Sujet Précédent Sujet Suivant

Trojan fkFXvsu4.exe

Résolu
dime666 Messages postés 1 Statut Membre -  
 Utilisateur anonyme -
Bonjour,

j 'ai un virus fkFXvsu4.exe qui se place dans C:\windows\temp\fkFXvsu4.exe
Avast le détecte et me demande ce que je veux faire. je le supprime et il se supprime bien dans C:\windows\temp\.
Seulement il revient quelques minutes plus tard sous un autre nom et se place au meme endroit.
j'ai installer ccleaner pour nettoyer mon pc et fais un scan avec avast mais rien n'y fait.

Votre aide me serait précieuse. Merci d'avance

dime666
A voir également:
  • Trojan fkFXvsu4.exe
  • .Exe - Télécharger - Divers Utilitaires
  • Winrar exe - Télécharger - Compression & Décompression
  • Svchost exe - Guide
  • Bat to exe - Télécharger - Édition & Programmation
  • Picture to exe - Télécharger - Visionnage & Diaporama

32 réponses

  • 1
  • 2
Réponse 1 / 32
Utilisateur anonyme
 
Salut,

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
http://images.malwareremoval.com/random/RSIT.exe
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
0
Réponse 2 / 32
dime666
 
merci de ta réponse

Voici le rapport

Logfile of random's system information tool 1.04 (written by random/random)
Run by elisabeth at 2008-10-03 14:43:20
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 1 GB (2%) free of 75 GB
Total RAM: 894 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:32, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\elisabeth\Bureau\ewido_micro.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\elisabeth\Bureau\RSIT.exe
C:\Program Files\trend micro\elisabeth.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: TrayMin700.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{439CD05C-A9B5-4046-BCF7-D70EA6D60F86}: NameServer = 213.36.80.1,192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 3 / 32
dime666
 
merci de ta réponse et voici le rapport.

Logfile of random's system information tool 1.04 (written by random/random)
Run by elisabeth at 2008-10-03 14:43:20
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 1 GB (2%) free of 75 GB
Total RAM: 894 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:43:32, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\elisabeth\Bureau\ewido_micro.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\elisabeth\Bureau\RSIT.exe
C:\Program Files\trend micro\elisabeth.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: TrayMin700.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{439CD05C-A9B5-4046-BCF7-D70EA6D60F86}: NameServer = 213.36.80.1,192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 4 / 32
Utilisateur anonyme
 
Telecharge UsbFix sur ton bureau

--> Lance l installation avec les parametres par default

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Le pc va redémarer

-->Apres redémarrage post le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 32
dime666
 
merci pou ta réactivité

Voici le rapport

-------------- UsbFix V1.001 ---------------

* User : elisabeth - MAISON-3F4A349C
* Outils mis a jours le 02/10/2008
* Recherche effectuée à 15:13:19 le 03/10/2008
* Windows Xp - Internet Explorer 7.0.5730.11

----------------------------------------------

+- Suppression des cles de registre...

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbb3f692-7bce-11dd-8e68-0019db289168}
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbb3f692-7bce-11dd-8e68-0019db289168}
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cbb3f692-7bce-11dd-8e68-0019db289168}
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d87a9ae8-e862-11dc-8c9a-0019db289168}
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d87a9ae8-e862-11dc-8c9a-0019db289168}
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d87a9ae8-e862-11dc-8c9a-0019db289168}

+- Suppression des cles de effectuee !

+- Suppression des fichiers :

Echec de la supression !! - I:\autorun.inf

----------! Fin du rapport !----------
0
Réponse 6 / 32
Utilisateur anonyme
 
refais un scan RSIT et post le rapport log.txt stp
0
Réponse 7 / 32
dime666
 
voici le rapport, thanx

Logfile of random's system information tool 1.04 (written by random/random)
Run by elisabeth at 2008-10-03 15:24:47
Microsoft Windows XP Professionnel Service Pack 3
System drive C: has 1 GB (2%) free of 75 GB
Total RAM: 894 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:51, on 03/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\vphc700.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\program files\steam\steam.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Documents and Settings\elisabeth\Bureau\RSIT.exe
C:\Program Files\trend micro\elisabeth.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [phc700] C:\WINDOWS\vphc700.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: TrayMin700.exe.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{439CD05C-A9B5-4046-BCF7-D70EA6D60F86}: NameServer = 213.36.80.1,192.168.1.1
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 8 / 32
Utilisateur anonyme
 
Telecharge malwarebytes

Tu l´instale; le programme va se mettre automatiquement a jour.

Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

Puis click sur "rechercher".

Laisse le scanner le pc...

Si des elements on ete trouvés > click sur supprimer la selection.

si il t´es demandé de redemarrer > click sur "yes".

A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

Copie et colle le rapport stp.

