Fichus Trojan

Question

Bonjour,

Voila depuis 2 jours, j ai une fenetre windows qui s ouvre m indiquant que je suis infecté par un fichier (qui peut changer de nom d ailleurs) et qui m envoie sur une page pour acheter un antivrus. J ai essayé de regler ca tout seul en telechargeant antivirus et antispy differents mais rien a faire, ça me pompe toujours l'air.

Je ne vois vraiment pas comment faire, je peux poster un rapport Malwarebytes si vous voulez..

Plz help

ep44 · Answer

Bonjour 

Télécharge Random's System Information Tool (RSIT) par random/random et sauvegarde-le sur ton Bureau.
http://images.malwareremoval.com/random/RSIT.exe
    * Double-clique sur RSIT.exe afin de lancer RSIT.
    * Clique sur Continue à l'écran Disclaimer.
    * Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
    * Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

--> Poste le contenu de log.txt (<<qui sera affiché) ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports sont également sauvegardés %systemroot%\rsit

Xoiiox · Answer

Merci d avoir repondu aussi vite. Alors : 
-->"C:\Program Files\HP Games\Zuma Deluxe\Uninstall.exe"
-->"c:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
Adobe Flash Player 9 ActiveX-->MsiExec.exe /X{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
AppCore-->MsiExec.exe /I{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ccCommon-->MsiExec.exe /I{B24E05CC-46FF-4787-BBB8-5CD516AFB118}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDex extraction audio-->"C:\Program Files\CDex_170b2\uninstall.exe"
Code de la Route - Le Crash Test-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2FE80273-3BC8-4432-B525-F7F94A9B7536}\Setup.exe" -l0x40c 
Component Framework-->MsiExec.exe /I{31478BE1-CDE5-4753-A8B2-F6D4BC1FBE09}
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Hewlett-Packard Active Check-->MsiExec.exe /X{254C37AA-6B72-4300-84F6-98A82419187E}
Hewlett-Packard Asset Agent for Health Check-->MsiExec.exe /X{669D4A35-146B-4314-89F1-1AC3D7B88367}
HijackThis 2.0.2-->"C:\Program Files	rend micro\HijackThis.exe" /uninstall
HP Customer Feedback-->MsiExec.exe /I{9DBA770F-BF73-4D39-B1DF-6035D95268FC}
HP Easy Setup - Frontend-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9885A11E-60E4-417C-B58B-8B31B21C0B8A}\setup.exe" -l0x9  -removeonly
HP On-Screen Cap/Num/Scroll Lock Indicator-->C:\Windows\system32\OsdRemove.exe
HP Photosmart Essential 2.5-->C:\Program Files\HP\Digital Imaging\PhotoSmartEssential\hpzscr01.exe -datfile hpqbud13.dat
HP Picasso Media Center Add-In-->MsiExec.exe /I{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}
HP Total Care Advisor-->MsiExec.exe /X{e96b3d28-47d6-43cc-98fd-7069eeab6b11}
HP Update-->MsiExec.exe /X{11B83AD3-7A46-4C2E-A568-9505981D4C6F}
Intel(R) Matrix Storage Manager-->C:\Windows\System32\Imsmudlg.exe
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
L&H TTS3000 Français-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\LHTTSFRF.inf, Uninstall
LimeWire 4.18.2-->"C:\Program Files\LimeWire\uninstall.exe"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /x {E80F62FF-5D3C-4A19-8409-9721F2928206} /l*v "c:\ProgramData\LuUninstall.LiveUpdate"
LiveUpdate (Symantec Corporation)-->MsiExec.exe /X{E80F62FF-5D3C-4A19-8409-9721F2928206}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Office PowerPoint Viewer 2007 (French)-->MsiExec.exe /X{95120000-00AF-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Works-->MsiExec.exe /I{3B160861-7250-451E-B5EE-8B92BF30A710}
Module de compatibilité pour Microsoft Office System 2007-->MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
msxml4-->MsiExec.exe /X{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}
My HP Games-->"C:\Program Files\HP Games\Uninstall.exe"
Norton AntiVirus Help-->MsiExec.exe /I{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}
Norton AntiVirus-->MsiExec.exe /X{77FFBA7E-0973-4F39-BBDB-AC2F537578D2}
Norton Confidential Core-->MsiExec.exe /I{55A6283C-638A-4EE0-B491-51118554BDA2}
Norton Internet Security (Symantec Corporation)-->"C:\Program Files\Common Files\Symantec Shared\SymSetup\{C1C185CA-C531-49F5-A6FA-B838405A049D}_15_0_0_60\Setup.exe" /X
Norton Internet Security-->MsiExec.exe /I{3672B097-EA69-4BFE-B92F-29AE6D9D2B34}
Norton Internet Security-->MsiExec.exe /I{C1C185CA-C531-49F5-A6FA-B838405A049D}
Norton Protection Center-->MsiExec.exe /I{62120008-8E1E-4807-860D-A8B48F8552DB}
NVIDIA Drivers-->C:\Windows\system32\NVUNINST.EXE UninstallGUI
Outils de diagnostic du matériel-->C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PowerDirector-->"C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" /z-uninstall
Python 2.5-->MsiExec.exe /I{0A2C5854-557E-48C8-835A-3B9F074BDCAA}
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Realtek High Definition Audio Driver-->RtlUpd.exe -r -m
Réussir son Code de la Route Auto-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FF5CC15-757C-4EC6-A07A-F58FED51D17A}\setup.exe" -l0x40c 
Runtime Files Pack 3-->C:\Windows\ST4UNST.EXE -n "C:\Windows\System32\ST4UNST.000" 
Search Settings 1.2-->MsiExec.exe /X{D0C73318-7B4A-4D16-A0C4-3B83F075EA88}
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Solution de clavier multimédia amélioré-->C:\HP\KBD\Install.exe /u
SPBBC 32bit-->MsiExec.exe /I{77772678-817F-4401-9301-ED1D01A8DA56}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SweetIM for Messenger 2.5-->MsiExec.exe /X{C3576005-01B0-4C25-AA5F-40134CC78C42}
SweetIM Toolbar for Internet Explorer 3.1-->MsiExec.exe /X{59971D79-8111-42C2-9E40-883A0C277E78}
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
VideoLAN VLC media player 0.8.6f-->C:\Program Files\VideoLAN\VLC\uninstall.exe
VirusKeeper 2009 Pro Evaluation-->"C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\unins000.exe"
Visual Basic 4 Runtime Files-->C:\Windows\ST4UNST.EXE -n "C:\Windows\System32\ST4UNST.LOG" 
Warhammer Online: Age of Reckoning-->"C:\Warhammer Online - Age of Reckoning\unins000.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
World of Warcraft-->C:\Program Files\Common Files\Blizzard Entertainment\World of Warcraft (2)\Uninstall.exe
Wow Cartographe 1.07-->C:\Program Files\WowCartographe\uninst.exe

