Infecte avec Mirar et autres malwares, help!

Question

Bonjour,

Je crois que je suis infecte avec Mirar que je n'arrive pas a enlever. Je pense que j'ai aussi d'autres virus car des fenetres s'ouvrent dans  firefox. J'ai fait un Spybot. Ca va un peu mieux mais je crois que Mirar est toujours installe comme programme. Comment m'assurer que tout est 'clean'?
Merci de votre aide! 
J'ai fait un Hijack this, le resultat est le suivant:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:54:19, on 03/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philips.com/pc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {242e1b59-baf8-4cac-8f5c-67bcc7da71be} - C:\Windows\system32\gafilumu.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Mirar - {947631ED-6480-455D-9058-3FCDC85DC3FD} - C:\Windows\system32\winfe77.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mirar - {947631EC-6480-455D-9058-3FCDC85DC3FD} - C:\Windows\system32\winfe77.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Bar] C:\Users\CORECOG\AppData\Local\Temp\marsnexwco.tmp
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\efcCtrsS.dll,#1
O4 - HKLM\..\Run: [CPM7328bb03] Rundll32.exe "c:\windows\system32\sufohuwe.dll",a
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\kagavuva.dll c:\windows\system32\sufohuwe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sufohuwe.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\sufohuwe.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Utilisateur anonyme · Answer

Bonjour,

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. 

Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

• Redémarre ton ordinateur

• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).

• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.

• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".

• Choisis ton compte.
Déroule la liste des instructions ci-dessous :

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le scrïpt.

• Appuie sur Y pour commencer le processus de nettoyage.

• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

• Appuie sur une touche pour redémarrer le PC.

• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

• Appuie sur une touche pour finir l'exécution du scrïpt et charger les icônes de ton Bureau.

• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Kindo_74 · Answer

Merci 
mais je n'arrive pas à debuter la procédure. je double clique sur le runthis.bat mais la fenêtre du  script aparait seulement un millième de seconde pas le temps de taper 'Y'
que faire?

Utilisateur anonyme · Answer

Re,

essai ceci:

• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.

Kindo_74 · Answer

le script marche cette fois ci, mais je vais le faire en mode sans échec

Kindo_74 · Answer

en mode sans échec àa marche toujours pas
je réessaie en mode normal

Utilisateur anonyme · Answer

Re,

En mode normal croit pas que sa fonctionne.

Passe sa alors mais fait les procédure de mise en garde.

 Fais exactement ce qui suit :

Télécharge ComboFix (par sUBs) sur ton Bureau (et pas ailleurs !):

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! Déconnecte toi,ferme tes applications en cours ( ainsi que ton navigateur ) et DESACTIVE TOUTES TES DEFENSES (anti-virus, guarde anti spy-ware, pare-feu) le temps de la manipe :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
--->Important : si tu rencontres des difficultés à ce niveau là, fais m'en part avant de poursuivre ...
Tuto ( aide ) ici : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
 Note : pour XP, bien installer<gras> la Console de Récupération de Windows comme il est indiqué dans le tuto ci-dessus ...
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-clique sur l'icône "combofix.exe" pour lancer l'outil .

Appuie sur la touche Y (Yes) pour démarrer le scan .

Notes importantes :
-> n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi .
-> Il se peut que le PC redémarre de lui même ( pour finaliser le nettoyage ) , laisse le faire .
-> Si l'outil t'anonce ceci : "combofix a détecté la présence de rootkit et a besoin de faire redémarer votre machine", tu acceptes ...
-> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer ( et pas sur autre chose ! sinon pas de rapport ... )

Le rapport sera crée ici : C:\Combofix.txt

Réactive bien tes défenses .


Poste le rapport Combofix accompagné d'un nouveau rapport hijackthis pour analyse ...

Kindo_74 · Answer

ok je vais faire ça, j'ai essayé bcp de fois mais sans succès

même 'run as administrator' mais rien
donc j'essaie combofix maintenant
merci

Kindo_74 · Answer

voici le combofix log

ComboFix 08-12-02.02 - CORECOG 2008-12-03 15:46:54.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1213 [GMT 0:00]
Running from: c:\users\CORECOG\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\asaromas.ini
c:\windows\system32\prunnet.exe
c:\windows\system32\x64
c:\windows\system32\yayXRljk.dll
c:\windows\Tasks\ouvochkk.job

----- BITS: Possible infected sites -----

hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.