PS : les rapport sont aussi rangé dans l onglet rapport/log
0
Réponse 9 / 32
dime666
 
encore thanks voici le rapport

Malwarebytes' Anti-Malware 1.28
Version de la base de données: 1225
Windows 5.1.2600 Service Pack 3

03/10/2008 18:17:51
mbam-log-2008-10-03 (18-17-51).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 211778
Temps écoulé: 1 hour(s), 18 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 7

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\solution.solution (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\solution.solution.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{892b2785-b0d0-4aa2-ae6a-0ed60b00a979} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{c89435b0-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{00476c87-a276-49bf-86bc-ff005732430b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cb3870-cdfe-11d3-976a-00e02913a9e0} (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\elisabeth\Local Settings\Temp\B24imDP7.exe (Trojan.AdClicker) -> Quarantined and deleted successfully.
C:\Program Files\WinRAR\Default.SFX (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bpTAV4Cc.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FF8lD3rS.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
0
Réponse 10 / 32
Utilisateur anonyme
 
Réouvre malewarebyte
va sur quarantaine
supprime tout

Télécharge combofix : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
Réponse 11 / 32
dime666
 
voici le rapport, est ce que tu sais comment relancer avast apres l'avoir arrete

ComboFix 08-10-02.04 - elisabeth 2008-10-03 19:04:23.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.477 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\elisabeth\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\elisabeth\Cookies\elisabeth@date.ventivmedia[1].txt
C:\Documents and Settings\elisabeth\Cookies\elisabeth@spamblockerutility[2].txt
C:\Documents and Settings\NetworkService\Cookies\system@date.ventivmedia[1].txt
C:\Documents and Settings\NetworkService\Cookies\system@spamblockerutility[2].txt
C:\Program Files\GamesBar\oberontb.dll
C:\Program Files\uusee
C:\Program Files\uusee\AD\1\100\ad.swf
C:\Program Files\uusee\AD\1\cy\cy.html
C:\Program Files\uusee\AD\1\dsj\dsj.html
C:\Program Files\uusee\AD\1\dy\dy.html
C:\Program Files\uusee\AD\1\ty\ty.html
C:\Program Files\uusee\AD\1\yl\yl.html
C:\Program Files\uusee\AD\2\[u]0[/u]01\index.html
C:\Program Files\uusee\AD\2\pos1\pos1.html
C:\Program Files\uusee\AD\2\pos3\pos3.html
C:\Program Files\uusee\updateLOG.log
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Legacy_TDSSSERV
-------\Service_Boonty Games
-------\Service_TDSSserv

