Sujet Précédent Sujet Suivant

Obfuscated.GX.2750 Trojan

Fermé
StaFFer - 18 oct. 2008 à 00:37
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 - 15 nov. 2008 à 19:22
Bonjour,
Depuis hier mon antivirus (antivir) m'allerte du probleme suivant :

C:\WINDOWS\system32\jqhepuxw.exe
Is the TR/Obfuscated.GX.2750 Trojan

J'ai beau le supprimer, le mettre en 40 aine, le renommer, j'ai l'allerte qui revient tous les 10 minutes ....

J'ai fais des recherches sur les forums mais chaque fois, les gens collaient des rapports d'antivirus donc je suppose que c'est un probleme qui se traite au cas par cas.

J'ai lancer Antivir, panda online, avast, spybot, trojan remover, Adware mais impossible de m'en debarasser.
A voir également:

40 réponses

  • 1
  • 2
Réponse 1 / 40
StaFFer
18 oct. 2008 à 00:39
(oups j'avais pas finis mon message)

Donc voila si quelqu'un peut m'aider ce serait sympa.

Merci d'avance
0
Réponse 2 / 40
StaFFer
18 oct. 2008 à 01:02
Rapport de MalwareByte's :


Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1280
Windows 5.1.2600 Service Pack 2

18/10/2008 00:56:23
mbam-log-2008-10-18 (00-56-19).txt

Type de recherche: Examen rapide
Eléments examinés: 45630
Temps écoulé: 4 minute(s), 50 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{6280B887-A416-F4C4-5581-0BA044BAC6EA} (Trojan.FakeAlert.H) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\cmdinfoact (Trojan.FakeAlert.H) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\gnzwuze\CmdInfoAct.dll (Trojan.FakeAlert.H) -> No action taken.
0
Réponse 3 / 40
StaFFer
19 oct. 2008 à 00:10
Oui j'ai supprimé la selection. Je poste d'ici quelques minutes le rapport suivant
0
Réponse 4 / 40
StaFFer
19 oct. 2008 à 00:13
--------------------\\ Lop S&D 4.2.4-5 XP/Vista

Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz )
BIOS : BIOS Date: 10/31/07 10:25:16 Ver: 08.00.12
USER : Staffer ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)
Firewall : ZoneAlarm Firewall 7.0.462.000 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total : 37 Go Free : 7 Go
D:\ (CD or DVD)
E:\ (CD or DVD) - CDFS - Total : 1 Go Free : 0 Go
F:\ (CD or DVD)
H:\ (CD or DVD)
S:\ (Local Disk) - NTFS - Total : 195 Go Free : 174 Go

"C:\Lop SD" ( MAJ : 02-10-2008|23:42 )
Option : [1] ( 19/10/2008| 0:11 )

--------------------\\ Listing des dossiers dans APPLIC~1

[23/05/2008|00:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[03/04/2008|16:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[03/04/2008|16:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[10/08/2008|19:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
[04/07/2008|00:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[18/10/2008|00:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google Updater
[23/05/2008|00:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[19/07/2008|15:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MailFrontier
[18/10/2008|00:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[19/07/2008|22:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[11/08/2008|18:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[03/04/2008|18:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[06/04/2008|20:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
[16/10/2008|22:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nwrwtolw
[17/10/2008|00:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
[05/05/2008|21:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
[03/04/2008|16:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[18/10/2008|00:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04/07/2008|00:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[03/04/2008|15:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[03/04/2008|15:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[03/04/2008|15:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

[20/07/2008|13:20] C:\DOCUME~1\Staffer\APPLIC~1\Adobe
[18/10/2008|00:09] C:\DOCUME~1\Staffer\APPLIC~1\Azureus
[18/09/2008|21:51] C:\DOCUME~1\Staffer\APPLIC~1\dvdcss
[11/08/2008|16:48] C:\DOCUME~1\Staffer\APPLIC~1\Google
[03/04/2008|15:29] C:\DOCUME~1\Staffer\APPLIC~1\Identities
[24/05/2008|23:24] C:\DOCUME~1\Staffer\APPLIC~1\Macromedia
[18/10/2008|00:45] C:\DOCUME~1\Staffer\APPLIC~1\Malwarebytes
[31/08/2008|19:09] C:\DOCUME~1\Staffer\APPLIC~1\Microsoft
[04/07/2008|00:22] C:\DOCUME~1\Staffer\APPLIC~1\Opera
[17/10/2008|00:35] C:\DOCUME~1\Staffer\APPLIC~1\Simply Super Software
[25/05/2008|01:03] C:\DOCUME~1\Staffer\APPLIC~1\streamripper
[26/08/2008|12:46] C:\DOCUME~1\Staffer\APPLIC~1\TuneUp Software
[22/05/2008|23:43] C:\DOCUME~1\Staffer\APPLIC~1\vlc
[25/05/2008|01:03] C:\DOCUME~1\Staffer\APPLIC~1\Winamp