2008-12-03 15:13 . 2008-12-03 15:28 <DIR> d-------- C:\SDFix
2008-12-03 11:55 . 2008-12-03 11:55 153 --a------ c:\windows\wininit.ini
2008-12-03 11:05 . 2008-12-03 11:05 <DIR> d-------- c:\program files\Trend Micro
2008-12-03 10:57 . 2008-12-03 11:58 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-12-03 10:57 . 2008-12-03 11:57 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-02 21:12 . 2008-12-02 21:13 <DIR> d-------- c:\programdata\Lavasoft
2008-12-02 21:12 . 2008-12-02 21:12 <DIR> d-------- c:\program files\Lavasoft
2008-12-02 20:50 . 2008-12-02 20:50 34,816 --a------ c:\windows\System32\qoMEuuTK.dll
2008-12-02 20:49 . 2008-11-21 20:15 401,408 --a------ c:\windows\System32\winfe77.dll
2008-11-26 08:14 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 08:14 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 08:14 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 08:14 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 08:14 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-22 08:03 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-22 08:03 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-22 08:03 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-22 08:03 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-22 08:03 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-22 08:03 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-22 08:03 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-22 08:02 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-22 08:02 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-11 19:26 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-11 19:26 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-11 19:26 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-11 19:22 . 2008-11-11 19:22 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-11-11 14:52 . 2000-05-22 00:58 647,872 --------- c:\windows\System32\Mscomct2.ocx
2008-11-11 14:52 . 2006-10-05 22:17 53,248 --------- c:\windows\Ctregrun.exe
2008-11-11 14:51 . 2008-11-11 14:54 <DIR> d-------- c:\programdata\Creative
2008-11-11 14:49 . 2008-11-11 14:51 <DIR> d--h----- c:\program files\Creative Installation Information
2008-11-11 14:49 . 2008-11-11 14:52 <DIR> d-------- c:\program files\Creative
2008-11-11 14:49 . 2008-11-11 14:49 <DIR> d-------- c:\program files\Common Files\Creative
2008-11-10 13:05 . 2008-11-10 13:05 <DIR> d-------- c:\programdata\Apple Computer
2008-11-10 13:05 . 2008-11-10 13:05 <DIR> d-------- c:\program files\Common Files\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 21:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-02 20:53 --------- d-----w c:\users\CORECOG\AppData\Roaming\Azureus
2008-12-02 18:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-02 14:37 --------- d-----w c:\program files\Return to Castle Wolfenstein
2008-12-02 14:32 --------- d-----w c:\program files\EA GAMES
2008-12-01 21:07 --------- d-----w c:\users\CORECOG\AppData\Roaming\Gearbox Software
2008-11-24 08:07 --------- d-----w c:\program files\Azureus
2008-11-10 13:06 --------- d-----w c:\program files\QuickTime
2008-10-22 07:50 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll
2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-07-22 21:56 174 --sha-w c:\program files\desktop.ini
2008-07-12 19:55 22,328 ----a-w c:\users\CORECOG\AppData\Roaming\PnkBstrK.sys
2008-01-29 12:45 0 ----a-w c:\users\CORECOG\AppData\Roaming\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{947631ED-6480-455D-9058-3FCDC85DC3FD}]
2008-11-21 20:15 401408 --a------ c:\windows\system32\winfe77.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{947631EC-6480-455D-9058-3FCDC85DC3FD}"= "c:\windows\system32\winfe77.dll" [2008-11-21 401408]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{947631EC-6480-455D-9058-3FCDC85DC3FD}"= "c:\windows\system32\winfe77.dll" [2008-11-21 401408]

[HKEY_CLASSES_ROOT\clsid\{947631ec-6480-455d-9058-3fcdc85dc3fd}]
[HKEY_CLASSES_ROOT\TypeLib\{AC53DCEB-9DE4-4C9B-BD02-CDA17BD75571}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808]
"TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-29 171448]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-18 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-18 141848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe]

