High-Tech Santé Médecine Droit-Finances

IMPÔTS 2010

Agissez maintenant !

Rechercher : dans
Par :

Virus ds fichier ddl

Dernière réponse le 6 jan 2009 à 22:57:36 dadou, le 5 jan 2009 à 21:43:24 
 Signaler ce message aux modérateurs

Bonjour,
tous les jours j'ai un virus differents qui debarquent dans des fichiers ddl a chaque fois different. je les supprime mais il y en a toujours d'autres qui arrivent, que dois je faire ?

Configuration: Windows XP
Internet Explorer 7.0

Posez votre question Répondre

1

geoffrey5, le 5 jan 2009 à 21:44:16

Salut !!

▶ Télécharge hijackthis

▶ Tout est expliqué sur mon site web pour l'installer et l'utiliser correctement.

▶ Poste le rapport obtenu dans le bloc note dans ta prochaine réponse.


Comment copier/coller le rapport :


▶ Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

▶ ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

   
Répondre à geoffrey5

2

dadou, le 5 jan 2009 à 21:52:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:51:29, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
c:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {ba01aa28-5314-4742-b8bd-75cece9d257b} - C:\WINDOWS\system32\johabuji.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [sidelovofi] Rundll32.exe "C:\WINDOWS\system32\yevazani.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [sidelovofi] Rundll32.exe "C:\WINDOWS\system32\yevazani.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: c:\windows\system32\yimazitu.dll c:\windows\system32\vapudabi.dll C:\WINDOWS\system32\watusero.dll c:\windows\system32\sofapohe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
End of file - 13376 bytes

   
Répondre à dadou

3

geoffrey5, le 5 jan 2009 à 21:59:15

Pour vérification :

▶ Télécharger et enregistrer lopSD sur le Bureau

▶ Double-clic Lop S&D

▶ Faire l'installation

▶ Fermer toutes les applications

▶ Le lancer par un double-clic sur le raccourci qui est sur le bureau
Avec VISTA => clic-droit et => Exécuter en tant qu'administrateur

▶ Taper F pour français , puis presser entrée

▶ Taper 1

▶ Presser Entrée

▶ Le PC va redémarrer
Note= si l'antivirus annonce une infection dans TEMP , l'ignorer

▶ Attendre l'apparition du rapport
▶ Copier le rapport et le coller dans la réponse
le rapport se trouve aussi à C:\lopR

   
Répondre à geoffrey5

4

dadou, le 5 jan 2009 à 22:08:18

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : edwige ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:6 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:27 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 05/01/2009|22:01 )