======Security center information======

AV: VirusKeeper 2009 Pro antivirus
AV: Norton Internet Security (outdated)
FW: Norton Internet Security
AS: VirusKeeper 2009 Pro antispyware
AS: AVG Anti-Spyware (disabled) (outdated)
AS: Windows Defender (disabled)
AS: Norton Internet Security (outdated)

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\hp\bin\Python;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"PLATFORM"=HPD
"PCBRAND"=Pavilion
"OnlineServices"=Services en ligne
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_01\lib\ext\QTJava.zip

-----------------EOF-----------------





Logfile of random's system information tool 1.04 (written by random/random)
Run by Xoï at 2008-10-04 15:52:01
Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 1
System drive C: has 459 GB (65%) free of 705 GB
Total RAM: 3326 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:52:21, on 04/10/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\system32\schtasks.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\ProgramData\setchk\irwjopqj.exe
C:\ProgramData\jghwhwva\dojodydk.exe
C:\Windows\system32\jusched.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_watchop.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Xoï\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LB43PMXZ\RSIT[1].exe
C:\Program Files	rend micro\Xoï.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [VirusKeeper] C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [setchk] C:\ProgramData\setchk\irwjopqj.exe
O4 - HKCU\..\Run: [\YUR6822.exe] C:\Windows\system32\YUR6822.exe
O4 - HKCU\..\Run: [\YUR6B3D.exe] C:\Windows\system32\YUR6B3D.exe
O4 - HKCU\..\Run: [\YUR7117.exe] C:\Windows\system32\YUR7117.exe
O4 - HKCU\..\Run: [\YUR6FB0.exe] C:\Windows\system32\YUR6FB0.exe
O4 - HKCU\..\Run: [QC5MkyJrUw] C:\ProgramData\jghwhwva\dojodydk.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O13 - Gopher Prefix: 
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Planificateur LiveUpdate automatique (Automatic LiveUpdate Scheduler) - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Chasis Button Service (HPBtnSrv) - Unknown owner - c:\hp\HPEZBTN\HPBtnSrv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - c:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: VirusKeeper antivirus/antispyware (vkservice) - AxBx - C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\vk_service.exe

ep44 · Answer

Très bien 

Télécharge sur le Bureau http://siri.urz.free.fr/Fix/SmitfraudFix.exe
=> Double clic sur SmitfraudFix.zip
=> Extraire tout
=> Double clic sur SmitfraudFix
=> Double Clic sur SmitfraudFix.cmd
=> Choisir Option 1
=> poste le rapport
@+

Xoiiox · Answer

Je l ai bien mis sur le bureau et fais ce que tu m'as dit, mais il est où le rapport stp ?

ep44 · Answer

regarde dans C:\ tu dois y trouver un fichier .TXT  au nom de rapport.txt

Xoiiox · Answer

J ai peut etre mal fait quelque chose, je le refait a la lettre et je te dis ça.

ep44 · Answer

en effet une erruer de ma par t surement plus besoin d'extraire 

mais as tu lancer l'option 1

Xoiiox · Answer

ouep

Xoiiox · Answer

J ai bien pu lancer l option 1 mais je vois pas du tout ou peut se trouver le rapport.

ep44 · Answer

regarde dans C:\ tu dois y trouver un fichier .TXT au nom de rapport.txt

Xoiiox · Answer

Y a effectivement un fichier txt qui s est créé, est ce bien ça ? : 

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform:  Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File "C:\ProgramData\setchk\irwjopqj.exe" deleted successfully.
File "C:\ProgramData\jghwhwva\dojodydk.exe" deleted successfully.