c:\users\CORECOG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-07-28 575488]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-01-29 18944]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-02-03 163840]
Directrec Configuration Tool.lnk - c:\program files\Olympus\DeviceDetector\DirectrecConfig.exe [2008-02-03 122880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\kagavuva.dll c:\windows\system32\sufohuwe.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{525F25C8-70FD-401C-84B3-553BD3CF39D5}c:\\program files\\azureus\\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus
"UDP Query User{492EFF8F-39BC-4A61-877D-414BB04749CB}c:\\program files\\azureus\\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus
"{C11C63EC-288D-4EB0-93D8-A20E8599B72B}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7171B7A2-F3E8-477D-B686-FD95E0DC1872}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3FDBADCB-8A87-4F31-AA25-BEC235E3D070}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{19C38AA1-5B33-4DC4-88CF-DE143A9963F2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{6463B37B-C9D5-478A-B52A-2F2C395B99B5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{E9730032-4994-4BD5-9A67-826914FB31F7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9847D713-CD9A-448B-A62F-4F26458009DB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{7A6FE7F7-D035-45D7-A791-0259520BCA8B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3F69A3FA-B10A-4E72-B796-1EF23488EF6F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{0BAB2137-9FB8-4F27-B328-A2E71C35DFE6}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{15126E54-E5BC-4CBA-84C3-B3196BC10FAA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{7670FDF4-03B9-403C-9A1E-5B5FD8C2A518}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{B3CF5217-642B-451F-A241-0D028694B28C}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{CAFB00F4-A3CE-4A4A-B85D-2964E8FC8C3C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{6346D3D6-E9D3-4FE9-A768-39FE3265812D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{082E9DD0-DEEA-4B3C-842D-97650CC87509}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{583B439C-2137-4466-B516-FB5A5C91C7A1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{EF56FB63-9856-4D37-AADA-CCF90960E83F}c:\\users\\corecog\\documents\\azureus downloads\\counter-strike 1.6 + half-life\\hl.exe"= UDP:c:\users\corecog\documents\azureus downloads\counter-strike 1.6 + half-life\hl.exe:hl.exe
"UDP Query User{3E88F6C8-8434-4DFF-9D83-88192FA62A72}c:\\users\\corecog\\documents\\azureus downloads\\counter-strike 1.6 + half-life\\hl.exe"= TCP:c:\users\corecog\documents\azureus downloads\counter-strike 1.6 + half-life\hl.exe:hl.exe
"{4B3D47E5-2932-4AE6-87AB-7A9AD0392D1B}"= UDP:c:\windows\System32\VSSVC.exe:vssvc
"{48F3E500-ABDA-4D95-AD7D-488877C59DB4}"= TCP:c:\windows\System32\VSSVC.exe:vssvc

R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-19 75856]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-19 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-01-29 50768]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-12-03 809296]
R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-09-06 123776]
R3 GETND6V;VIA Velocity Family Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\getnd6v.sys [2007-09-27 47104]
S3 GETNDIS;VIA Networking Velocity Family Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\getnd6.sys [2006-11-02 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8591b9be-734b-11dd-b8ce-00030d000001}]
\shell\AutoRun\command - xih9.cmd
\shell\explore\Command - xih9.cmd
\shell\open\Command - xih9.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0eda68e-6308-11dd-8850-00030d000001}]
\shell\AutoRun\command - Autorun.exe /run
\shell\Shell00\Command - Autorun.exe /run
\shell\Shell01\Command - Autorun.exe /action
\shell\Shell02\Command - Autorun.exe /uninstall

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca85651-4eb7-11dd-9586-00030d000001}]
\shell\AutoRun\command - d:\setup\rsrc\Autorun.exe
\shell\dinstall\command - d:\directx\dxsetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fab233eb-5ca0-11dd-a8b9-00030d000001}]
\shell\AutoRun\command - F:\autorun.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{242e1b59-baf8-4cac-8f5c-67bcc7da71be} - c:\windows\system32\gafilumu.dll
HKLM-Run-MSServer - c:\windows\system32\efcCtrsS.dll
HKLM-Run-CPM7328bb03 - c:\windows\system32\sufohuwe.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\CORECOG\AppData\Roaming\Mozilla\Firefox\Profiles\81omlbzw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.mail.yahoo.com
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-03 15:54:30
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Olympus\DeviceDetector\DM1Service.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\O2Micro Oz128 Driver\o2flash.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Alwil Software\Avast4\ashDisp.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-12-03 15:59:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-03 15:59:30

Pre-Run: 5,331,562,496 bytes free
Post-Run: 6,001,905,664 bytes free

231 --- E O F --- 2008-12-01 15:42:23

Kindo_74 · Answer

et le hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:06:13, on 03/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32	askeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Windows\Explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philips.com/pc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Mirar - {947631ED-6480-455D-9058-3FCDC85DC3FD} - C:\Windows\system32\winfe77.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mirar - {947631EC-6480-455D-9058-3FCDC85DC3FD} - C:\Windows\system32\winfe77.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Bar] C:\Users\CORECOG\AppData\Local\Temp\marsnexwco.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\kagavuva.dll c:\windows\system32\sufohuwe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Utilisateur anonyme · Answer

Re,

 &#x25B6 Télécharge Toolbar-S&D (Team IDN) sur ton Bureau : 

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
&#x25B6
Double-clique sur le raccourci de Toolbar-S&D

&#x25B6 NB : Si tu es sous Vista : clique-droit sur le raccourci de Toolbar-S&D sur le Bureau et choisis "Exécuter en tant qu' Administrateur".