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[17/10/2008 17:15][--a------] C:\WINDOWS\tasks\Maintenance en 1 clic.job
[19/10/2008 00:04][--ah-----] C:\WINDOWS\tasks\SA.DAT
[07/09/2002 02:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[17/10/2008|00:20] C:\Program Files\ActiveX Control Pad
[10/08/2008|18:24] C:\Program Files\Adobe
[03/04/2008|16:18] C:\Program Files\Ahead
[06/04/2008|12:17] C:\Program Files\Alcohol Soft
[28/05/2008|11:43] C:\Program Files\ASUS
[03/04/2008|15:40] C:\Program Files\Attansic
[03/04/2008|16:17] C:\Program Files\Avira
[13/08/2008|21:50] C:\Program Files\Azureus
[03/04/2008|15:22] C:\Program Files\ComPlus Applications
[07/05/2008|11:35] C:\Program Files\EA GAMES
[06/04/2008|14:20] C:\Program Files\Electronic Arts
[18/10/2008|00:22] C:\Program Files\Enigma Software Group
[04/07/2008|00:05] C:\Program Files\Fichiers communs
[15/10/2008|23:14] C:\Program Files\Frets on Fire
[18/10/2008|00:56] C:\Program Files\gnzwuze
[11/08/2008|16:48] C:\Program Files\Google
[15/10/2008|23:15] C:\Program Files\InstallShield Installation Information
[03/04/2008|15:31] C:\Program Files\Intel
[03/04/2008|15:24] C:\Program Files\Internet Explorer
[23/05/2008|00:30] C:\Program Files\Lavasoft
[18/10/2008|00:45] C:\Program Files\Malwarebytes' Anti-Malware
[11/08/2008|20:25] C:\Program Files\ManyCam 2.3
[03/04/2008|16:58] C:\Program Files\Marvell
[04/07/2008|00:06] C:\Program Files\Messenger
[04/07/2008|00:35] C:\Program Files\Messenger Plus! Live
[03/04/2008|15:26] C:\Program Files\microsoft frontpage
[03/04/2008|18:46] C:\Program Files\Microsoft Office
[03/04/2008|18:46] C:\Program Files\Microsoft Visual Studio
[03/04/2008|18:46] C:\Program Files\Microsoft Works
[03/04/2008|15:23] C:\Program Files\Movie Maker
[07/09/2008|10:37] C:\Program Files\mp3DirectCut
[03/04/2008|15:21] C:\Program Files\MSN
[03/04/2008|15:22] C:\Program Files\MSN Gaming Zone
[03/04/2008|15:23] C:\Program Files\NetMeeting
[03/04/2008|15:22] C:\Program Files\Online Services
[04/07/2008|00:22] C:\Program Files\Opera
[03/04/2008|15:23] C:\Program Files\Outlook Express
[17/10/2008|00:25] C:\Program Files\Panda Security
[18/08/2008|21:17] C:\Program Files\PhotoFiltre Studio
[03/04/2008|18:20] C:\Program Files\Realtek
[03/04/2008|16:43] C:\Program Files\Realtek AC97
[25/05/2008|02:20] C:\Program Files\Rico Software
[03/04/2008|15:24] C:\Program Files\Services en ligne
[10/09/2008|21:52] C:\Program Files\SMPlayer
[05/05/2008|21:17] C:\Program Files\Sony
[16/10/2008|23:00] C:\Program Files\Spybot - Search & Destroy
[25/05/2008|01:03] C:\Program Files\Streamripper
[04/04/2008|13:16] C:\Program Files\Tomb Raider - Legend
[18/10/2008|00:41] C:\Program Files\Trend Micro
[17/10/2008|00:36] C:\Program Files\Trojan Remover
[06/04/2008|12:22] C:\Program Files\Ubisoft
[03/04/2008|15:29] C:\Program Files\Uninstall Information
[24/04/2008|20:30] C:\Program Files\VideoLAN
[20/07/2008|22:09] C:\Program Files\VirtualDJ
[25/05/2008|01:03] C:\Program Files\Winamp
[04/07/2008|00:31] C:\Program Files\Windows Live
[25/05/2008|01:03] C:\Program Files\Windows Media Player
[03/04/2008|15:22] C:\Program Files\Windows NT
[03/04/2008|15:24] C:\Program Files\WindowsUpdate
[03/04/2008|18:36] C:\Program Files\WinRAR
[03/04/2008|15:26] C:\Program Files\xerox
[08/09/2008|23:55] C:\Program Files\Xilisoft
[03/04/2008|18:36] C:\Program Files\Zone Labs