((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-10-03 16:13 . 2008-10-03 18:14 81,922 --a------ C:\WINDOWS\system32\FF8lD3rS.exe
2008-10-03 15:46 . 2008-10-03 15:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-03 15:46 . 2008-10-03 15:46 <REP> d-------- C:\Documents and Settings\elisabeth\Application Data\Malwarebytes
2008-10-03 15:46 . 2008-10-03 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-03 15:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-03 15:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-03 15:11 . 2008-10-03 15:11 <REP> d-------- C:\Program Files\UsbFix
2008-10-03 14:43 . 2008-10-03 14:43 <REP> d-------- C:\rsit
2008-10-03 14:43 . 2008-10-03 15:24 <REP> d-------- C:\Program Files\trend micro
2008-10-03 11:43 . 2008-10-03 11:43 244 --ah----- C:\sqmnoopt14.sqm
2008-10-03 11:43 . 2008-10-03 11:43 232 --ah----- C:\sqmdata14.sqm
2008-10-03 11:41 . 2008-10-03 11:41 244 --ah----- C:\sqmnoopt13.sqm
2008-10-03 11:41 . 2008-10-03 11:41 232 --ah----- C:\sqmdata13.sqm
2008-10-03 10:21 . 2008-10-03 10:21 244 --ah----- C:\sqmnoopt12.sqm
2008-10-03 10:21 . 2008-10-03 10:21 232 --ah----- C:\sqmdata12.sqm
2008-10-03 10:18 . 2008-10-03 10:18 244 --ah----- C:\sqmnoopt11.sqm
2008-10-03 10:18 . 2008-10-03 10:18 232 --ah----- C:\sqmdata11.sqm
2008-09-27 19:51 . 2008-09-27 19:51 244 --ah----- C:\sqmnoopt10.sqm
2008-09-27 19:51 . 2008-09-27 19:51 232 --ah----- C:\sqmdata10.sqm
2008-09-27 19:14 . 2008-09-27 19:14 244 --ah----- C:\sqmnoopt09.sqm
2008-09-27 19:14 . 2008-09-27 19:14 232 --ah----- C:\sqmdata09.sqm
2008-09-27 10:05 . 2008-09-27 10:05 244 --ah----- C:\sqmnoopt08.sqm
2008-09-27 10:05 . 2008-09-27 10:05 232 --ah----- C:\sqmdata08.sqm
2008-09-27 10:03 . 2008-09-27 10:03 244 --ah----- C:\sqmnoopt07.sqm
2008-09-27 10:03 . 2008-09-27 10:03 232 --ah----- C:\sqmdata07.sqm
2008-09-27 08:00 . 2008-09-27 08:00 244 --ah----- C:\sqmnoopt06.sqm
2008-09-27 08:00 . 2008-09-27 08:00 232 --ah----- C:\sqmdata06.sqm
2008-09-27 07:49 . 2008-09-27 07:49 244 --ah----- C:\sqmnoopt05.sqm
2008-09-27 07:49 . 2008-09-27 07:49 232 --ah----- C:\sqmdata05.sqm
2008-09-27 06:43 . 2008-09-27 06:43 244 --ah----- C:\sqmnoopt04.sqm
2008-09-27 06:43 . 2008-09-27 06:43 232 --ah----- C:\sqmdata04.sqm
2008-09-26 19:11 . 2008-09-26 19:11 244 --ah----- C:\sqmnoopt03.sqm
2008-09-26 19:11 . 2008-09-26 19:11 232 --ah----- C:\sqmdata03.sqm
2008-09-26 19:09 . 2008-09-26 19:09 244 --ah----- C:\sqmnoopt02.sqm
2008-09-26 19:09 . 2008-09-26 19:09 232 --ah----- C:\sqmdata02.sqm
2008-09-25 19:47 . 2008-09-25 19:47 244 --ah----- C:\sqmnoopt01.sqm
2008-09-25 19:47 . 2008-09-25 19:47 232 --ah----- C:\sqmdata01.sqm
2008-09-25 18:13 . 2008-09-25 18:13 244 --ah----- C:\sqmnoopt00.sqm
2008-09-25 18:13 . 2008-09-25 18:13 232 --ah----- C:\sqmdata00.sqm
2008-09-24 17:21 . 2008-09-25 08:04 <REP> d-------- C:\Program Files\Avast4
2008-09-23 20:46 . 2008-09-23 20:46 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-09-23 20:46 . 2008-09-23 20:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-22 15:50 . 2008-09-22 15:50 <REP> d-------- C:\Documents and Settings\elisabeth\Application Data\SpinTop Games
2008-09-22 11:37 . 2008-09-23 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-09-21 20:00 . 2008-09-21 20:00 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-09-21 12:17 . 2008-09-21 12:17 30,272 --a------ C:\WINDOWS\system32\bpTAV4Cc.exe
2008-09-18 14:53 . 2007-09-21 18:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-18 14:53 . 2007-09-21 18:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-18 14:53 . 2007-09-21 16:35 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-18 14:53 . 2008-09-18 14:54 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-18 14:53 . 2007-09-21 18:28 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-18 14:53 . 2008-09-18 14:54 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-18 14:53 . 2008-09-18 15:17 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-18 14:53 . 2008-09-18 14:53 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-17 12:45 . 2008-09-17 12:45 <REP> d-------- C:\Program Files\iTunes
2008-09-17 12:45 . 2008-09-17 12:45 <REP> d-------- C:\Program Files\iPod
2008-09-17 12:45 . 2008-09-17 12:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 12:43 . 2008-09-17 12:43 <REP> d-------- C:\Program Files\QuickTime
2008-09-17 12:43 . 2008-09-17 12:43 <REP> d-------- C:\Program Files\Bonjour
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-06 02:00 . 2008-09-06 02:00 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-06 02:00 . 2008-09-06 02:00 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-06 02:00 . 2008-09-06 02:00 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-06 01:57 . 2008-09-06 02:00 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-05 12:34 . 2008-09-05 12:34 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-05 12:30 . 2008-09-05 12:30 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-03 12:52 . 2008-09-03 12:52 <REP> d-------- C:\Program Files\RegsArmyBits
2008-09-03 12:52 . 2008-09-25 09:20 <REP> d-------- C:\Documents and Settings\elisabeth\Application Data\RegsArmyBits
2008-09-03 12:52 . 2008-09-25 09:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\That Face Camp Shim