Error:  file "C:\Program Files\eMule\emule.exe" not found!
Deletion of file "C:\Program Files\eMule\emule.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  file "C:\Program Files\eMule\LinkCreator.exe" not found!
Deletion of file "C:\Program Files\eMule\LinkCreator.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  could not open file "C:\Program Files\PCHealthCenter\0.gif"
Deletion of file "C:\Program Files\PCHealthCenter\0.gif" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Program Files\PCHealthCenter\1.gif"
Deletion of file "C:\Program Files\PCHealthCenter\1.gif" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Program Files\PCHealthCenter\1.ico"
Deletion of file "C:\Program Files\PCHealthCenter\1.ico" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Program Files\PCHealthCenter\2.gif"
Deletion of file "C:\Program Files\PCHealthCenter\2.gif" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Program Files\PCHealthCenter\2.ico"
Deletion of file "C:\Program Files\PCHealthCenter\2.ico" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Program Files\PCHealthCenter\3.gif"
Deletion of file "C:\Program Files\PCHealthCenter\3.gif" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Program Files\PCHealthCenter\sc.html"
Deletion of file "C:\Program Files\PCHealthCenter\sc.html" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Program Files\MicroAntivirus\microAV.ooo"
Deletion of file "C:\Program Files\MicroAntivirus\microAV.ooo" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Program Files\MicroAntivirus\microAV0.dat"
Deletion of file "C:\Program Files\MicroAntivirus\microAV0.dat" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  could not open file "C:\Program Files\MicroAntivirus\microAV1.dat"
Deletion of file "C:\Program Files\MicroAntivirus\microAV1.dat" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
  --> bad path / the parent directory does not exist


Error:  file "C:\Windows\System32\1.ico" not found!
Deletion of file "C:\Windows\System32\1.ico" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "C:\Program Files\PCHealthCenter" not found!
Deletion of folder "C:\Program Files\PCHealthCenter" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Error:  folder "C:\Program Files\MicroAntivirus" not found!
Deletion of folder "C:\Program Files\MicroAntivirus" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
  --> the object does not exist


Completed script processing.

*******************

Finished!  Terminate.

ep44 · Answer

non ce n'est pas celui_ci

Xoiiox · Answer

J ai un fichier Process.txt dans le dossier smitfraudfix, dis moi si c est celui là : 
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Adobe\Reader 8.0\Readereader_sl.exe
C:\Program Files\AxBx\VirusKeeper 2009 Pro Evaluation\VirusKeeper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\jusched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\cscript.exe

ep44 · Answer

tu dois en avoir un qui pote ce nom 

rapport.txt

Xoiiox · Answer

Je n ai aucun "rapport.txt" dans mon c:/

ep44 · Answer

C'est quand même bizarre cette affaire 

Normalement quand tu lance Smitfraudfix tu dois avoir le rapport qui se créer de lui même tu n'as normalement même as besoin d'aller le chercher 

bon si tu n'y arrive pas fait ceci 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* Déconnecte toi d'internet et ferme toutes tes applications.

* Désactive tes protections (antivirus, parefeu,antispyware) provisoirement et seulement le temps de l'utilisation de ComboFix,

* Double-clic sur combofix.exe, il est possible que ton parefeu te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.

* /!\ Ne touche à rien tant que le scan n'est pas terminé.Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne /!\

* Attends que Combofix ait terminé, un rapport sera créé.

* réactive ton parefeu, ton antivirus, la garde de ton antispyware

* copie/colle le rapport, le rapport se trouve dans : C:Combofix.txt

* Réactive tes protections en temps réel, Antivirus, Antispywares, avant de te reconnecter à internet.

Xoiiox · Answer

Bon j ai fait une recherche du Smitfraudfix.cmd pour etre sur de lancer ce qu il faut pour creer le rapport. J ai cliqué sur le resultat de la recherche mais là c est une fenetre rouge qui s est ouverte avec marqué : 

Accés refusé.
Accés refusé.
Accés refusé.
Erreur en entrée : impossible de trouver le fichier script "C:\Windows\system32\G
etPaths.vbc".
Impossible de trouver C:\Windows\system32\Getpaths.vbs
'Setpaths.bat' n'est pas reconnu en tant que commande interne
ou externe, un programme exécutable ou un fichier de commandes.
Impossible de trouver C:\Windows\system32\Setpaths.bat
SmitFraudFix v2.356

Fichier Process.exe est absent !
Dezippez la totalité de l'archive dans un dossier.

Process.exe file missing ! 
Unzip all the archive in a folder.

Appuyez sur une touche pour continuer...


Et ca se ferme...

Xoiiox · Answer

Je fais ton autre solution et je reviens.

