Sujet Précédent Sujet Suivant

Generic artemis

je ne sais plus quoi faire -  
g!rly Messages postés 18462 Statut Contributeur -
Bonjour,
Voici le rapport suite au scan de Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:58:46, on 2008-12-15
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ca.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://ca.search.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - C:\WINDOWS\system32\winsrc.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: (no name) - {b6543434-98b2-48ef-a4de-785b5588b357} - C:\WINDOWS\system32\bozujeyi.dll (file missing)
O3 - Toolbar: (no name) - {29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [3c30fc34] rundll32.exe "C:\WINDOWS\system32\bitizoku.dll",b
O4 - HKLM\..\Run: [jedelasomo] Rundll32.exe "C:\WINDOWS\system32\kofovuso.dll",s
O4 - HKLM\..\Run: [CPM3f03cfa8] Rundll32.exe "c:\windows\system32\yofolufe.dll",a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Mfcd Aim] C:\DOCUME~1\Carl\APPLIC~1\BYTEIT~1\16 road bike.exe
O4 - HKCU\..\Run: [32994033809240083154774833335439] C:\Program Files\A360\av360.exe
O4 - HKCU\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-4189850523-3091673561-677485609-1010\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Marianne')
O4 - HKUS\S-1-5-21-4189850523-3091673561-677485609-1010\..\Run: [Gestionnaire Antidote.exe] C:\PROGRA~1\Druide\Antidote\Antidote\Gestionnaire Antidote.exe (User 'Marianne')
O4 - HKUS\S-1-5-21-4189850523-3091673561-677485609-1010\..\Run: [Mfcd Aim] \16 road bike.exe (User 'Marianne')
O4 - HKUS\S-1-5-21-4189850523-3091673561-677485609-1010\..\Run: [32994033809240083154774833335439] C:\Program Files\Antivirus 2009\av2009.exe (User 'Marianne')
O4 - HKUS\S-1-5-21-4189850523-3091673561-677485609-1010\..\Run: [ieupdate] "C:\WINDOWS\system32\explorer32.exe" (User 'Marianne')
O4 - HKUS\S-1-5-21-4189850523-3091673561-677485609-1010\..\Run: [CPM3f03cfa8] Rundll32.exe "c:\windows\system32\yofolufe.dll",a (User 'Marianne')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\telonapi.dll C:\WINDOWS\system32\bozujeyi.dll c:\windows\system32\zimemiro.dll c:\windows\system32\rotuwido.dll c:\windows\system32\yipibufi.dll c:\windows\system32\yofolufe.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yipibufi.dll
O22 - SharedTaskScheduler: enlodgement - {aa6d4f53-4c8d-4549-84d2-02d584acc4e9} - (no file)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yipibufi.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

3 réponses

Réponse 1 / 3
g!rly Messages postés 18462 Statut Contributeur 406
 
salut,

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

@+
1
je ne sais plus quoi faire
 
ComboFix 08-12-15.01 - Carl 2008-12-15 20:11:37.2 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.940 [GMT -5:00]
Lancé depuis: c:\documents and settings\Carl\Bureau\ComboFix.exe
* Resident AV is active