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 17:11 --------- d-----w C:\Program Files\Steam
2008-10-03 17:04 --------- d-----w C:\Program Files\GamesBar
2008-10-02 20:09 --------- d-----w C:\Program Files\eMule
2008-09-30 09:03 --------- d--h--w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-24 15:21 --------- d-----w C:\Program Files\Symantec
2008-09-24 15:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-24 15:13 --------- d-----w C:\Program Files\Norton AntiVirus
2008-09-24 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-23 18:40 --------- d-----w C:\Program Files\Dofus
2008-09-23 12:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-22 13:52 --------- d-----w C:\Program Files\Zylom Games
2008-09-22 12:46 --------- d-----w C:\Documents and Settings\elisabeth\Application Data\Zylom
2008-09-22 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SugarGames
2008-09-22 09:36 --------- d-----w C:\Program Files\BoontyGames
2008-09-18 07:20 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-09-18 07:20 --------- d-----w C:\Program Files\PokerStars
2008-09-17 13:31 --------- d-----w C:\Program Files\Apple Software Update
2008-09-17 10:43 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-17 10:32 --------- d-----w C:\Program Files\Safari
2008-09-10 14:45 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-08 15:30 --------- d-----w C:\Program Files\PopCap Games
2008-08-27 18:52 --------- d-----w C:\Program Files\VirtualDJ
2008-08-24 04:53 --------- d-----w C:\Documents and Settings\elisabeth\Application Data\U3
2008-08-23 10:03 --------- d-----w C:\Program Files\orange
2008-08-23 10:03 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-08-17 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-17 15:54 --------- d-----w C:\Program Files\Bethesda Softworks
2008-08-15 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2008-08-15 12:23 --------- d-----w C:\Documents and Settings\elisabeth\Application Data\PlayFirst
2008-08-15 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-15 11:48 --------- d-----w C:\Program Files\NRJ
2008-08-08 19:16 --------- d-----w C:\Program Files\Sun
2008-08-08 19:15 --------- d-----w C:\Program Files\Java
2008-08-06 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-04-21 14:38 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-03-04 10:05 0 ----a-w C:\Program Files\temp01
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-27 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 684032]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"phc700"="C:\WINDOWS\vphc700.exe" [2005-07-20 339968]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-27 68856]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-19 54424]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Steam\\SteamApps\\chats33\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\chats33\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Ahead\\SIPPS\\SIPPS.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"14699:TCP"= 14699:TCP:BitComet 14699 TCP
"14699:UDP"= 14699:UDP:BitComet 14699 UDP
"1354:UDP"= 1354:UDP:Windows Media Format SDK (firefox.exe)
"1355:UDP"= 1355:UDP:Windows Media Format SDK (firefox.exe)
"1357:UDP"= 1357:UDP:Windows Media Format SDK (firefox.exe)
"1362:UDP"= 1362:UDP:Windows Media Format SDK (firefox.exe)
"1363:UDP"= 1363:UDP:Windows Media Format SDK (firefox.exe)
"1364:UDP"= 1364:UDP:Windows Media Format SDK (firefox.exe)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-09-07 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-09-07 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [ ]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys [2005-06-07 541568]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02adb382-602b-11dd-8e1e-0019db289168}]
\Shell\AutoRun\command - i.cmd
\Shell\explore\Command - i.cmd
\Shell\open\Command - i.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb3f692-7bce-11dd-8e68-0019db289168}]
\Shell\AutoRun\command - u.bat
\Shell\explore\Command - u.bat
\Shell\open\Command - u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb3f693-7bce-11dd-8e68-0019db289168}]
\Shell\AutoRun\command - L:\EmDesk.exe
\Shell\EmDesk\command - L:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d87a9ae8-e862-11dc-8c9a-0019db289168}]
\Shell\Auto\command - K:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe e
\Shell\explore\Command - K:\activexdebugger32.exe f
\Shell\open\Command - K:\activexdebugger32.exe f
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\elisabeth\Application Data\Mozilla\Firefox\Profiles\tzhhpi26.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/webhp?hl=fr
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 19:10:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Philips\SPC 700NC PC Camera\TrayMin700.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\ComboFix\pv.cfexe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-10-03 19:17:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 17:17:27

Avant-CF: 1ÿ377ÿ832ÿ960 octets libres
Post-Run: 2,072,629,248 octets libres

290 --- E O F --- 2008-09-12 16:54:41
0
Réponse 12 / 32
Utilisateur anonyme
 
pour avast :

va dans programe files puis recherche le dossier alwil (avast) tu rentre dedans et recherche ashDisp.exe tu click dessus > l´icone d´avast devrait reaparaitre

je regarde ton rapport
0
Réponse 13 / 32
Utilisateur anonyme
 
Copie le texte ci-dessous :

File::
C:\WINDOWS\system32\FF8lD3rS.exe
C:\WINDOWS\system32\bpTAV4Cc.exe
L:\EmDesk.exe
K:\activexdebugger32.exe f
K:\activexdebugger32.exe

Folder::
C:\Program Files\UsbFix
C:\rsit
C:\Program Files\BoontyGames
C:\Program Files\temp01

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02adb382-602b-11dd-8e1e-0019db289168}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb3f692-7bce-11dd-8e68-0019db289168}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d87a9ae8-e862-11dc-8c9a-0019db289168}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb3f693-7bce-11dd-8e68-0019db289168}]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt
0
Réponse 14 / 32
dime666
 
voici le rapport

ComboFix 08-10-02.04 - elisabeth 2008-10-03 19:52:19.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.637 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\elisabeth\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\elisabeth\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]