Xoiiox · Answer

Alors (dsl j ai mis un peu de temps) : ComboFix 08-10-03.06 - Xoï 2008-10-04 17:35:40.2 - NTFSx86 Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2320 [GMT 2:00] Lancé depuis: C:\Users\Xoï\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Users\Xoï\AppData\Roaming\.# C:\Windows\system32\jusched.exe . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MCHINJDRV ((((((((((((((((((((((((((((( Fichiers créés du 2008-09-04 au 2008-10-04 )))))))))))))))))))))))))))))))))))) . 2008-10-04 15:52 . 2008-10-04 15:52 d-------- C: sit 2008-10-04 15:52 . 2008-10-04 15:52 d-------- C:\Program Files rend micro 2008-10-04 15:01 . 2008-10-04 15:01 d-------- C:\Users\Xoï\AppData\Roaming\Malwarebytes 2008-10-04 15:01 . 2008-10-04 15:01 d-------- C:\Users\All Users\Malwarebytes 2008-10-04 15:01 . 2008-10-04 15:01 d-------- C:\ProgramData\Malwarebytes 2008-10-04 15:01 . 2008-10-04 15:01 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-04 15:01 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys 2008-10-04 15:01 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys 2008-10-04 14:09 . 2008-10-04 14:09 d-------- C:\Users\All Users\Grisoft 2008-10-04 14:09 . 2008-10-04 14:09 d-------- C:\ProgramData\Grisoft 2008-10-04 14:02 . 2008-10-04 14:02 438 --ah----- C:\aaw7boot.cmd 2008-10-04 14:01 . 2008-10-04 14:12 d-------- C:\Program Files\SpywareBlaster 2008-10-04 14:01 . 2005-08-25 19:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL 2008-10-04 12:52 . 2008-10-04 12:54 d-------- C:\Users\All Users\Lavasoft 2008-10-04 12:52 . 2008-10-04 12:54 d-------- C:\ProgramData\Lavasoft 2008-10-03 17:20 . 2008-10-03 17:20 d-------- C:\Users\Xoï\Recent 2008-10-03 17:20 . 2008-10-03 17:20 d-------- C:\Users\Xoï\Recent 2008-10-03 02:43 . 2008-10-04 16:14 d-------- C:\Users\All Users\setchk 2008-10-03 02:43 . 2008-10-04 16:14 d-------- C:\Users\All Users\jghwhwva 2008-10-03 02:43 . 2008-10-03 02:43 d-------- C:\Users\All Users\botohehu 2008-10-03 02:43 . 2008-10-04 16:14 d-------- C:\ProgramData\setchk 2008-10-03 02:43 . 2008-10-04 16:14 d-------- C:\ProgramData\jghwhwva 2008-10-03 02:43 . 2008-10-03 02:43 d-------- C:\ProgramData\botohehu 2008-09-29 21:14 . 2008-09-29 21:14 d-------- C:\Users\Xoï\AppData\Roaming\Leadertech 2008-09-29 21:13 . 2008-09-29 21:13 d-------- C:\Users\All Users\Logitech 2008-09-29 21:13 . 2008-10-04 13:06 d-------- C:\Users\All Users\Logishrd 2008-09-29 21:13 . 2008-09-29 21:13 d-------- C:\ProgramData\Logitech 2008-09-29 21:13 . 2008-10-04 13:06 d-------- C:\ProgramData\Logishrd 2008-09-23 17:35 . 2008-09-30 14:04 d-------- C:\Warhammer Online - Age of Reckoning 2008-09-19 22:34 . 2008-09-19 22:34 d-------- C:\Users\Xoï\AppData\Roaming\Mumble 2008-09-16 14:54 . 2008-09-16 14:54 d-------- C:\Users\All Users\Blizzard 2008-09-16 14:54 . 2008-09-16 14:54 d-------- C:\ProgramData\Blizzard 2008-09-10 05:48 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 05:48 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-10 05:47 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 05:47 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 05:47 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 05:47 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 05:47 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers wifi.sys 2008-09-10 05:47 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 05:47 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-05 03:00 . 2008-09-05 03:00 d-------- C:\Program Files\MSXML 4.0 2008-09-04 13:08 . 2008-09-04 13:08 d-------- C:\Program Files\Search Settings 2008-09-04 13:04 . 2008-09-04 13:04 d-------- C:\Program Files\CDex_170b2 2008-09-04 13:03 . 2008-09-04 13:03 d-------- C:\Users\All Users\Apple Computer 2008-09-04 13:03 . 2008-09-04 13:03 d-------- C:\ProgramData\Apple Computer 2008-09-04 13:03 . 2008-09-04 13:03 d-------- C:\Program Files\QuickTime 2008-09-04 12:43 . 2008-09-04 12:43 d-------- C:\Users\All Users\Pinnacle VideoSpin 2008-09-04 12:43 . 2008-09-04 12:43 d-------- C:\ProgramData\Pinnacle VideoSpin 2008-09-04 12:24 . 2008-09-04 12:24 d-------- C:\Users\All Users\VideoSpin 2008-09-04 12:24 . 2008-09-04 12:24 d-------- C:\ProgramData\VideoSpin 2008-09-04 12:21 . 2008-09-04 12:21 d-------- C:\Users\All Users\Pinnacle 2008-09-04 12:21 . 2008-09-04 12:21 d-------- C:\ProgramData\Pinnacle 2008-09-04 12:12 . 2008-09-04 12:12 262,144 --a------ C:\Windows\System32\wrap_oal.dll 2008-09-04 12:12 . 2008-09-04 12:12 86,016 --a------ C:\Windows\System32\OpenAL32.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-04 15:35 3,932,160 --sha-w C:\Users\Xoï\NTUSER.DAT 2008-10-04 15:35 3,932,160 --sha-w C:\Users\Xoï\NTUSER.DAT 2008-10-04 15:32 --------- d-----w C:\Users\Xoï\AppData\Roaming\Skype 2008-10-04 15:24 --------- d-----w C:\Users\Xoï\AppData\Roaming\skypePM 2008-10-04 15:13 --------- d---a-w C:\ProgramData\TEMP 2008-10-04 15:07 --------- d-----w C:\Users\Xoï\AppData\Roaming\LimeWire 2008-10-04 14:13 --------- d-----w C:\Program Files\eMule 2008-10-04 13:04 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-04 13:04 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment 2008-10-04 13:01 --------- d-----w C:\Users\Xoï\AppData\Roaming\Malwarebytes 2008-10-04 12:02 --------- d-----w C:\Program Files\SweetIM 2008-10-04 11:16 --------- d-----w C:\Program Files\Player Metaboli 