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[03/04/2008|16:20] C:\Program Files\Fichiers communs\Adobe
[03/04/2008|16:18] C:\Program Files\Fichiers communs\Ahead
[03/04/2008|18:46] C:\Program Files\Fichiers communs\DESIGNER
[05/05/2008|21:15] C:\Program Files\Fichiers communs\InstallShield
[19/04/2008|13:37] C:\Program Files\Fichiers communs\Microsoft Shared
[03/04/2008|15:23] C:\Program Files\Fichiers communs\MSSoap
[03/04/2008|17:14] C:\Program Files\Fichiers communs\ODBC
[03/04/2008|15:23] C:\Program Files\Fichiers communs\Services
[05/05/2008|21:17] C:\Program Files\Fichiers communs\Sony Shared
[03/04/2008|17:14] C:\Program Files\Fichiers communs\SpeechEngines
[03/04/2008|15:23] C:\Program Files\Fichiers communs\System
[04/07/2008|00:31] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[01/09/2008|22:02] C:\Program Files\Fichiers communs\Wise Installation Wizard

--------------------\\ Process

( 32 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-19 00:12:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
C:\DOCUME~1\Staffer\LOCALS~1\APPLIC~1\Opera\Opera\profile\vps\0009\adoc.bx-j
C:\DOCUME~1\Staffer\LOCALS~1\APPLIC~1\Opera\Opera\profile\vps\0009\md.dat-j
C:\DOCUME~1\Staffer\LOCALS~1\APPLIC~1\Opera\Opera\profile\vps\0009\url.ax-j
C:\DOCUME~1\Staffer\LOCALS~1\APPLIC~1\Opera\Opera\profile\vps\0009\w.ax-j
C:\DOCUME~1\Staffer\LOCALS~1\APPLIC~1\Opera\Opera\profile\vps\0009\wb.vx-j
scan completed successfully
hidden processes: 0
hidden files: 5

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:60][D:5]-> C:\DOCUME~1\Staffer\LOCALS~1\Temp
[F:290][D:0]-> C:\DOCUME~1\Staffer\Cookies
[F:2315][D:20]-> C:\DOCUME~1\Staffer\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 19/10/2008| 0:13 - Option : [1]

--------------------\\ Fin du rapport a 0:13:26
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 40
StaFFer
19 oct. 2008 à 00:33
info.txt

info.txt logfile of random's system information tool 1.04 2008-10-19 00:32:18

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x40c
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly
CONNECT Auto Update-->C:\Program Files\Sony\CONNECTAutoUpdate\Uninstall.exe
CONNECT Player Language Pack-->MsiExec.exe /X{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}
CONNECT Player-->MsiExec.exe /X{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Google Earth Pro-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Half-Life(R) 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.3 (remove only)-->"C:\Program Files\ManyCam 2.3\uninstall.exe"
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft ActiveX Control Pad-->C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Need for Speed™ Carbon-->C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.50-->MsiExec.exe /X{7472B5B4-3FB7-446F-BC78-6BBA506EC473}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
RS Somnífero-->"C:\Program Files\Rico Software\RS Somnífero\desinstalar.exe"
SMPlayer 0.6.2-->"C:\Program Files\SMPlayer\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Streamripper (Remove only)-->C:\Program Files\Streamripper\Uninstall.exe
Tomb Raider: Legend 1.0-->C:\Program Files\Tomb Raider - Legend\uninsttrl.exe
Trojan Remover 6.7.3-->"C:\Program Files\Trojan Remover\unins000.exe"
UMAX Astra 4500-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{608EC4A1-8750-11D5-BDB6-0050BA6A42D1}\Setup.exe"
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF-----------------