FILE ::
C:\WINDOWS\system32\bpTAV4Cc.exe
C:\WINDOWS\system32\FF8lD3rS.exe
K:\activexdebugger32.exe
K:\activexdebugger32.exe f
L:\EmDesk.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\BoontyGames
C:\Program Files\BoontyGames\Components\bureau.url
C:\Program Files\BoontyGames\Components\Joystick.ico
C:\Program Files\BoontyGames\Components\start.url
C:\Program Files\BoontyGames\Luxor 3\data.nhp
C:\Program Files\BoontyGames\Luxor 3\data\sound\music\Danger.ogg
C:\Program Files\BoontyGames\Luxor 3\data\sound\music\Menu.ogg
C:\Program Files\BoontyGames\Luxor 3\data\sound\music\theme_classic.ogg
C:\Program Files\BoontyGames\Luxor 3\data\sound\music\theme_nile.ogg
C:\Program Files\BoontyGames\Luxor 3\data\sound\music\theme_onslaught.ogg
C:\Program Files\BoontyGames\Luxor 3\fmod.dll
C:\Program Files\BoontyGames\Luxor 3\Luxor3.exe
C:\Program Files\BoontyGames\Luxor 3\trial.ini
C:\Program Files\BoontyGames\luxor3{307122}.exe
C:\Program Files\BoontyGames\theriseofatlantis.exe
C:\Program Files\temp01\
C:\Program Files\UsbFix
C:\Program Files\UsbFix\Uninstal.exe
C:\Program Files\UsbFix\UsbFix.exe
C:\Program Files\UsbFix\vista-060.ico
C:\rsit
C:\rsit\info.txt
C:\rsit\log.txt
C:\WINDOWS\system32\bpTAV4Cc.exe
C:\WINDOWS\system32\FF8lD3rS.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-03 au 2008-10-03 ))))))))))))))))))))))))))))))))))))
.