2008-10-04 11:16 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-04 11:06 --------- d-----w C:\Program Files\Mumble 2008-10-04 11:06 --------- d-----w C:\Program Files\Common Files\logishrd 2008-10-02 12:43 --------- d-----w C:\Program Files\Micro Application 2008-10-01 18:36 --------- d-----w C:\Users\Xoï\AppData\Roaming eamspeak2 2008-09-29 19:14 --------- d-----w C:\Users\Xoï\AppData\Roaming\Leadertech 2008-09-25 18:29 --------- d-----w C:\Program Files\World of Warcraft 2008-09-19 20:34 --------- d-----w C:\Users\Xoï\AppData\Roaming\Mumble 2008-09-15 13:54 --------- d-----w C:\ProgramData\Symantec 2008-08-20 15:57 --------- d-----w C:\Users\Xoï\AppData\Roaming\DivX 2008-08-18 20:53 --------- d-----w C:\Program Files\BoontyGames 2008-08-18 20:46 --------- d-----w C:\ProgramData\eMule 2008-08-14 01:08 --------- d-----w C:\Program Files\Windows Mail 2008-08-10 20:13 --------- d-----w C:\Program Files\DivX 2008-08-10 20:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine 2008-08-10 13:48 --------- d-----w C:\ProgramData\Tages 2008-08-10 13:47 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys 2008-08-10 13:47 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys 2008-08-08 22:56 --------- d-----w C:\Program Files\Teamspeak2_RC2 2008-08-04 15:31 --------- d-----w C:\Users\Xoï\AppData\Roaming\Gearbox Software 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32 zres.dll 2008-06-02 18:49 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-10-04_17.26.35.49 ))))))))))))))))))))))))))))))))))))))))) . + 2008-10-04 15:23:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-10-04 15:23:16 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-10-04 15:23:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-10-04 15:24:26 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-10-04 15:24:26 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService tuser.dat.LOG1 - 2008-10-04 15:12:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-10-04 15:23:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-10-04 15:12:26 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-10-04 15:23:16 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-10-04 15:12:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-10-04 15:23:16 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-10-04 14:45:29 8,242 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3431419007-1224802698-4071754216-1000_UserData.bin + 2008-10-04 15:25:12 8,614 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3431419007-1224802698-4071754216-1000_UserData.bin - 2008-10-04 14:45:29 63,722 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-10-04 15:25:12 63,854 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784] "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\NCsoft\Exteel\System\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{28C43797-BD35-49D0-ABBD-62FF7451DD56}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{99757855-C113-4D57-B918-B887F18709DB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{3682B9A3-83E3-412D-8B7E-20A0AD69B369}"= C:\Program Files\Skype\Phone\Skype.exe:Skype "{ED86007E-D90B-4035-A5EA-8CEEA47A48D4}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire "{3F24C989-02C1-4C0A-98CA-90B4CB8AD506}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire "{9773D7D1-0DDA-41FE-B484-8945DF934EC1}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager "{66C779C9-7617-470E-A023-52660661ED09}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager "{6203B7EF-A1DD-4B90-ADEA-831B2DD6CC32}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile "{B82D4D6B-026A-45D5-82E0-A2527F140050}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile "{BE042BA0-7F4D-46FA-8ACF-F70C72508DCE}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi "{E17035D7-BF33-44F2-B223-BBBB6B89FE1C}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi "{C5EBDA24-AEFC-4543-858E-ADAC1FD94629}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin "{B62B2B4B-3783-46B2-A705-824FEF85E4BD}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\NCsoft\Exteel\System\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080729.001\IDSvix86.sys [2008-03-20 261680] R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240] R2 LiveUpdate Notice;LiveUpdate Notice;c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864] R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS etr73.sys [2008-02-26 493568] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008] S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888] S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800] *Newly Created Service* - COMHOST . Contenu du dossier 'Tâches planifiées' 2008-09-29 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Xoï.job - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 13:19] . . ------- Examen supplémentaire ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/ R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=desktop . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-04 17:36:43 Windows 6.0.6001 Service Pack 1 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . Heure de fin: 2008-10-04 17:37:17 ComboFix-quarantined-files.txt 2008-10-04 15:37:14 Avant-CF: 480,729,227,264 octets libres Après-CF: 480,692,731,904 octets libres 225 --- E O F --- 2008-09-26 12:50:30