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Marianne\Application Data\FunWebProducts
c:\documents and settings\Marianne\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus 2009.lnk
c:\documents and settings\Marianne\Bureau\Antivirus 2009.lnk
c:\documents and settings\Marianne\Menu Démarrer\Antivirus 2009
c:\documents and settings\Marianne\Menu Démarrer\Antivirus 2009\Antivirus 2009.lnk
c:\documents and settings\Marianne\Menu Démarrer\Antivirus 2009\Uninstall Antivirus 2009.lnk
c:\program files\Antivirus 2009
c:\windows\system32\~.exe
c:\windows\system32\bewisobe.dll
c:\windows\system32\bijejezo.dll
c:\windows\system32\bitizoku.dll
c:\windows\system32\davezari.dll
c:\windows\system32\delutaha.dll
c:\windows\system32\emohoweg.ini
c:\windows\system32\ewegovit.ini
c:\windows\system32\explorer32.exe
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\fetepayu.dll
c:\windows\system32\fezovezi.dll
c:\windows\system32\fowuduta.dll
c:\windows\system32\heruwiro.dll
c:\windows\system32\ieupdates.exe
c:\windows\system32\irazevad.ini
c:\windows\system32\iyesedel.ini
c:\windows\system32\izevozef.ini
c:\windows\system32\janodewi.dll
c:\windows\system32\jutokuki.dll
c:\windows\system32\kehitulo.dll
c:\windows\system32\kofovuso.dll
c:\windows\system32\laraguji.dll
c:\windows\system32\ledeseyi.dll
c:\windows\system32\lidatolo.dll
c:\windows\system32\linejegu.dll
c:\windows\system32\linujuju.dll
c:\windows\system32\lofasupu.dll
c:\windows\system32\lumitepu.dll
c:\windows\system32\mafazupe.dll
c:\windows\system32\miyuhava.dll
c:\windows\system32\nupejote.dll
c:\windows\system32\ofajezuy.ini
c:\windows\system32\okifesaz.ini
c:\windows\system32\okisomun.ini
c:\windows\system32\olutihek.ini
c:\windows\system32\opevibut.ini
c:\windows\system32\ozejejib.ini
c:\windows\system32\palowaru.dll
c:\windows\system32\radasufu.dll
c:\windows\system32\rotuwido.dll.vir
c:\windows\system32\suluyeba.dll
c:\windows\system32\tinenuya.dll
c:\windows\system32\tivogewe.dll
c:\windows\system32\tozomodo.dll
c:\windows\system32\tubivepo.dll
c:\windows\system32\tuzatazo.dll
c:\windows\system32\ubufizin.ini
c:\windows\system32\udegafup.ini
c:\windows\system32\uhadekew.ini
c:\windows\system32\ujujunil.ini
c:\windows\system32\ukozitib.ini
c:\windows\system32\upetimul.ini
c:\windows\system32\urawolap.ini
c:\windows\system32\vazuwuso.dll
c:\windows\system32\vigajero.dll
c:\windows\system32\wekedahu.dll
c:\windows\system32\wenabebi.dll
c:\windows\system32\winsrc.dll
c:\windows\system32\yipibufi.dll.vir
c:\windows\system32\yofolufe.dll.vir
c:\windows\system32\yuzejafo.dll
c:\windows\system32\zaniwimo.dll
c:\windows\system32\zasefiko.dll
c:\windows\system32\zimemiro.dll.vir
c:\windows\system32\zolekohi.dll

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
.

2008-12-15 20:07 . 2008-12-15 20:07 <REP> d-------- C:\d54e2476681f1a7fa1ea970fc82a
2008-12-15 19:59 . 2008-12-15 19:59 <REP> d--hs---- C:\FOUND.001
2008-12-15 18:56 . 2008-12-15 18:56 <REP> d-------- c:\program files\Trend Micro
2008-12-15 15:02 . 2008-12-15 15:02 <REP> d--hs---- C:\FOUND.000
2008-12-14 19:23 . 2008-12-14 19:23 <REP> d-------- c:\program files\Ahead
2008-12-13 15:45 . 2008-12-13 15:45 169 --a------ c:\windows\RtlRack.ini
2008-12-13 14:52 . 2008-12-13 14:52 <REP> d-------- c:\program files\byteitchsave
2008-12-13 11:11 . 2008-12-13 11:11 59,904 --a------ c:\windows\system32\drivers\TDSSpaxt.sys
2008-12-13 11:03 . 2008-12-13 11:03 59,904 --a------ c:\windows\system32\drivers\TDSSpqlt.sys
2008-12-10 20:15 . 2008-12-15 20:16 7,909 --a------ c:\windows\system32\Config.MPF
2008-12-10 19:55 . 2008-12-10 19:55 <REP> d-------- c:\program files\A360
2008-12-09 10:11 . 2008-12-09 10:11 0 --a------ c:\windows\system32\okifesaz.tmp
2008-12-07 17:36 . 2008-10-15 11:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-12-04 17:47 . 2008-12-04 17:47 <REP> d-------- c:\program files\SiteAdvisor
2008-12-04 17:45 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-04 17:45 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-04 17:45 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-04 17:45 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-04 17:44 . 2008-12-04 17:44 <REP> d-------- c:\program files\McAfee.com
2008-12-04 17:44 . 2008-12-04 17:44 <REP> d-------- c:\program files\Fichiers communs\McAfee
2008-12-04 17:43 . 2008-12-04 17:44 <REP> d-------- c:\program files\McAfee
2008-12-04 17:43 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-04 09:57 . 2008-12-04 09:57 <REP> d-------- c:\program files\SUPERAntiSpyware
2008-12-04 09:57 . 2008-12-04 09:57 <REP> d-------- c:\documents and settings\Josée\Application Data\SUPERAntiSpyware.com
2008-12-04 09:57 . 2008-12-04 09:57 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-04 09:54 . 2008-12-04 09:54 <REP> d-------- c:\documents and settings\Josée\Application Data\ATI
2008-12-03 19:02 . 2008-12-03 19:02 <REP> d-------- c:\program files\EA GAMES
2008-12-03 19:02 . 2008-12-03 19:02 <REP> d-------- c:\program files\AVIConverter
2008-11-29 20:40 . 2008-11-29 20:40 <REP> d-------- c:\documents and settings\Carl\Application Data\McAfee
2008-11-28 13:38 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-11-28 13:33 . 2008-09-15 10:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-11-28 13:32 . 2008-08-14 08:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-28 13:32 . 2008-08-14 08:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-28 13:32 . 2008-08-14 08:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-28 13:32 . 2008-08-14 08:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-22 19:51 . 2008-11-22 19:51 <REP> d-------- c:\program files\iTunes
2008-11-22 19:51 . 2008-11-22 19:51 <REP> d-------- c:\program files\iPod
2008-11-22 19:51 . 2008-11-22 19:51 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 16:25 . 2008-12-07 08:46 664 --a------ c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 14:39 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-11-02 18:45 --------- d-----w c:\documents and settings\Félix\Application Data\byteitchsave
2008-11-01 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\Bind army eggs joy
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\SET6A.tmp
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\SET3ED.tmp
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 06:48 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:03 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2004-10-01 20:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2007-02-09 18:05 80 --sh--r c:\windows\system32\C02DA06571.dll
2008-09-01 23:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090120080902\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Mfcd Aim"="c:\docume~1\Carl\APPLIC~1\BYTEIT~1\16 road bike.exe" [2008-12-09 716800]
"32994033809240083154774833335439"="c:\program files\A360\av360.exe" [2008-12-10 2039808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-20 774144]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]

c:\documents and settings\Carl\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"<NO NAME>"= :Yahoo! Music Jukebox
"c:\\Documents and Settings\\Carl\\Mes documents\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Druide\\Antidote\\Antidote\\Gestionnaire Antidote.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\McProxy\\McProxy.exe"=
"c:\\WINDOWS\\System32\\USERINIT.EXE"=
"c:\\Program Files\\McAfee\\SiteAdvisor\\McSACore.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\MSC\\MCUPDUI.EXE"=
"c:\\WINDOWS\\System32\\ATI2EVXX.EXE"=

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\si3112r.sys [2003-05-21 84529]
R2 KodakSvc;Kodak AiO Device Service;"c:\program files\Kodak\printer\center\KodakSvc.exe" [2008-02-28 18944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-04 203280]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cfaee85-a71c-11db-ae0b-000cf1a081d5}]
\Shell\AutoRun\command - F:\AUTORUN.EXE
.
Contenu du dossier 'Tâches planifiées'

2008-12-05 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 22:34]

2008-12-15 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 17:57]

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-16 c:\windows\Tasks\837069B89D141EFC.job
- c:\docume~1\f []

2008-12-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Carl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{b6543434-98b2-48ef-a4de-785b5588b357} - c:\windows\system32\bozujeyi.dll
HKLM-Run-MsgCenterExe - c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
HKLM-Run-3c30fc34 - c:\windows\system32\bitizoku.dll
HKLM-Run-jedelasomo - c:\windows\system32\kofovuso.dll
HKLM-Run-CPM3f03cfa8 - c:\windows\system32\zimemiro.dll
HKLM-Run-POINTER - point32.exe


.
------- Examen supplémentaire -------
.
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://ca.search.yahoo.com/

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Carl\Application Data\Mozilla\Firefox\Profiles\iza87x1v.default\
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 20:16:53
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2328)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~3\wmpband.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
c:\program files\FICHIERS COMMUNS\MCAFEE\MNA\MCNASVC.EXE
c:\program files\FICHIERS COMMUNS\MCAFEE\MCPROXY\MCPROXY.EXE
c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
c:\program files\MCAFEE\MPF\MPFSRV.EXE
c:\program files\MCAFEE\MSK\MSKSRVER.EXE
c:\program files\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
c:\windows\SYSTEM32\MSPMSPSV.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Heure de fin: 2008-12-15 20:23:16 - La machine a redémarré [Carl]
ComboFix-quarantined-files.txt 2008-12-16 01:23:00

Avant-CF: 36,284,596,224 octets libres
Après-CF: 36,191,764,480 octets libres

323 --- E O F --- 2008-12-16 01:10:47
0
Réponse 2 / 3
g!rly Messages postés 18462 Statut Contributeur 406
 
ok

la suite :

Copie le texte ci-dessous :

File::
c:\windows\system32\okifesaz.tmp
C:\FOUND.001
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\Tasks\837069B89D141EFC.job

Collect::
c:\program files\A360
c:\windows\system32\okifesaz.tmp
C:\FOUND.001
C:\FOUND.000
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\drivers\TDSSpqlt.sys

Folder::
c:\program files\A360
C:\d54e2476681f1a7fa1ea970fc82a
C:\FOUND.001
C:\FOUND.000

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"32994033809240083154774833335439"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

puis passe ceci aussi :

Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[*]Double-clique sur Lop S&D.exe pour lancer l'installation,
[*]Puis double-clique sur le raccourci Lop S&D présent sur le Bureau.
[*]Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Le scan prend moins d'une minute.
[*]A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
[*]Enregistre le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt

Tutoriel par Eric71
https://sites.google.com/site/eric71mespages/lop.sd.exe

@+
0
je ne sais plus quoi faire
 
ComboFix 08-12-15.01 - Carl 2008-12-15 21:10:17.3 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1535.1072 [GMT -5:00]
Lancé depuis: c:\documents and settings\Carl\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Carl\Mes documents\CFScript.txt
* Un nouveau point de restauration a été créé
* Resident AV is active


FILE ::
C:\FOUND.001
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\okifesaz.tmp
c:\windows\Tasks\837069B89D141EFC.job
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\d54e2476681f1a7fa1ea970fc82a
c:\d54e2476681f1a7fa1ea970fc82a\mrt.exe
c:\d54e2476681f1a7fa1ea970fc82a\mrtstub.exe
C:\FOUND.000
c:\found.000\FILE0000.CHK
C:\FOUND.001
c:\found.001\FILE0000.CHK
c:\found.001\FILE0001.CHK
c:\program files\A360
c:\program files\A360\av360.exe
c:\program files\A360\file.exe
c:\windows\system32\~.exe
c:\windows\system32\bezuyiza.dll
c:\windows\system32\dasofupu.dll.vir
c:\windows\system32\drivers\TDSSpaxt.sys
c:\windows\system32\drivers\TDSSpqlt.sys
c:\windows\system32\luhuvoyu.dll
c:\windows\system32\mudagodu.dll
c:\windows\system32\okifesaz.tmp
c:\windows\system32\udogadum.ini
c:\windows\system32\vulagidi.dll
c:\windows\Tasks\837069B89D141EFC.job

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-11-16 au 2008-12-16 ))))))))))))))))))))))))))))))))))))
.