2008-10-03 15:46 . 2008-10-03 15:46 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-03 15:46 . 2008-10-03 15:46 <REP> d-------- C:\Documents and Settings\elisabeth\Application Data\Malwarebytes
2008-10-03 15:46 . 2008-10-03 15:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-03 15:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-03 15:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-03 14:43 . 2008-10-03 15:24 <REP> d-------- C:\Program Files\trend micro
2008-10-03 11:43 . 2008-10-03 11:43 244 --ah----- C:\sqmnoopt14.sqm
2008-10-03 11:43 . 2008-10-03 11:43 232 --ah----- C:\sqmdata14.sqm
2008-10-03 11:41 . 2008-10-03 11:41 244 --ah----- C:\sqmnoopt13.sqm
2008-10-03 11:41 . 2008-10-03 11:41 232 --ah----- C:\sqmdata13.sqm
2008-10-03 10:21 . 2008-10-03 10:21 244 --ah----- C:\sqmnoopt12.sqm
2008-10-03 10:21 . 2008-10-03 10:21 232 --ah----- C:\sqmdata12.sqm
2008-10-03 10:18 . 2008-10-03 10:18 244 --ah----- C:\sqmnoopt11.sqm
2008-10-03 10:18 . 2008-10-03 10:18 232 --ah----- C:\sqmdata11.sqm
2008-09-27 19:51 . 2008-09-27 19:51 244 --ah----- C:\sqmnoopt10.sqm
2008-09-27 19:51 . 2008-09-27 19:51 232 --ah----- C:\sqmdata10.sqm
2008-09-27 19:14 . 2008-09-27 19:14 244 --ah----- C:\sqmnoopt09.sqm
2008-09-27 19:14 . 2008-09-27 19:14 232 --ah----- C:\sqmdata09.sqm
2008-09-27 10:05 . 2008-09-27 10:05 244 --ah----- C:\sqmnoopt08.sqm
2008-09-27 10:05 . 2008-09-27 10:05 232 --ah----- C:\sqmdata08.sqm
2008-09-27 10:03 . 2008-09-27 10:03 244 --ah----- C:\sqmnoopt07.sqm
2008-09-27 10:03 . 2008-09-27 10:03 232 --ah----- C:\sqmdata07.sqm
2008-09-27 08:00 . 2008-09-27 08:00 244 --ah----- C:\sqmnoopt06.sqm
2008-09-27 08:00 . 2008-09-27 08:00 232 --ah----- C:\sqmdata06.sqm
2008-09-27 07:49 . 2008-09-27 07:49 244 --ah----- C:\sqmnoopt05.sqm
2008-09-27 07:49 . 2008-09-27 07:49 232 --ah----- C:\sqmdata05.sqm
2008-09-27 06:43 . 2008-09-27 06:43 244 --ah----- C:\sqmnoopt04.sqm
2008-09-27 06:43 . 2008-09-27 06:43 232 --ah----- C:\sqmdata04.sqm
2008-09-26 19:11 . 2008-09-26 19:11 244 --ah----- C:\sqmnoopt03.sqm
2008-09-26 19:11 . 2008-09-26 19:11 232 --ah----- C:\sqmdata03.sqm
2008-09-26 19:09 . 2008-09-26 19:09 244 --ah----- C:\sqmnoopt02.sqm
2008-09-26 19:09 . 2008-09-26 19:09 232 --ah----- C:\sqmdata02.sqm
2008-09-25 19:47 . 2008-09-25 19:47 244 --ah----- C:\sqmnoopt01.sqm
2008-09-25 19:47 . 2008-09-25 19:47 232 --ah----- C:\sqmdata01.sqm
2008-09-25 18:13 . 2008-09-25 18:13 244 --ah----- C:\sqmnoopt00.sqm
2008-09-25 18:13 . 2008-09-25 18:13 232 --ah----- C:\sqmdata00.sqm
2008-09-24 17:21 . 2008-09-25 08:04 <REP> d-------- C:\Program Files\Avast4
2008-09-23 20:46 . 2008-09-23 20:46 <REP> d-------- C:\Program Files\Messenger Plus! Live
2008-09-23 20:46 . 2008-09-23 20:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-09-22 15:50 . 2008-09-22 15:50 <REP> d-------- C:\Documents and Settings\elisabeth\Application Data\SpinTop Games
2008-09-22 11:37 . 2008-09-23 13:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-09-21 20:00 . 2008-09-21 20:00 <REP> dr------- C:\Documents and Settings\NetworkService\Favoris
2008-09-18 14:53 . 2007-09-21 18:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage r‚seau
2008-09-18 14:53 . 2007-09-21 18:28 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-09-18 14:53 . 2007-09-21 16:35 <REP> d--h----- C:\Documents and Settings\Administrateur\ModŠles
2008-09-18 14:53 . 2008-09-18 14:54 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-09-18 14:53 . 2007-09-21 18:28 <REP> dr------- C:\Documents and Settings\Administrateur\Menu D‚marrer
2008-09-18 14:53 . 2008-09-18 14:54 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-09-18 14:53 . 2008-09-18 15:17 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-09-18 14:53 . 2008-09-18 14:53 <REP> d-------- C:\Documents and Settings\Administrateur
2008-09-17 12:45 . 2008-09-17 12:45 <REP> d-------- C:\Program Files\iTunes
2008-09-17 12:45 . 2008-09-17 12:45 <REP> d-------- C:\Program Files\iPod
2008-09-17 12:45 . 2008-09-17 12:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-17 12:43 . 2008-09-17 12:43 <REP> d-------- C:\Program Files\QuickTime
2008-09-17 12:43 . 2008-09-17 12:43 <REP> d-------- C:\Program Files\Bonjour
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-06 02:00 . 2008-09-06 02:00 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-06 02:00 . 2008-09-06 02:00 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-06 02:00 . 2008-09-06 02:00 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-06 01:57 . 2008-09-06 02:00 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-05 12:34 . 2008-09-05 12:34 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-09-05 12:30 . 2008-09-05 12:30 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-03 12:52 . 2008-09-03 12:52 <REP> d-------- C:\Program Files\RegsArmyBits
2008-09-03 12:52 . 2008-09-25 09:20 <REP> d-------- C:\Documents and Settings\elisabeth\Application Data\RegsArmyBits
2008-09-03 12:52 . 2008-09-25 09:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\That Face Camp Shim

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 17:34 --------- d-----w C:\Program Files\Steam
2008-10-03 17:04 --------- d-----w C:\Program Files\GamesBar
2008-10-02 20:09 --------- d-----w C:\Program Files\eMule
2008-09-30 09:03 --------- d--h--w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-24 15:21 --------- d-----w C:\Program Files\Symantec
2008-09-24 15:21 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-24 15:13 --------- d-----w C:\Program Files\Norton AntiVirus
2008-09-24 15:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-23 18:40 --------- d-----w C:\Program Files\Dofus
2008-09-23 12:20 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-22 13:52 --------- d-----w C:\Program Files\Zylom Games
2008-09-22 12:46 --------- d-----w C:\Documents and Settings\elisabeth\Application Data\Zylom
2008-09-22 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\SugarGames
2008-09-18 07:20 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-09-18 07:20 --------- d-----w C:\Program Files\PokerStars
2008-09-17 13:31 --------- d-----w C:\Program Files\Apple Software Update
2008-09-17 10:43 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-09-17 10:32 --------- d-----w C:\Program Files\Safari
2008-09-10 14:45 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys
2008-09-08 15:30 --------- d-----w C:\Program Files\PopCap Games
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 18:52 --------- d-----w C:\Program Files\VirtualDJ
2008-08-24 04:53 --------- d-----w C:\Documents and Settings\elisabeth\Application Data\U3
2008-08-23 10:03 --------- d-----w C:\Program Files\orange
2008-08-23 10:03 --------- d-----w C:\Program Files\Fichiers communs\Oberon Media
2008-08-17 15:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-17 15:54 --------- d-----w C:\Program Files\Bethesda Softworks
2008-08-15 12:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\GameHouse
2008-08-15 12:23 --------- d-----w C:\Documents and Settings\elisabeth\Application Data\PlayFirst
2008-08-15 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-08-15 11:48 --------- d-----w C:\Program Files\NRJ
2008-08-08 19:16 --------- d-----w C:\Program Files\Sun
2008-08-08 19:15 --------- d-----w C:\Program Files\Java
2008-08-06 17:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\MGS
2008-07-28 06:10 487,979 ----a-w C:\WINDOWS\system32\imagens1234.exe
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-04-21 14:38 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2008-03-04 10:05 0 ----a-w C:\Program Files\temp01
.