&#x25B6 Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

&#x25B6 Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

&#x25B6 Poste le rapport généré. (C:\TB.txt).

Kindo_74 · Answer

la recherche de toolbar s&d dure depuis plus de 3h c'est normal?

Utilisateur anonyme · Answer

Re,

Non,arrête le et fait ceci:

Telecharge malwarebytes + tutoriel :

https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

&#x25B6 Tu l´instale; le programme va se mettre automatiquement a jour.

&#x25B6 Une fois a jour, le programme va se lancer; click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

&#x25B6 Click maintenant sur l´onglet recherche et coche la case : "executer un examen complet".

&#x25B6 Puis click sur "rechercher".

&#x25B6 Laisse le scanner le pc...

&#x25B6 Si des elements on ete trouvés > click sur supprimer la selection.

&#x25B6 Si il t´es demandé de redemarrer > click sur "yes".

&#x25B6 A la fin un rapport va s´ouvrir; sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.

&#x25B6 Copie et colle le rapport stp.

Kindo_74 · Answer

ok je lance le programme

Kindo_74 · Answer

voici le log 


Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1454
Windows 6.0.6001 Service Pack 1

03/12/2008 22:01:24
mbam-log-2008-12-03 (22-01-11).txt

Type de recherche: Examen complet (C:\|S:\|)
Eléments examinés: 167085
Temps écoulé: 1 hour(s), 59 minute(s), 26 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{947631ed-6480-455d-9058-3fcdc85dc3fd} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{947631ed-6480-455d-9058-3fcdc85dc3fd} (Adware.BHO) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Windows\System32\qoMEuuTK.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\winfe77.dll (Adware.BHO) -> No action taken.

Lyonnais92 · Answer

Bonjour,

vérifie que MBAL a mis en quarantaine tous les éléments décelés.

Vide cette quarantaine.

Ensuite, fais ça :

Télécharge ici :

http://images.malwareremoval.com/random/RSIT.exe

random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

Double-clique sur RSIT.exe afin de lancer RSIT.

Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt ).

Kindo_74 · Answer

merci
mais il n'y avait rien dans l'onglet quarantaine


sinon voici le log demande

merci bcp


Logfile of random's system information tool 1.04 (written by random/random)
Run by CORECOG at 2008-12-04 08:02:15
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 6 GB (6%) free of 107 GB
Total RAM: 2039 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:02:28, on 04/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\CORECOG\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\CORECOG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philips.com/pc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Mirar - {947631ED-6480-455D-9058-3FCDC85DC3FD} - C:\Windows\system32\winfe77.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mirar - {947631EC-6480-455D-9058-3FCDC85DC3FD} - C:\Windows\system32\winfe77.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Bar] C:\Users\CORECOG\AppData\Local\Temp\marsnexwco.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\kagavuva.dll c:\windows\system32\sufohuwe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Kindo_74 · Answer

le pare feu vient aussi de m'indiquer n trojan vundo.gen, mais apparement il l'a enleve

Kindo_74 · Answer

merci
mais il n'y avait rien dans l'onglet quarantaine


sinon voici le log demande

merci bcp


Logfile of random's system information tool 1.04 (written by random/random)
Run by CORECOG at 2008-12-04 08:02:15
Microsoft® Windows Vista™ Home Premium  Service Pack 1
System drive C: has 6 GB (6%) free of 107 GB
Total RAM: 2039 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:02:28, on 04/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\CORECOG\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\CORECOG.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.philips.com/pc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Mirar - {947631ED-6480-455D-9058-3FCDC85DC3FD} - C:\Windows\system32\winfe77.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Mirar - {947631EC-6480-455D-9058-3FCDC85DC3FD} - C:\Windows\system32\winfe77.dll
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Bar] C:\Users\CORECOG\AppData\Local\Temp\marsnexwco.tmp
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Readereader_sl.exe
O4 - Global Startup: Device Detector 3.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files\Olympus\DeviceDetector\DirectrecConfig.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~3.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix: 
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\kagavuva.dll c:\windows\system32\sufohuwe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

Lyonnais92 · Answer

Bonjour,

désinstalle Spybot S&D et fais redémarrer l'ordinateur.


Télécharge Toolbar-S&D (Team IDN) sur ton Bureau :

https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    * Lance l'installation du programme en exécutant le fichier téléchargé.
    * Double-clique maintenant sur le raccourci de Toolbar-S&D.
    * Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    * Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    * Poste le rapport généré. (C:\TB.txt)

Kindo_74 · Answer

Bonjour
je dois partir et je reviendrais dans la soiree, je posterai les resultats ce soir

merci encore

Kindo_74 · Answer

le log
  


 -----------\  ToolBar S&D 1.2.5   XP/Vista

   Microsoft® Windows Vista™ Home Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Duo CPU     T7250  @ 2.00GHz )
   BIOS : BIOS Date: 10/09/07 12:03:10 Ver: R1.01
   USER : CORECOG ( Administrator )
   BOOT : Normal boot
   Antivirus : avast! antivirus 4.8.1169 [VPS 081204-0] 4.8.1169 (Activated)
   C:\ (Local Disk) - NTFS - Total:104 Go (Free:7 Go)
   D:\ (CD or DVD)
   E:\ (CD or DVD)
   S:\ (Local Disk) - NTFS - Total:1 Go (Free:1 Go)

   "C:\ToolBar SD" ( MAJ : 20-11-2008|20:25 )
   Option : [1] ( 05/12/2008| 9:11 )

   [ UAC => 0 ]

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\Windows\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="http://www.philips.com/pc"
   "Url"="http://www.microsoft.com/athome/community/rss.xml"
   "Url"="http://www.microsoft.com/atwork/community/rss.xml"
   "Url"="http://rss.msn.com/en-us/?feedoutput=rss&ocid=iehrs&unsub=true"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"


   --------------------\  Recherche d'autres infections

   --------------------\  Cracks & Keygens ..

   C:\Users\CORECOG\AppData\Roaming\Azureus	orrents\Miss Marple.The Mirror Crack'd[1992]Eng.DvDrip.NeRoZ [mininova].torrent
   C:\Users\CORECOG\AppData\Roaming\Azureus	orrents\Run.Fat.Boy.Run.DVDRip.XviD-Crackpots.4029029.TPB [mininova].torrent
   C:\Users\CORECOG\Documents\Azureus Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\crack
   C:\Users\CORECOG\Documents\Azureus Downloads\Call of duty 4 [PC-DVD] [English] [www.topetorrent.com]\crackzr-cod4.exe
   C:\Users\CORECOG\Documents\Azureus Downloads\PC_Call of Duty 1 -(.rip.)-(ToeD)\Call of Duty\The Call of Duty\Crack
   C:\Users\CORECOG\Documents\Azureus Downloads\PC_Call of Duty 1 -(.rip.)-(ToeD)\Call of Duty\The Call of Duty\Crack\CoDMP.exe
   C:\Users\CORECOG\Documents\Azureus Downloads\PC_Call of Duty 1 -(.rip.)-(ToeD)\Call of Duty\The Call of Duty\Crack\CoDSP.exe
   C:\Users\CORECOG\Documents\Azureus Downloads\PC_Call of Duty 1 -(.rip.)-(ToeD)\Call of Duty\The Call of Duty\Crack\ToeD.exe
   C:\Users\CORECOG\Documents\Azureus Downloads\PC_Call of Duty 1 -(.rip.)-(ToeD)\Call of Duty\The Call of Duty\Crack\Vistro.exe


   [ UAC => 1 ]


   1 - "C:\ToolBar SD\TB_1.txt" - 05/12/2008| 9:13 - Option : [1]

   -----------\  Fin du rapport a  9:13:14.48

Lyonnais92 · Answer

Re,

6) Double clique sur l'icône de MBAM sur ton Bureau. La fenêtre principale de MBAM s'affiche. Clique sur l'onglet Mise à jour et mets à jour.

7)reviens sur  l'onglet analyse, vérifie que "Exécuter une analyse rapide"  est coché et clique sur le bouton Rechercher pour démarrer l'analyse.

8) MBAM analyse ton ordinateur. L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.

9) A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.

10) Si des malwares ont été détectés, leur liste s'affiche.
En cliquant sur Suppression (?) , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.

11) MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)

12) Ferme MBAM en cliquant sur Quitter.

13) Poste le rapport dans ta réponse

Kindo_74 · Answer

merci beaucoup

voila le log Mbam (scan rapide seulement), un element trouve 



Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1464
Windows 6.0.6001 Service Pack 1

05/12/2008 22:17:02
mbam-log-2008-12-05 (22-17-02).txt

Type de recherche: Examen rapide
Eléments examinés: 51240
Temps écoulé: 3 minute(s), 11 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Lyonnais92 · Answer

Re,

désinstalle Spybot S&D (démarrer, Panneau de configuration et Ajout.suppression de programmes)

==================

On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


* Vérifie que tu as fermé/désactivé tous les programmes anti-virus, anti-malware ou anti-spyware afin qu'ils n'interfèrent pas avec le travail de ComboFix.

Envoie le contenu de C:\ComboFix.txt dans ta prochaine réponse afin que je l'examine.

Kindo_74 · Answer

salut voici le log combofix cela m'a pris un peu de temps car j'ai eu du mal a voir comment cela marchait avec vista, mais bon j'ai charge la recovery console sur dvd et j'ai redemare, j'espere que c'etait comme ca! en tout cas merci encore ComboFix 08-12-06.06 - CORECOG 2008-12-07 11:01:12.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1190 [GMT 0:00] Running from: c:\users\CORECOG\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 ))))))))))))))))))))))))))))))) . 2008-12-04 08:02 . 2008-12-04 08:02 d-------- C: sit 2008-12-03 19:38 . 2008-12-03 19:38 d-------- c:\users\CORECOG\AppData\Roaming\Malwarebytes 2008-12-03 19:38 . 2008-12-03 19:38 d-------- c:\programdata\Malwarebytes 2008-12-03 19:38 . 2008-12-05 22:05 d-------- c:\program files\Malwarebytes' Anti-Malware 2008-12-03 19:38 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys 2008-12-03 19:38 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys 2008-12-03 16:17 . 2008-12-05 09:13 d-------- C:\ToolBar SD 2008-12-03 15:13 . 2008-12-03 15:28 d-------- C:\SDFix 2008-12-03 11:55 . 2008-12-03 11:55 153 --a------ c:\windows\wininit.ini 2008-12-03 11:05 . 2008-12-03 11:05 d-------- c:\program files\Trend Micro 2008-12-03 10:57 . 2008-12-05 09:06 d-------- c:\programdata\Spybot - Search & Destroy 2008-12-03 10:57 . 2008-12-05 09:06 d-------- c:\program files\Spybot - Search & Destroy 2008-12-02 21:12 . 2008-12-02 21:13 d-------- c:\programdata\Lavasoft 2008-12-02 21:12 . 2008-12-02 21:12 d-------- c:\program files\Lavasoft 2008-11-26 08:14 . 2008-10-21 05:25 1,645,568 --a------ c:\windows\System32\connect.dll 2008-11-26 08:14 . 2008-08-28 03:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll 2008-11-26 08:14 . 2008-08-28 03:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll 2008-11-26 08:14 . 2008-08-28 03:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll 2008-11-26 08:14 . 2008-10-22 03:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll 2008-11-22 08:03 . 2008-10-16 21:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll 2008-11-22 08:03 . 2008-10-16 20:56 1,524,736 --a------ c:\windows\System32\wucltux.dll 2008-11-22 08:03 . 2008-10-16 21:12 561,688 --a------ c:\windows\System32\wuapi.dll 2008-11-22 08:03 . 2008-10-16 20:55 83,456 --a------ c:\windows\System32\wudriver.dll 2008-11-22 08:03 . 2008-10-16 21:09 51,224 --a------ c:\windows\System32\wuauclt.exe 2008-11-22 08:03 . 2008-10-16 21:09 43,544 --a------ c:\windows\System32\wups2.dll 2008-11-22 08:03 . 2008-10-16 21:08 34,328 --a------ c:\windows\System32\wups.dll 2008-11-22 08:02 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll 2008-11-22 08:02 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe 2008-11-11 19:26 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll 2008-11-11 19:26 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll 2008-11-11 19:26 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys 2008-11-11 19:22 . 2008-11-11 19:22 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf 2008-11-11 14:52 . 2000-05-22 00:58 647,872 --------- c:\windows\System32\Mscomct2.ocx 2008-11-11 14:52 . 2006-10-05 22:17 53,248 --------- c:\windows\Ctregrun.exe 2008-11-11 14:51 . 2008-11-11 14:54 d-------- c:\programdata\Creative 2008-11-11 14:49 . 2008-11-11 14:51 d--h----- c:\program files\Creative Installation Information 2008-11-11 14:49 . 2008-11-11 14:52 d-------- c:\program files\Creative 2008-11-11 14:49 . 2008-11-11 14:49 d-------- c:\program files\Common Files\Creative 2008-11-10 13:05 . 2008-11-10 13:05 d-------- c:\programdata\Apple Computer 2008-11-10 13:05 . 2008-11-10 13:05 d-------- c:\program files\Common Files\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-12-07 09:57 --------- d-----w c:\users\CORECOG\AppData\Roaming\Azureus 2008-12-02 21:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-12-02 18:05 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-02 14:37 --------- d-----w c:\program files\Return to Castle Wolfenstein 2008-12-02 14:32 --------- d-----w c:\program files\EA GAMES 2008-12-01 21:07 --------- d-----w c:\users\CORECOG\AppData\Roaming\Gearbox Software 2008-11-24 08:07 --------- d-----w c:\program files\Azureus 2008-11-10 13:06 --------- d-----w c:\program files\QuickTime 2008-10-22 07:50 --------- d-----w c:\program files\Windows Mail 2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll 2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll 2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32 tkrnlpa.exe 2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32 toskrnl.exe 2008-09-18 04:56 147,456 ----a-w