2008-12-15 18:56 . 2008-12-15 18:56 <REP> d-------- c:\program files\Trend Micro
2008-12-14 19:23 . 2008-12-14 19:23 <REP> d-------- c:\program files\Ahead
2008-12-13 15:45 . 2008-12-13 15:45 169 --a------ c:\windows\RtlRack.ini
2008-12-13 14:52 . 2008-12-13 14:52 <REP> d-------- c:\program files\byteitchsave
2008-12-10 20:15 . 2008-12-15 21:16 8,111 --a------ c:\windows\system32\Config.MPF
2008-12-07 17:36 . 2008-10-15 11:35 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2008-12-04 17:47 . 2008-12-04 17:47 <REP> d-------- c:\program files\SiteAdvisor
2008-12-04 17:45 . 2008-06-02 14:55 120,136 --a------ c:\windows\system32\drivers\Mpfp.sys
2008-12-04 17:45 . 2008-06-27 06:08 79,240 --a------ c:\windows\system32\drivers\mfeavfk.sys
2008-12-04 17:45 . 2008-06-27 06:08 40,488 --a------ c:\windows\system32\drivers\mfesmfk.sys
2008-12-04 17:45 . 2008-06-27 06:08 35,240 --a------ c:\windows\system32\drivers\mfebopk.sys
2008-12-04 17:44 . 2008-12-04 17:44 <REP> d-------- c:\program files\McAfee.com
2008-12-04 17:44 . 2008-12-04 17:44 <REP> d-------- c:\program files\Fichiers communs\McAfee
2008-12-04 17:43 . 2008-12-04 17:44 <REP> d-------- c:\program files\McAfee
2008-12-04 17:43 . 2008-06-20 05:41 34,152 --a------ c:\windows\system32\drivers\mferkdk.sys
2008-12-04 09:57 . 2008-12-04 09:57 <REP> d-------- c:\program files\SUPERAntiSpyware
2008-12-04 09:57 . 2008-12-04 09:57 <REP> d-------- c:\documents and settings\Josée\Application Data\SUPERAntiSpyware.com
2008-12-04 09:57 . 2008-12-04 09:57 <REP> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-04 09:54 . 2008-12-04 09:54 <REP> d-------- c:\documents and settings\Josée\Application Data\ATI
2008-12-03 19:02 . 2008-12-03 19:02 <REP> d-------- c:\program files\EA GAMES
2008-12-03 19:02 . 2008-12-03 19:02 <REP> d-------- c:\program files\AVIConverter
2008-11-29 20:40 . 2008-11-29 20:40 <REP> d-------- c:\documents and settings\Carl\Application Data\McAfee
2008-11-28 13:38 . 2008-09-08 05:41 333,824 --------- c:\windows\system32\dllcache\srv.sys
2008-11-28 13:33 . 2008-09-15 10:26 1,846,528 --------- c:\windows\system32\dllcache\win32k.sys
2008-11-28 13:32 . 2008-08-14 08:23 2,191,232 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2008-11-28 13:32 . 2008-08-14 08:23 2,147,328 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-11-28 13:32 . 2008-08-14 08:23 2,068,096 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-11-28 13:32 . 2008-08-14 08:23 2,025,984 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2008-11-22 19:51 . 2008-11-22 19:51 <REP> d-------- c:\program files\iTunes
2008-11-22 19:51 . 2008-11-22 19:51 <REP> d-------- c:\program files\iPod
2008-11-22 19:51 . 2008-11-22 19:51 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-21 16:25 . 2008-12-07 08:46 664 --a------ c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-14 14:39 43,520 ----a-w c:\windows\system32\CmdLineExt03.dll
2008-11-02 18:45 --------- d-----w c:\documents and settings\Félix\Application Data\byteitchsave
2008-11-01 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\Bind army eggs joy
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\SET6A.tmp
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\SET3ED.tmp
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 06:48 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:12 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:03 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:03 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2004-10-01 20:00 40,960 ----a-w c:\program files\Uninstall_CDS.exe
2007-02-09 18:05 80 --sh--r c:\windows\system32\C02DA06571.dll
2008-09-01 23:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090120080902\index.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6543434-98b2-48ef-a4de-785b5588b357}]
c:\windows\system32\jobaruse.dll [BU]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Mfcd Aim"="c:\docume~1\Carl\APPLIC~1\BYTEIT~1\16 road bike.exe" [2008-12-09 716800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-03-20 774144]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-03-11 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-03-11 114688]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2008-07-11 641208]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2008-06-13 1176808]
"NeroCheck"="c:\windows\system32\\NeroCheck.exe" [2001-07-09 155648]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2008-07-10 5129504]
"CPM3f03cfa8"="c:\windows\system32\dasofupu.dll" [BU]
"SoundMan"="SOUNDMAN.EXE" [2003-04-24 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 443968]

c:\documents and settings\Carl\Menu D‚marrer\Programmes\D‚marrage\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logiciel Kodak EasyShare.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-09-19 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"<NO NAME>"= :Yahoo! Music Jukebox
"c:\\Documents and Settings\\Carl\\Mes documents\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\EA GAMES\\Medal of Honor Pacific Assault(tm)\\mohpa.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Call of Duty Game of the Year Edition\\CoDMP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\SOUNDMAN.EXE"=
"c:\\Program Files\\QuickTime\\QTTask.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Druide\\Antidote\\Antidote\\Gestionnaire Antidote.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\McProxy\\McProxy.exe"=
"c:\\WINDOWS\\System32\\USERINIT.EXE"=
"c:\\Program Files\\McAfee\\SiteAdvisor\\McSACore.exe"=
"c:\\Program Files\\Fichiers communs\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\McAfee\\MSC\\MCUPDUI.EXE"=
"c:\\WINDOWS\\System32\\ATI2EVXX.EXE"=

R0 Si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\DRIVERS\si3112r.sys [2003-05-21 84529]
R2 KodakSvc;Kodak AiO Device Service;"c:\program files\Kodak\printer\center\KodakSvc.exe" [2008-02-28 18944]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-12-04 203280]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3cfaee85-a71c-11db-ae0b-000cf1a081d5}]
\Shell\AutoRun\command - F:\AUTORUN.EXE
.
Contenu du dossier 'Tâches planifiées'

2008-12-05 c:\windows\Tasks\EasyShare Registration Task.job
- c:\windows\system32\rundll32.exe [2008-04-13 22:34]

2008-12-15 c:\windows\Tasks\Kodak AiO Scheduled Maintenance.job
- c:\program files\Kodak\Printer\Center\Kodak.Statistics.exe [2008-02-28 17:57]

2008-11-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2008-12-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 18:10]

2008-12-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Carl\Local Settings\Application Data\Google\Update\GoogleUpdate.exe []
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-32994033809240083154774833335439 - c:\program files\A360\av360.exe


.
------- Examen supplémentaire -------
.
uSearchURL,(Default) = hxxp://ca.rd.yahoo.com/customize/ie/defaults/su/ymj/*https://ca.search.yahoo.com/

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Carl\Application Data\Mozilla\Firefox\Profiles\iza87x1v.default\
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-15 21:16:43
Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\program files\MCAFEE\MSC\MCMSCSVC.EXE
c:\program files\FICHIERS COMMUNS\MCAFEE\MNA\MCNASVC.EXE
c:\program files\FICHIERS COMMUNS\MCAFEE\MCPROXY\MCPROXY.EXE
c:\program files\MCAFEE\VIRUSSCAN\MCSHIELD.EXE
c:\program files\MCAFEE\MPF\MPFSRV.EXE
c:\program files\MCAFEE\MSK\MSKSRVER.EXE
c:\program files\ANALOG DEVICES\SOUNDMAX\SMAGENT.EXE
c:\windows\SYSTEM32\MSPMSPSV.EXE
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\Internet Explorer\IEXPLORE.EXE
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2008-12-15 21:21:02 - La machine a redémarré [Carl]
ComboFix-quarantined-files.txt 2008-12-16 02:20:56
ComboFix2.txt 2008-12-16 01:23:28

Avant-CF: 35 821 584 384 octets libres
Après-CF: 36,059,709,440 octets libres

261 --- E O F --- 2008-12-16 01:10:47
0
Réponse 3 / 3
g!rly Messages postés 18462 Statut Contributeur 406
 
post lopsd stp
0

Discussions similaires

virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
'' generic android ''
Flxra._.Atxmics -
Flxra._.Atxmics -

2 réponses
Virus Trojan Artemis
Kuzoz -
Kuzoz -

8 réponses
J'ai supprimé un fichier IDP.generic
Fumiiko -
Malekal_morte- -

12 réponses
Virus Profile: Generic!atr.b
chantalou66 -
g3n-h@ckm@n -

8 réponses