((((((((((((((((((((((((((((( snapshot@2008-10-03_19.17.09.17 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-03 17:10:11 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_518.dat
+ 2008-10-03 17:34:25 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_518.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-27 68856]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"Steam"="c:\program files\steam\steam.exe" [2008-03-28 1271032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 64512]
"HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 684032]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"phc700"="C:\WINDOWS\vphc700.exe" [2005-07-20 339968]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-27 68856]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-19 54424]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Steam\\SteamApps\\chats33\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\chats33\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Ahead\\SIPPS\\SIPPS.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"14699:TCP"= 14699:TCP:BitComet 14699 TCP
"14699:UDP"= 14699:UDP:BitComet 14699 UDP
"1354:UDP"= 1354:UDP:Windows Media Format SDK (firefox.exe)
"1355:UDP"= 1355:UDP:Windows Media Format SDK (firefox.exe)
"1357:UDP"= 1357:UDP:Windows Media Format SDK (firefox.exe)
"1362:UDP"= 1362:UDP:Windows Media Format SDK (firefox.exe)
"1363:UDP"= 1363:UDP:Windows Media Format SDK (firefox.exe)
"1364:UDP"= 1364:UDP:Windows Media Format SDK (firefox.exe)

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-09-07 9728]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-09-07 11264]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [ ]
S3 phc700;USB PC Camera (phc700);C:\WINDOWS\system32\DRIVERS\phc700.sys [2005-06-07 541568]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02adb382-602b-11dd-8e1e-0019db289168}]
\Shell\AutoRun\command - i.cmd
\Shell\explore\Command - i.cmd
\Shell\open\Command - i.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb3f692-7bce-11dd-8e68-0019db289168}]
\Shell\AutoRun\command - u.bat
\Shell\explore\Command - u.bat
\Shell\open\Command - u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb3f693-7bce-11dd-8e68-0019db289168}]
\Shell\AutoRun\command - L:\EmDesk.exe
\Shell\EmDesk\command - L:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d87a9ae8-e862-11dc-8c9a-0019db289168}]
\Shell\Auto\command - K:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe e
\Shell\explore\Command - K:\activexdebugger32.exe f
\Shell\open\Command - K:\activexdebugger32.exe f
.
Contenu du dossier 'Tâches planifiées'
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 19:55:31
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
Heure de fin: 2008-10-03 19:57:09
ComboFix-quarantined-files.txt 2008-10-03 17:56:32
ComboFix2.txt 2008-10-03 17:17:32

Avant-CF: 2ÿ120ÿ454ÿ144 octets libres
Après-CF: 2,025,644,032 octets libres

278 --- E O F --- 2008-09-12 16:54:41
0
Réponse 15 / 32
Utilisateur anonyme
 
Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
Réponse 16 / 32
dime666
 
excuse moi mais puis ou j'en suis au niveau de mes problemes?

merci de ton aide et je vais faire ce que tu m'as demandé
0
Réponse 17 / 32
Utilisateur anonyme
 
Il nous faut le scan toolbar S&D et il faudra virer ces 3 clés:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{02adb382-602b-11dd-8e1e-0019db289168}]
\Shell\AutoRun\command - i.cmd
\Shell\explore\Command - i.cmd
\Shell\open\Command - i.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb3f692-7bce-11dd-8e68-0019db289168}]
\Shell\AutoRun\command - u.bat
\Shell\explore\Command - u.bat
\Shell\open\Command - u.bat

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cbb3f693-7bce-11dd-8e68-0019db289168}]
\Shell\AutoRun\command - L:\EmDesk.exe
\Shell\EmDesk\command - L:\EmDesk.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d87a9ae8-e862-11dc-8c9a-0019db289168}]
\Shell\Auto\command - K:\activexdebugger32.exe f
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL activexdebugger32.exe e
\Shell\explore\Command - K:\activexdebugger32.exe f
\Shell\open\Command - K:\activexdebugger32.exe f
0
Réponse 18 / 32
dime666
 