c:\windows\System32\Faultrep.dll 2008-09-18 04:56 125,952 ----a-w c:\windows\System32\wersvc.dll 2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys 2008-07-22 21:56 174 --sha-w c:\program files\desktop.ini 2008-07-12 19:55 22,328 ----a-w c:\users\CORECOG\AppData\Roaming\PnkBstrK.sys 2008-01-29 12:45 0 ----a-w c:\users\CORECOG\AppData\Roaming\wklnhst.dat . ((((((((((((((((((((((((((((( snapshot@2008-12-03_15.58.19.44 ))))))))))))))))))))))))))))))))))))))))) . - 2008-12-03 15:53:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-12-07 10:56:33 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-12-07 10:56:33 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-12-03 15:53:46 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-07 10:58:10 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-12-07 10:58:10 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService tuser.dat.LOG1 - 2008-12-03 15:53:47 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-07 10:58:15 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-12-07 10:58:15 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService tuser.dat.LOG1 - 2008-12-03 15:55:02 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-12-07 10:56:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-12-03 15:55:02 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2008-12-07 10:56:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2008-12-03 15:55:02 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-12-07 10:56:34 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2008-12-03 15:46:43 262,144 ----a-w c:\windows\System32\config\systemprofile tuser.dat + 2008-12-07 10:59:44 262,144 ----a-w c:\windows\System32\config\systemprofile tuser.dat - 2008-12-03 15:47:29 106,696 ----a-w c:\windows\System32\perfc009.dat + 2008-12-07 11:03:15 106,696 ----a-w c:\windows\System32\perfc009.dat - 2008-12-03 15:47:29 603,282 ----a-w c:\windows\System32\perfh009.dat + 2008-12-07 11:03:15 603,282 ----a-w c:\windows\System32\perfh009.dat - 2008-12-03 15:55:37 10,690 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-166733217-2719804015-3413246162-1000_UserData.bin + 2008-12-07 10:58:27 10,698 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-166733217-2719804015-3413246162-1000_UserData.bin - 2008-12-03 15:55:37 72,602 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-12-07 10:58:27 72,926 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-08-14 12:27:31 2,564 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat + 2008-12-06 16:43:52 1,794 ----a-w c:\windows\System32\WDI\ERCQueuedResolutions.dat - 2008-12-03 15:43:08 46,892 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-12-07 10:58:25 47,250 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin - 2008-11-30 19:30:44 193,418 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2008-12-06 12:40:18 217,990 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2008-11-28 15:08:02 156,362 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2008-12-06 12:05:31 173,260 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ATnotes.exe"="c:\program files\ATnotes\ATnotes.exe" [2005-01-05 1015808] "TClockEx"="c:\program files\TClockEx\TCLOCKEX.EXE" [2000-03-09 89088] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-29 171448] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-03-20 217544] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 79224] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-18 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-18 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-18 141848] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 c:\windows\RtHDVCpl.exe] c:\users\CORECOG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2008-07-28 575488] WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2008-01-29 18944] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader eader_sl.exe [2005-09-23 29696] Device Detector 3.lnk - c:\program files\Olympus\DeviceDetector\DevDtct2.exe [2008-02-03 163840] Directrec Configuration Tool.lnk - c:\program files\Olympus\DeviceDetector\DirectrecConfig.exe [2008-02-03 122880] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "FilterAdministratorToken"= 1 (0x1) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\kagavuva.dll c:\windows\system32\sufohuwe.