ep44 · Answer

selectionne ceci

Folder::
C:\Users\All Users\jghwhwva  
C:\Users\All Users\botohehu  
C:\ProgramData\jghwhwva  
C:\ProgramData\botohehu  
C:\Program Files\Search Settings       


* Copie le texte sélectionné (CTRL+C).
* Ouvre le bloc-notes (programme>Accessoires >bloc-notes).
* Veille à ce que Retour à la ligne ne soit pas coché dans Format. 
* Colle le texte copié dans ce bloc-notes (CTRL+V).
* Sauvegarde ce fichier sous le nom de CFScript.txt
* Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme ceci 
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
* Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises : c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
* Une fois le scan achevé, un rapport va s'afficher : Poste son contenu.
* Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Note: Le code ci-dessus a été intentionnellement rédigé pour CET utilisateur.
si vous n'êtes pas CET utilisateur, NE PAS appliquer ces directives : elles pourraient endommager votre système.  

@+

Xoiiox · Answer

ComboFix 08-10-03.06 - Xoï 2008-10-04 18:10:34.4 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.2325 [GMT 2:00]
Lancé depuis: C:\Users\Xoï\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Fichiers créés du 2008-09-04 au 2008-10-04 ))))))))))))))))))))))))))))))))))))
.

2008-10-04 17:51 . 2008-10-04 17:54 <REP> d-------- C:\Program Files\WinClamAVShield
2008-10-04 17:50 . 2008-10-04 18:01 <REP> d-------- C:\Users\Xoï\AppData\Roaming\Spyware Terminator
2008-10-04 17:50 . 2008-10-04 18:01 <REP> d-------- C:\Users\All Users\Spyware Terminator
2008-10-04 17:50 . 2008-10-04 18:01 <REP> d-------- C:\ProgramData\Spyware Terminator
2008-10-04 17:50 . 2008-10-04 17:50 <REP> d-------- C:\Program Files\Spyware Terminator
2008-10-04 17:50 . 2008-10-04 17:50 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys
2008-10-04 15:52 . 2008-10-04 15:52 <REP> d-------- C:\rsit
2008-10-04 15:52 . 2008-10-04 15:52 <REP> d-------- C:\Program Files\trend micro
2008-10-04 15:01 . 2008-10-04 15:01 <REP> d-------- C:\Users\Xoï\AppData\Roaming\Malwarebytes
2008-10-04 15:01 . 2008-10-04 15:01 <REP> d-------- C:\Users\All Users\Malwarebytes
2008-10-04 15:01 . 2008-10-04 15:01 <REP> d-------- C:\ProgramData\Malwarebytes
2008-10-04 15:01 . 2008-10-04 15:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-04 15:01 . 2008-09-10 00:04 38,528 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-10-04 15:01 . 2008-09-10 00:03 17,200 --a------ C:\Windows\System32\drivers\mbam.sys
2008-10-04 14:09 . 2008-10-04 14:09 <REP> d-------- C:\Users\All Users\Grisoft
2008-10-04 14:09 . 2008-10-04 14:09 <REP> d-------- C:\ProgramData\Grisoft
2008-10-04 14:02 . 2008-10-04 14:02 438 --ah----- C:\aaw7boot.cmd
2008-10-04 14:01 . 2008-10-04 14:12 <REP> d-------- C:\Program Files\SpywareBlaster
2008-10-04 14:01 . 2005-08-25 19:18 118,784 --a------ C:\Windows\System32\MSSTDFMT.DLL
2008-10-04 12:52 . 2008-10-04 12:54 <REP> d-------- C:\Users\All Users\Lavasoft
2008-10-04 12:52 . 2008-10-04 12:54 <REP> d-------- C:\ProgramData\Lavasoft
2008-10-03 17:20 . 2008-10-03 17:20 <REP> d-------- C:\Users\Xoï\Recent
2008-10-03 17:20 . 2008-10-03 17:20 <REP> d-------- C:\Users\Xoï\Recent
2008-10-03 02:43 . 2008-10-04 16:14 <REP> d-------- C:\Users\All Users\setchk
2008-10-03 02:43 . 2008-10-04 16:14 <REP> d-------- C:\Users\All Users\jghwhwva
2008-10-03 02:43 . 2008-10-03 02:43 <REP> d-------- C:\Users\All Users\botohehu
2008-10-03 02:43 . 2008-10-04 16:14 <REP> d-------- C:\ProgramData\setchk
2008-10-03 02:43 . 2008-10-04 16:14 <REP> d-------- C:\ProgramData\jghwhwva
2008-10-03 02:43 . 2008-10-03 02:43 <REP> d-------- C:\ProgramData\botohehu
2008-09-29 21:14 . 2008-09-29 21:14 <REP> d-------- C:\Users\Xoï\AppData\Roaming\Leadertech
2008-09-29 21:13 . 2008-09-29 21:13 <REP> d-------- C:\Users\All Users\Logitech
2008-09-29 21:13 . 2008-10-04 13:06 <REP> d-------- C:\Users\All Users\Logishrd
2008-09-29 21:13 . 2008-09-29 21:13 <REP> d-------- C:\ProgramData\Logitech
2008-09-29 21:13 . 2008-10-04 13:06 <REP> d-------- C:\ProgramData\Logishrd
2008-09-23 17:35 . 2008-09-30 14:04 <REP> d-------- C:\Warhammer Online - Age of Reckoning
2008-09-19 22:34 . 2008-09-19 22:34 <REP> d-------- C:\Users\Xoï\AppData\Roaming\Mumble
2008-09-16 14:54 . 2008-09-16 14:54 <REP> d-------- C:\Users\All Users\Blizzard
2008-09-16 14:54 . 2008-09-16 14:54 <REP> d-------- C:\ProgramData\Blizzard
2008-09-10 05:48 . 2008-07-31 03:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-09-10 05:48 . 2008-07-31 05:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll
2008-09-10 05:47 . 2008-08-02 03:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-09-10 05:47 . 2008-06-26 05:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll
2008-09-10 05:47 . 2008-06-26 05:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll
2008-09-10 05:47 . 2008-05-08 21:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys
2008-09-10 05:47 . 2008-05-20 04:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-09-10 05:47 . 2008-06-26 05:29 45,056 --a------ C:\Windows\System32\dataclen.dll
2008-09-10 05:47 . 2008-08-02 05:26 36,864 --a------ C:\Windows\System32\cdd.dll
2008-09-05 03:00 . 2008-09-05 03:00 <REP> d-------- C:\Program Files\MSXML 4.0
2008-09-04 13:08 . 2008-09-04 13:08 <REP> d-------- C:\Program Files\Search Settings
2008-09-04 13:04 . 2008-09-04 13:04 <REP> d-------- C:\Program Files\CDex_170b2
2008-09-04 13:03 . 2008-09-04 13:03 <REP> d-------- C:\Users\All Users\Apple Computer
2008-09-04 13:03 . 2008-09-04 13:03 <REP> d-------- C:\ProgramData\Apple Computer
2008-09-04 13:03 . 2008-09-04 13:03 <REP> d-------- C:\Program Files\QuickTime
2008-09-04 12:43 . 2008-09-04 12:43 <REP> d-------- C:\Users\All Users\Pinnacle VideoSpin
2008-09-04 12:43 . 2008-09-04 12:43 <REP> d-------- C:\ProgramData\Pinnacle VideoSpin
2008-09-04 12:24 . 2008-09-04 12:24 <REP> d-------- C:\Users\All Users\VideoSpin
2008-09-04 12:24 . 2008-09-04 12:24 <REP> d-------- C:\ProgramData\VideoSpin
2008-09-04 12:21 . 2008-09-04 12:21 <REP> d-------- C:\Users\All Users\Pinnacle
2008-09-04 12:21 . 2008-09-04 12:21 <REP> d-------- C:\ProgramData\Pinnacle
2008-09-04 12:12 . 2008-09-04 12:12 262,144 --a------ C:\Windows\System32\wrap_oal.dll
2008-09-04 12:12 . 2008-09-04 12:12 86,016 --a------ C:\Windows\System32\OpenAL32.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 16:10 3,932,160 --sha-w C:\Users\Xoï\NTUSER.DAT
2008-10-04 16:10 3,932,160 --sha-w C:\Users\Xoï\NTUSER.DAT
2008-10-04 16:01 --------- d-----w C:\Users\Xoï\AppData\Roaming\Spyware Terminator