log.txt

info.txt logfile of random's system information tool 1.04 2008-10-19 00:32:18

======Uninstall list======

-->MsiExec.exe /X{E9F81423-211E-46B6-9AE0-38568BC5CF6F}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81200000003}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ASUSUpdate-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Setup.exe" -l0x40c
Attansic Ethernet Utility-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F698102-5739-441E-96F0-74F4EA540F06}\setup.exe" -l0x9 -removeonly
Attansic L1 Gigabit Ethernet Driver-->rundll32.exe C:\WINDOWS\system32\Attansic\L1\atcInst.dll,AtcUninst C:\WINDOWS\system32\Attansic\L1 x86 1969 1048 L1
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
Azureus Vuze-->C:\Program Files\Azureus\uninstall.exe
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x40c -removeonly
CONNECT Auto Update-->C:\Program Files\Sony\CONNECTAutoUpdate\Uninstall.exe
CONNECT Player Language Pack-->MsiExec.exe /X{DC986B2B-DAE4-43E1-A00A-74044CFB6EA4}
CONNECT Player-->MsiExec.exe /X{EC62DAEB-05E7-46FF-8867-FEBE00DBD790}
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
Google Earth Pro-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}\setup.exe" -l0x40c -removeonly
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Half-Life(R) 2-->MsiExec.exe /I{D45EC259-4A19-4656-B588-C2C360DD18EA}
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.3 (remove only)-->"C:\Program Files\ManyCam 2.3\uninstall.exe"
marvell 61xx-->C:\Program Files\Marvell\61xx\uninst-61xx.exe
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft ActiveX Control Pad-->C:\Program Files\ActiveX Control Pad\Setup\Remove.exe
Microsoft Office Access MUI (French) 2007-->MsiExec.exe /X{90120000-0015-040C-0000-0000000FF1CE}
Microsoft Office Excel MUI (French) 2007-->MsiExec.exe /X{90120000-0016-040C-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (French) 2007-->MsiExec.exe /X{90120000-0044-040C-0000-0000000FF1CE}
Microsoft Office Outlook MUI (French) 2007-->MsiExec.exe /X{90120000-001A-040C-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (French) 2007-->MsiExec.exe /X{90120000-0018-040C-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Arabic) 2007-->MsiExec.exe /X{90120000-001F-0401-0000-0000000FF1CE}
Microsoft Office Proof (Dutch) 2007-->MsiExec.exe /X{90120000-001F-0413-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (French) 2007-->MsiExec.exe /X{90120000-002C-040C-0000-0000000FF1CE}
Microsoft Office Publisher MUI (French) 2007-->MsiExec.exe /X{90120000-0019-040C-0000-0000000FF1CE}
Microsoft Office Shared MUI (French) 2007-->MsiExec.exe /X{90120000-006E-040C-0000-0000000FF1CE}
Microsoft Office Word MUI (French) 2007-->MsiExec.exe /X{90120000-001B-040C-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Need for Speed™ Carbon-->C:\Program Files\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Nero 6 Enterprise Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
Opera 9.50-->MsiExec.exe /X{7472B5B4-3FB7-446F-BC78-6BBA506EC473}
Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Panda ActiveScan 2.0-->C:\Program Files\Panda Security\ActiveScan 2.0\as2uninst.exe
PhotoFiltre Studio-->"C:\Program Files\PhotoFiltre Studio\Uninst.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x40c -removeonly
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x40c -removeonly
RS Somnífero-->"C:\Program Files\Rico Software\RS Somnífero\desinstalar.exe"
SMPlayer 0.6.2-->"C:\Program Files\SMPlayer\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Streamripper (Remove only)-->C:\Program Files\Streamripper\Uninstall.exe
Tomb Raider: Legend 1.0-->C:\Program Files\Tomb Raider - Legend\uninsttrl.exe
Trojan Remover 6.7.3-->"C:\Program Files\Trojan Remover\unins000.exe"
UMAX Astra 4500-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{608EC4A1-8750-11D5-BDB6-0050BA6A42D1}\Setup.exe"
VideoLAN VLC media player 0.8.6h-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Messenger-->MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
ZoneAlarm-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Avira AntiVir PersonalEdition
FW: ZoneAlarm Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;"C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier"
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"tvdumpflags"=8

-----------------EOF-----------------
0
Réponse 6 / 40
StaFFer
19 oct. 2008 à 23:21
voila. Ensuite ?
0
Réponse 7 / 40
StaFFer
21 oct. 2008 à 22:30
[b]SDFix: Version 1.236 [/b]
Run by Staffer on 21/10/2008 at 22:25

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files [/b]:

No Trojan Files Found






Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-21 22:28:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001060e98d3a]
"001f6b883822"=hex:c7,3c,6f,55,a1,3f,fc,fc,da,44,06,b0,83,fb,72,44
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg40]
"ujdew"=hex:20,02,00,00,a5,7d,68,0b,2f,69,98,46,9d,3c,74,ae,fd,7d,76,8f,75,..
"ljej40"=hex:15,87,95,e4,32,61,62,da,d8,30,61,fb,e1,fe,b7,81,b7,62,7e,4c,05,..
"ljej41"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
"ljej42"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
"ljej43"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
"ljej44"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg41]
"ujdew"=hex:20,02,00,00,a5,7d,68,0b,85,bc,f0,40,9d,3c,74,ae,f8,7d,76,8f,75,..
"ljej40"=hex:68,87,95,e4,32,61,62,da,d8,30,61,fb,e1,fe,b7,81,b7,62,7e,4c,31,..
"ljej41"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
"ljej42"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
"ljej43"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
"ljej44"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\a347scsi\Config\jdgg42]
"ujdew"=hex:20,02,00,00,a5,7d,68,0b,03,cf,50,ae,9d,3c,74,ae,d5,7d,76,8f,71,..
"ljej40"=hex:0d,87,95,e4,32,61,62,da,d8,30,61,fb,e1,fe,b7,81,b7,62,7e,4c,26,..
"ljej41"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
"ljej42"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
"ljej43"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
"ljej44"=hex:ab,87,95,e4,4a,61,62,da,d9,30,60,fb,e0,fe,b7,81,b7,62,7e,4c,66,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060e98d3a]
"001f6b883822"=hex:c7,3c,6f,55,a1,3f,fc,fc,da,44,06,b0,83,fb,72,44
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001060e98d3a]
"001f6b883822"=hex:c7,3c,6f,55,a1,3f,fc,fc,da,44,06,b0,83,fb,72,44

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}]
"DisplayName"="Alcohol 120%"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Marvell\\61xx\\Apache2\\bin\\Apache.exe"="C:\\Program Files\\Marvell\\61xx\\Apache2\\bin\\Apache.exe:*:Enabled:Apache HTTP Server"
"S:\\jeux\\Bin32\\Crysis.exe"="S:\\jeux\\Bin32\\Crysis.exe:*:Enabled:Crysis_32"
"S:\\jeux\\Bin32\\CrysisDedicatedServer.exe"="S:\\jeux\\Bin32\\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe:*:Enabled:Battlefield 2"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files [/b]:



[b]Files with Hidden Attributes [/b]:

Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"

[b]Finished![/b]
0
Réponse 8 / 40
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
21 oct. 2008 à 23:04
---> Fais un scan complet avec Antivir et poste le rapport.
0
Réponse 9 / 40
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
24 oct. 2008 à 23:20
Es-tu là ?
0
Réponse 10 / 40
StaFFer
26 oct. 2008 à 15:18
j'ai poster plusieurs fois le resultats mais ca ne fonctionne pas. Depuis mon pc, je n'arrive plus a poster de messages sur ce forum ...

Je poste le resultat ce soir depuis un autre pc.

Merci
0
Réponse 11 / 40
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
26 oct. 2008 à 15:22
Tu peux envoyer les rapports sur destrio5@free.fr
0
Réponse 12 / 40
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
29 oct. 2008 à 17:50
---> Relance MBAM, va dans Quarantaine et supprime tout.
0
Réponse 13 / 40
StaFFer
30 oct. 2008 à 15:51
Voila c'est fait. Ca devrait aller maintenant ?

merci beaucoup en tout cas
0
Réponse 14 / 40
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
30 oct. 2008 à 16:46
--> Télécharge UsbFix (de Chiquitine29) sur ton Bureau :
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe

--> Lance l'installation avec les paramètres par défaut.

--> Branche tes sources de données externes à ton PC (clé USB, disque dur externe, etc...) sans les ouvrir.

--> Double-clique sur le raccourci UsbFix sur ton Bureau.

--> Le PC va redémarrer.

--> Après redémarrage, poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque.

(Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet "Fichier", "Nouvelle tâche", tape explorer.exe et valide)
0
Réponse 15 / 40
StaFFer Messages postés 23 Date d'inscription vendredi 24 octobre 2008 Statut Membre Dernière intervention 7 mars 2010
30 oct. 2008 à 22:24
Le disque dur externe je l'allume ou je le branche eteint ?
0
Réponse 16 / 40
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
30 oct. 2008 à 22:26
Allumé et branché pour que UsbFix puisse le scanner.
0
Réponse 17 / 40
StaFFer Messages postés 23 Date d'inscription vendredi 24 octobre 2008 Statut Membre Dernière intervention 7 mars 2010
1 nov. 2008 à 23:19
-------------- UsbFix V2.395 ---------------

* User : Staffer - STAFFERORDI
* Outils mis a jours le 27/10/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 23:15:20 le 01/11/2008
* Windows Xp - Internet Explorer 6.0.2900.2180


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\DOCUME~1\Staffer\LOCALS~1\Temp\1.tmp\b2e.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe


--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe

E: - Lecteur de CD-ROM

G: - Lecteur fixe

S: - Lecteur fixe


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
icon=BF2.ico
open=Autorun.exe

--------------- [ Registre / Startup ] ----------------


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
NvCplDaemon REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz REG_SZ nwiz.exe /install
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
RTHDCPL REG_SZ RTHDCPL.EXE
Alcmtr REG_SZ ALCMTR.EXE
CONNECTScheduler REG_SZ "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
NvMediaCenter REG_SZ RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
ZoneAlarm Client REG_SZ "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
EPSON Stylus DX8400 Series REG_SZ C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S166.tmp" /EF "HKCU"

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command
Supprimé ! - HKEY_USERS\S-1-5-21-448539723-1450960922-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Echec de la supression !! - E:\autorun.inf
Echec de la supression !! - E:\autorun.exe
Echec de la supression !! - E:\setup.exe
Echec de la supression !! - E:\autorun.inf
Echec de la supression !! - E:\autorun.inf
Echec de la supression !! - E:\AutoRun

--------------- ! Fin du rapport ! ----------------
0
Réponse 18 / 40
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
1 nov. 2008 à 23:33
---> Désinstalle UsbFix.

---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe

---> Double-clique sur OTMoveIt3.exe afin de le lancer.

---> Copie (Ctrl+C) le texte suivant ci-dessous :





:processes
explorer.exe

:files
C:\Program Files\gnzwuze
C:\Documents and Settings\All Users\Application Data\nwrwtolw
C:\WINDOWS\system32\brastk.exe.vir
C:\WINDOWS\system32\jqhepuxw.exe

:commands
[purity]
[emptytemp]
[start explorer]
[reboot]





---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.

Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.

---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
0
Réponse 19 / 40
StaFFer Messages postés 23 Date d'inscription vendredi 24 octobre 2008 Statut Membre Dernière intervention 7 mars 2010
3 nov. 2008 à 23:27
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\Program Files\gnzwuze moved successfully.
C:\Documents and Settings\All Users\Application Data\nwrwtolw moved successfully.
File/Folder C:\WINDOWS\system32\brastk.exe.vir not found.
File/Folder C:\WINDOWS\system32\jqhepuxw.exe not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Staffer\LOCALS~1\Temp\~DF284F.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Staffer\LOCALS~1\Temp\~DF297E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Staffer\LOCALS~1\Temp\~DF39D3.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Staffer\LOCALS~1\Temp\~DF3A66.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ZLT01f5d.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT01f61.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx scheduled to be deleted on reboot.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.7.0 log created on 11032008_232149

Files moved on Reboot...
File C:\DOCUME~1\Staffer\LOCALS~1\Temp\~DF284F.tmp not found!
File C:\DOCUME~1\Staffer\LOCALS~1\Temp\~DF297E.tmp not found!
File C:\DOCUME~1\Staffer\LOCALS~1\Temp\~DF39D3.tmp not found!
File C:\DOCUME~1\Staffer\LOCALS~1\Temp\~DF3A66.tmp not found!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.
C:\WINDOWS\temp\ZLT01f5d.TMP moved successfully.
C:\WINDOWS\temp\ZLT01f61.TMP moved successfully.
C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\adoc.bx moved successfully.
C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\md.dat moved successfully.
C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\url.ax moved successfully.
C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\w.ax moved successfully.
C:\Documents and Settings\Staffer\Local Settings\Application Data\Opera\Opera\Profile\vps\0000\wb.vx moved successfully.
0
Réponse 20 / 40
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 297
3 nov. 2008 à 23:35
---> Poste un nouveau rapport HijackThis.

Encore des soucis ?
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Comment éliminer manuellement virus trojan?
ballag -
RClog -

12 réponses