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "VIDC.X264"= x264vfw.dll "VIDC.3iv2"= 3ivxVfWCodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "UacDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{525F25C8-70FD-401C-84B3-553BD3CF39D5}c:\program files\azureus\azureus.exe"= UDP:c:\program files\azureus\azureus.exe:Azureus "UDP Query User{492EFF8F-39BC-4A61-877D-414BB04749CB}c:\program files\azureus\azureus.exe"= TCP:c:\program files\azureus\azureus.exe:Azureus "{C11C63EC-288D-4EB0-93D8-A20E8599B72B}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{7171B7A2-F3E8-477D-B686-FD95E0DC1872}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{3FDBADCB-8A87-4F31-AA25-BEC235E3D070}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{19C38AA1-5B33-4DC4-88CF-DE143A9963F2}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{6463B37B-C9D5-478A-B52A-2F2C395B99B5}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{E9730032-4994-4BD5-9A67-826914FB31F7}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{9847D713-CD9A-448B-A62F-4F26458009DB}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{7A6FE7F7-D035-45D7-A791-0259520BCA8B}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{3F69A3FA-B10A-4E72-B796-1EF23488EF6F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "TCP Query User{0BAB2137-9FB8-4F27-B328-A2E71C35DFE6}c:\program files\mozilla firefox\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{15126E54-E5BC-4CBA-84C3-B3196BC10FAA}c:\program files\mozilla firefox\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "{7670FDF4-03B9-403C-9A1E-5B5FD8C2A518}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{B3CF5217-642B-451F-A241-0D028694B28C}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA "{CAFB00F4-A3CE-4A4A-B85D-2964E8FC8C3C}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{6346D3D6-E9D3-4FE9-A768-39FE3265812D}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB "{082E9DD0-DEEA-4B3C-842D-97650CC87509}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "{583B439C-2137-4466-B516-FB5A5C91C7A1}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM) "TCP Query User{EF56FB63-9856-4D37-AADA-CCF90960E83F}c:\users\corecog\documents\azureus downloads\counter-strike 1.6 + half-life\hl.exe"= UDP:c:\users\corecog\documents\azureus downloads\counter-strike 1.6 + half-life\hl.exe:hl.exe "UDP Query User{3E88F6C8-8434-4DFF-9D83-88192FA62A72}c:\users\corecog\documents\azureus downloads\counter-strike 1.6 + half-life\hl.exe"= TCP:c:\users\corecog\documents\azureus downloads\counter-strike 1.6 + half-life\hl.exe:hl.exe "{4B3D47E5-2932-4AE6-87AB-7A9AD0392D1B}"= UDP:c:\windows\System32\VSSVC.exe:vssvc "{48F3E500-ABDA-4D95-AD7D-488877C59DB4}"= TCP:c:\windows\System32\VSSVC.exe:vssvc R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2007-04-03 39680] R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-04-02 35712] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-19 75856] R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2008-04-19 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2008-01-29 50768] R3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-09-06 123776] R3 GETND6V;VIA Velocity Family Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\getnd6v.sys [2007-09-27 47104] S3 GETNDIS;VIA Networking Velocity Family Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\getnd6.sys [2006-11-02 38912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8591b9be-734b-11dd-b8ce-00030d000001}] \shell\AutoRun\command - xih9.cmd \shell\explore\Command - xih9.cmd \shell\open\Command - xih9.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a0eda68e-6308-11dd-8850-00030d000001}] \shell\AutoRun\command - Autorun.exe /run \shell\Shell00\Command - Autorun.exe /run \shell\Shell01\Command - Autorun.exe /action \shell\Shell02\Command - Autorun.exe /uninstall [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bca85651-4eb7-11dd-9586-00030d000001}] \shell\AutoRun\command - d:\setup src\Autorun.exe \shell\dinstall\command - d:\directx\dxsetup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fab233eb-5ca0-11dd-a8b9-00030d000001}] \shell\AutoRun\command - F:\autorun.exe . - - - - ORPHANS REMOVED - - - - WebBrowser-{947631EC-6480-455D-9058-3FCDC85DC3FD} - c:\windows\system32\winfe77.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.philips.com/pc IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 FireFox -: Profile - c:\users\CORECOG\AppData\Roaming\Mozilla\Firefox\Profiles\81omlbzw.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.mail.yahoo.com FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser ppdf32.dll FF -: plugin - c:\program files\Yahoo!\Shared pYState.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-12-07 11:03:53 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-12-07 11:05:21 ComboFix-quarantined-files.txt 2008-12-07 11:05:18 ComboFix2.txt 2008-12-03 15:59:35 Pre-Run: 13,457,346,560 bytes free Post-Run: 12,803,301,376 bytes free 230 --- E O F --- 2008-12-04 19:21:05

Infecte avec Mirar et autres malwares, help!

25 réponses

Votre réponse

Discussions similaires

Newsletters