2008-10-04 15:32 --------- d-----w C:\Users\Xoï\AppData\Roaming\Skype
2008-10-04 15:24 --------- d-----w C:\Users\Xoï\AppData\Roaming\skypePM
2008-10-04 15:13 --------- d---a-w C:\ProgramData\TEMP
2008-10-04 15:07 --------- d-----w C:\Users\Xoï\AppData\Roaming\LimeWire
2008-10-04 14:13 --------- d-----w C:\Program Files\eMule
2008-10-04 13:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 13:04 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-10-04 13:01 --------- d-----w C:\Users\Xoï\AppData\Roaming\Malwarebytes
2008-10-04 12:02 --------- d-----w C:\Program Files\SweetIM
2008-10-04 11:16 --------- d-----w C:\Program Files\Player Metaboli
2008-10-04 11:16 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-04 11:06 --------- d-----w C:\Program Files\Mumble
2008-10-04 11:06 --------- d-----w C:\Program Files\Common Files\logishrd
2008-10-02 12:43 --------- d-----w C:\Program Files\Micro Application
2008-10-01 18:36 --------- d-----w C:\Users\Xoï\AppData\Roaming\teamspeak2
2008-09-29 19:14 --------- d-----w C:\Users\Xoï\AppData\Roaming\Leadertech
2008-09-25 18:29 --------- d-----w C:\Program Files\World of Warcraft
2008-09-19 20:34 --------- d-----w C:\Users\Xoï\AppData\Roaming\Mumble
2008-09-15 13:54 --------- d-----w C:\ProgramData\Symantec
2008-08-20 15:57 --------- d-----w C:\Users\Xoï\AppData\Roaming\DivX
2008-08-18 20:53 --------- d-----w C:\Program Files\BoontyGames
2008-08-18 20:46 --------- d-----w C:\ProgramData\eMule
2008-08-14 01:08 --------- d-----w C:\Program Files\Windows Mail
2008-08-10 20:13 --------- d-----w C:\Program Files\DivX
2008-08-10 20:13 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-08-10 13:48 --------- d-----w C:\ProgramData\Tages
2008-08-10 13:47 278,984 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-08-10 13:47 25,416 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-08-08 22:56 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-08-04 15:31 --------- d-----w C:\Users\Xoï\AppData\Roaming\Gearbox Software
2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-07-25 08:36 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe
2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll
2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll
2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll
2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll
2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll
2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll
2008-07-18 20:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll
2008-07-18 18:44 31,232 ----a-w C:\Windows\System32\wuapp.exe
2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll
2008-06-02 18:49 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((( snapshot@2008-10-04_17.26.35.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-04 15:22:16 112,368 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-10-04 15:59:27 112,448 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-10-04 16:00:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-10-04 16:00:40 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-10-04 15:23:31 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-04 16:10:40 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-10-04 16:10:40 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-10-04 15:23:31 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-04 16:01:56 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-10-04 16:01:56 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
+ 2008-10-04 16:01:51 16,384 ----a-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2008-10-04 15:12:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-04 16:00:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-10-04 16:01:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008100420081005\index.dat
- 2008-10-04 15:12:26 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-04 16:01:44 49,152 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-10-04 15:12:26 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-04 16:00:40 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-04 14:45:29 8,242 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3431419007-1224802698-4071754216-1000_UserData.bin
+ 2008-10-04 16:02:20 8,654 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3431419007-1224802698-4071754216-1000_UserData.bin
- 2008-10-04 14:45:29 63,722 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-10-04 16:02:20 64,176 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-10-04 14:16:14 41,222 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-10-04 16:02:18 41,658 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 54936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-09-10 1253040]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-10-04 1783808]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{28C43797-BD35-49D0-ABBD-62FF7451DD56}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{99757855-C113-4D57-B918-B887F18709DB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{3682B9A3-83E3-412D-8B7E-20A0AD69B369}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{ED86007E-D90B-4035-A5EA-8CEEA47A48D4}"= UDP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{3F24C989-02C1-4C0A-98CA-90B4CB8AD506}"= TCP:C:\Program Files\FrostWire\FrostWire.exe:LimeWire
"{9773D7D1-0DDA-41FE-B484-8945DF934EC1}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{66C779C9-7617-470E-A023-52660661ED09}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{6203B7EF-A1DD-4B90-ADEA-831B2DD6CC32}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{B82D4D6B-026A-45D5-82E0-A2527F140050}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:PMSRegisterFile
"{BE042BA0-7F4D-46FA-8ACF-F70C72508DCE}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{E17035D7-BF33-44F2-B223-BBBB6B89FE1C}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{C5EBDA24-AEFC-4543-858E-ADAC1FD94629}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{B62B2B4B-3783-46B2-A705-824FEF85E4BD}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080729.001\IDSvix86.sys [2008-03-20 261680]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-10-04 141312]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [2007-05-29 198240]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-14 149864]
R3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr73.sys [2008-02-26 493568]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-06-13 41008]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-07-24 181800]