-----------\\ ToolBar S&D 1.2.1 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : elisabeth ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081003-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 73 Go Free : 1 Go
D:\ (Local Disk) - NTFS - Total : 80 Go Free : 2 Go
E:\ (Local Disk) - NTFS - Total : 79 Go Free : 0 Go
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD) - CDFS - Total : 2 Go Free : 0 Go
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [1] ( 03/10/2008|20:20 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\GamesBar
C:\DOCUME~1\ELISAB~1\Cookies\elisabeth@hotbar[1].txt
C:\DOCUME~1\ELISAB~1\Cookies\elisabeth@www.hotbar[1].txt

-----------\\ Extensions

(elisabeth) - {EF522540-89F5-46b9-B6FE-1829E2B572C6} => googlepreview

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At96.job

1 - "C:\ToolBar SD\TB_1.txt" - 03/10/2008|20:20 - Option : [1]

-----------\\ Fin du rapport a 20:20:37,95
0
Réponse 19 / 32
Utilisateur anonyme
 
Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
0
Réponse 20 / 32
dime666
 
-----------\\ ToolBar S&D 1.2.1 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 CPU 6300 @ 1.86GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : elisabeth ( Administrator )
BOOT : Normal boot
Antivirus : avast! antivirus 4.8.1229 [VPS 081003-0] 4.8.1229 (Activated)
C:\ (Local Disk) - NTFS - Total : 73 Go Free : 1 Go
D:\ (Local Disk) - NTFS - Total : 80 Go Free : 2 Go
E:\ (Local Disk) - NTFS - Total : 79 Go Free : 0 Go
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD) - CDFS - Total : 2 Go Free : 0 Go
J:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 24-09-2008|21:50 )
Option : [2] ( 03/10/2008|20:29 )

-----------\\ SUPPRESSION

Supprime! - C:\DOCUME~1\ELISAB~1\Cookies\elisabeth@hotbar[1].txt
Supprime! - C:\DOCUME~1\ELISAB~1\Cookies\elisabeth@www.hotbar[1].txt
Supprime! - C:\Program Files\GamesBar

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ Extensions

(elisabeth) - {EF522540-89F5-46b9-B6FE-1829E2B572C6} => googlepreview

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="https://www.google.com/webhp?gws_rd=ssl{searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Url"="http://www.microsoft.com/athome/community/rss.xml"
"Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"
"Url"="http://www.microsoft.com/atwork/community/rss.xml"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="https://www.msn.com/fr-fr/"

--------------------\\ Recherche d'autres infections

C:\WINDOWS\Tasks\At1.job
C:\WINDOWS\Tasks\At10.job
C:\WINDOWS\Tasks\At11.job
C:\WINDOWS\Tasks\At12.job
C:\WINDOWS\Tasks\At13.job
C:\WINDOWS\Tasks\At14.job
C:\WINDOWS\Tasks\At15.job
C:\WINDOWS\Tasks\At16.job
C:\WINDOWS\Tasks\At17.job
C:\WINDOWS\Tasks\At18.job
C:\WINDOWS\Tasks\At19.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At20.job
C:\WINDOWS\Tasks\At21.job
C:\WINDOWS\Tasks\At22.job
C:\WINDOWS\Tasks\At23.job
C:\WINDOWS\Tasks\At24.job
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At4.job
C:\WINDOWS\Tasks\At5.job
C:\WINDOWS\Tasks\At6.job
C:\WINDOWS\Tasks\At7.job
C:\WINDOWS\Tasks\At73.job
C:\WINDOWS\Tasks\At74.job
C:\WINDOWS\Tasks\At75.job
C:\WINDOWS\Tasks\At76.job
C:\WINDOWS\Tasks\At77.job
C:\WINDOWS\Tasks\At78.job
C:\WINDOWS\Tasks\At79.job
C:\WINDOWS\Tasks\At8.job
C:\WINDOWS\Tasks\At80.job
C:\WINDOWS\Tasks\At81.job
C:\WINDOWS\Tasks\At82.job
C:\WINDOWS\Tasks\At83.job
C:\WINDOWS\Tasks\At84.job
C:\WINDOWS\Tasks\At85.job
C:\WINDOWS\Tasks\At86.job
C:\WINDOWS\Tasks\At87.job
C:\WINDOWS\Tasks\At88.job
C:\WINDOWS\Tasks\At89.job
C:\WINDOWS\Tasks\At9.job
C:\WINDOWS\Tasks\At90.job
C:\WINDOWS\Tasks\At91.job
C:\WINDOWS\Tasks\At92.job
C:\WINDOWS\Tasks\At93.job
C:\WINDOWS\Tasks\At94.job
C:\WINDOWS\Tasks\At95.job
C:\WINDOWS\Tasks\At96.job

1 - "C:\ToolBar SD\TB_1.txt" - 03/10/2008|20:20 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 03/10/2008|20:30 - Option : [2]

-----------\\ Fin du rapport a 20:30:30,85
0

Discussions similaires

ou telecharger sndrec32.exe svp ?
Soundman -
Micra -

2 réponses
un lien pour telecharger sndrec32.exe
layesanga -
wartib -

2 réponses
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses