    2008-09-08 13:03 --------- d-----w C:\Documents and Settings\Stouvenakers\Application Data\LimeWire
    2008-08-04 11:13 --------- d-----w C:\Program Files\LimeWire
    2003-05-19 20:00 40,448 ----a-w C:\Documents and Settings\Stouvenakers\trial_setup.exe
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-24 401491]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]
    "DbApiChk"="C:\WINDOWS\system32\ijkhubkp.exe" [2008-09-19 90112]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
    "IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 155648]
    "HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 114688]
    "IMONTRAY"="C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe" [2003-01-10 32768]
    "zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 631362]
    "SpeedTouch USB Diagnostics"="C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 79224]
    "LXBSCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-08 61440]
    "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 C:\WINDOWS\LOGI_MWX.EXE]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-16 68856]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "MSACM.CEGSM"= mobilev.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\totalcmder\\TOTALCMD.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "6346:TCP"= 6346:TCP:shareaza
    "6346:UDP"= 6346:UDP:shareaza

    R2 AMGM;ADSL Management and Monitor Interface;C:\WINDOWS\system32\DRIVERS\amgmwan.sys [2001-03-23 6272]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-20 14336]
    S2 SysKor;SysKor;C:\Program Files\Fichiers communs\System\dfP.exe [2007-04-16 187904]
    S3 Boonty Games;Boonty Games;C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe [2006-01-14 69120]
    S3 itexadsla2;ITeX ADSL PCI NIC Service;C:\WINDOWS\system32\DRIVERS\ITeXwana.sys [2001-03-23 466160]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-09-20 355584]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contenu du dossier 'Tâches planifiées'
    .
    .
    ------- Examen supplémentaire -------
    .
    FireFox -: Profile - C:\Documents and Settings\Stouvenakers\Application Data\Mozilla\Firefox\Profiles\au9abknp.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.be/webhp?hl=fr
    .

    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-09-20 15:09:17
    Windows 5.1.2600 Service Pack 2 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    LXBSCATS = rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysKor]
    "ImagePath"="\"C:\Program Files\Fichiers communs\System\dfP.exe\""
    .
    Heure de fin: 2008-09-20 15:11:54
    ComboFix-quarantined-files.txt 2008-09-20 13:11:27

    Avant-CF: 14,799,552,512 octets libres
    Après-CF: 14,789,373,952 octets libres

    161 --- E O F --- 2007-12-12 17:17:43
    -1
  12. gil le fantom Messages postés 2809 Statut Membre 25
     
    poste un nouveau rapport hijackthis stp
    -1
  13. Pimz08 Messages postés 157 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:33:37, on 20/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    C:\Program Files\Logitech\iTouch\iTouch.exe
    C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ijkhubkp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\oodag.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\ijkhubkp.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
    O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [LXBSCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [DbApiChk] C:\WINDOWS\system32\ijkhubkp.exe
    O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Descargas - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\euro-kazemule-00\index.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
    O16 - DPF: TruePass LocalEPF 6,0,0,499 - https://ssl.nbb.be/nbblogin/applets/entrusttruepassapplet-localepf.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.new2.foto.com/ImageUploader4.cab
    O16 - DPF: {826287F8-454E-11D9-ADFE-00062919A34C} (ActiveXUploadFotoCom.UserCtrlFotoCom) - http://express.foto.com/activeX/newUploadFotoCom.CAB
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
    O16 - DPF: {99F9EF50-DEA2-4042-AF00-B1750610EA0F} (NetManage IE Frame) - https://www.ecom.honda-eu.com/w2hlegacy/express/hostexpress.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
    O23 - Service: lxbs_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbscoms.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    -1
  14. gil le fantom Messages postés 2809 Statut Membre 25
     
    Utilises tu des jeux de boonty games depuis longtemps ?
    Voici une petite information sur Boonty games

    Leur politique :
    "Il se peut que nous partageons aussi des informations payantes avec des tiers
    qui fournissent ds services payants et partage des données regroupées montrant le type
    et le nombre de jeux videos que vous téléchargez, votre age, votre sexe, vos occupations,
    niveau d'éducation, localité géographique, données sur l'équipement de votre ordinateur,
    internet et intérêts pour les jeux videos, activités et entrainement des jeux édités.
    De plus, nous partageons les adresses email avec des tiers fournisseurs de compte mails
    qui nous assistent en envoyant nos mails a de nombreux clients en même temps..."

    sur hijackthis cette ligne:
    O4 - HKCU\..\Run: [DbApiChk] C:\WINDOWS\system32\ijkhubkp.exe
    je sais pas ,j'ai aucune info.
    -1
  15. Pimz08 Messages postés 157 Statut Membre
     
    Pour les jeux Boonty, je sais pas comme ç'est le PC d'un ami

    Pour la ligne, moi non plus ^^

    sinon, y a encore des crasses qui persistent ?

    merci !

    PS : Chiquitine29, si tu passes par ici, tu sais pas nous aider ?
    -1
  16. gil le fantom Messages postés 2809 Statut Membre 25
     
    Ton ami était très infecté,il y a eu un grand ménage.

    pour supprimer boonty games
    tu fais
    -> Démarrer
    -> Exécuter...
    Tape Services.msc puis valide
    Double clique sur " Boonty Games "
    Clique en bas sur " Arrêter "
    Valide les changements.
    -----
    Ouvre Hijackthis puis:
    -> Open the Misc Tools Section
    -> Delete a NT Service
    Tape " BOONTY " puis valide.
    -1