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Tâches planifiées'

2008-09-29 C:\Windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Xoï.job
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 13:19]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=81&bd=Pavilion&pf=desktop
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-04 18:11:35
Windows 6.0.6001 Service Pack 1 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-04 18:12:09
ComboFix-quarantined-files.txt 2008-10-04 16:12:05
ComboFix2.txt 2008-10-04 16:07:17
ComboFix3.txt 2008-10-04 15:37:18

Avant-CF: 480 445 800 448 octets libres
Après-CF: 480,409,403,392 octets libres

234 --- E O F --- 2008-09-26 12:50:30

ep44 · Answer

Tu n'as pas faiat la manp correctement 

Il faut faire glisser 
comme ceci 

http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Xoiiox · Answer

Bon bon bon : 

Ne t inquiete pas j ai bien compris comment glisser un fichier. Je l ai fais une premier fois, ca a redemarrer mon ordi et au redemarrage ca ma mis deux messages d erreurs dans pleins de langues differentes me disant que combofix ne pouvait pas analyser. J ai donc essayé des les refaire, mais depuis ca me pond des "gros" rapport comme je t ai deja mis...
Autrement, les alertes se sont stoppées, je n en ai plus comme avant.

ep44 · Answer

ok essaye ceci

Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

C:\Users\All Users\jghwhwva  
C:\Users\All Users\botohehu  
C:\ProgramData\jghwhwva  
C:\ProgramData\botohehu  
C:\Program Files\Search Settings 
EmptyTemp

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression. 

-------------------------
Ensuite 

Télécharge malwarebytes
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Une aide pour l'installation 
http://www.swl1f.net/viewtopic.php?f=14&t=68


=> Installe le 
=> Ensuite va en mode sans echec 


   Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
   Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel


=> Lance malwarebytes
=> Coche "Executer un examen complet"
=> Si tu es en présence d'une infection à la fin de l'examen clique sur "ok"
=> Clique sur Supprimer la sélection
=> Pour poster le rapport Clique sur l'onglet Rapports/Logs, sélectionne celui t'intéresse et clique sur Ouvrir
=> Fait copier coller et poste le rapport 

--------------------------

ensuite 

* Télécharge CCleaner 
https://filehippo.com/download_ccleaner/
=> Aide toi de ce tuto pour l'utiliser 
http://www.swl1f.net/viewtopic.php?f=14&t=69

--------------------------

Ensuite refais un nouveau HijackThis 

@+

Fichus Trojan

24 réponses

Votre réponse

Discussions similaires

Newsletters