--------------------\\ Listing des dossiers dans APPLIC~1

[06/01/2006|05:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[06/01/2006|05:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[10/08/2006|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acer
[06/01/2006|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[17/07/2007|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[14/08/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07/12/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[06/01/2006|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/12/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[08/04/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[28/12/2008|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[30/12/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[28/12/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/06/2007|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[10/02/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/10/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[16/08/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[17/12/2006|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[14/08/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[13/12/2006|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[21/10/2007|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/12/2006|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[16/08/2006|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[19/08/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro
[26/11/2006|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03/12/2006|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[15/07/2007|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[07/10/2007|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[06/01/2006|05:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[06/01/2006|05:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[12/11/2006|17:44] C:\DOCUME~1\edwige\APPLIC~1\ACD Systems
[10/08/2006|06:20] C:\DOCUME~1\edwige\APPLIC~1\Acer
[10/09/2008|22:23] C:\DOCUME~1\edwige\APPLIC~1\Adobe
[14/08/2006|21:12] C:\DOCUME~1\edwige\APPLIC~1\AdobeAUM
[15/07/2008|19:55] C:\DOCUME~1\edwige\APPLIC~1\AdobeUM
[25/01/2007|17:46] C:\DOCUME~1\edwige\APPLIC~1\Angkor
[08/08/2007|11:38] C:\DOCUME~1\edwige\APPLIC~1\Apple Computer
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\ConvertTemp
[10/08/2006|07:14] C:\DOCUME~1\edwige\APPLIC~1\CyberLink
[29/08/2006|17:51] C:\DOCUME~1\edwige\APPLIC~1\EfHome
[24/08/2006|13:52] C:\DOCUME~1\edwige\APPLIC~1\EPSON
[27/11/2006|11:13] C:\DOCUME~1\edwige\APPLIC~1\funkitron
[18/01/2007|18:04] C:\DOCUME~1\edwige\APPLIC~1\Gaijin Ent
[26/05/2007|12:47] C:\DOCUME~1\edwige\APPLIC~1\gtk-2.0
[10/08/2006|07:10] C:\DOCUME~1\edwige\APPLIC~1\Help
[06/01/2006|05:36] C:\DOCUME~1\edwige\APPLIC~1\Identities
[16/08/2006|16:09] C:\DOCUME~1\edwige\APPLIC~1\Leadertech
[02/01/2009|22:07] C:\DOCUME~1\edwige\APPLIC~1\LimeWire
[10/08/2006|06:14] C:\DOCUME~1\edwige\APPLIC~1\Macromedia
[28/12/2008|17:06] C:\DOCUME~1\edwige\APPLIC~1\Malwarebytes
[04/05/2008|10:38] C:\DOCUME~1\edwige\APPLIC~1\Media Player Classic
[31/05/2008|10:53] C:\DOCUME~1\edwige\APPLIC~1\Microsoft
[13/10/2007|14:38] C:\DOCUME~1\edwige\APPLIC~1\Nero
[05/01/2009|08:41] C:\DOCUME~1\edwige\APPLIC~1\OpenOffice.org2
[17/12/2006|12:35] C:\DOCUME~1\edwige\APPLIC~1\PlayFirst
[09/12/2007|21:35] C:\DOCUME~1\edwige\APPLIC~1\Real
[28/12/2008|15:03] C:\DOCUME~1\edwige\APPLIC~1\Samsung
[23/03/2007|15:45] C:\DOCUME~1\edwige\APPLIC~1\Screenshot Sender
[05/01/2009|18:42] C:\DOCUME~1\edwige\APPLIC~1\Software Informer
[29/08/2006|17:35] C:\DOCUME~1\edwige\APPLIC~1\SPB
[05/01/2007|10:07] C:\DOCUME~1\edwige\APPLIC~1\Sun
[14/08/2006|21:26] C:\DOCUME~1\edwige\APPLIC~1\Template
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\Temporary
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\TransRender
[30/10/2008|10:35] C:\DOCUME~1\edwige\APPLIC~1\U3
[05/01/2009|21:28] C:\DOCUME~1\edwige\APPLIC~1\uTorrent
[19/08/2008|18:49] C:\DOCUME~1\edwige\APPLIC~1\VadeRetro
[15/02/2007|19:57] C:\DOCUME~1\edwige\APPLIC~1\WhenU
[04/09/2007|15:21] C:\DOCUME~1\edwige\APPLIC~1\WinRAR

[07/09/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[07/09/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[06/01/2006|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/01/2006|05:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[05/01/2009 08:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/01/2006|05:52] C:\Program Files\Acer
[06/01/2006|05:50] C:\Program Files\Acer Inc
[06/01/2006|05:51] C:\Program Files\Adobe
[12/11/2006|16:32] C:\Program Files\Alwil Software
[12/11/2006|17:36] C:\Program Files\American Systems
[03/03/2008|20:44] C:\Program Files\Apple Software Update
[07/12/2008|19:52] C:\Program Files\Avira
[06/01/2006|05:29] C:\Program Files\ComPlus Applications
[06/01/2006|05:42] C:\Program Files\CONEXANT
[06/01/2006|05:53] C:\Program Files\CyberLink
[15/02/2007|19:56] C:\Program Files\DAEMON Tools
[28/05/2007|12:16] C:\Program Files\EA GAMES
[28/06/2008|12:28] C:\Program Files\ElcomSoft
[12/08/2008|11:56] C:\Program Files\epson
[16/03/2008|15:13] C:\Program Files\FBrowserAdvisor
[16/03/2008|15:13] C:\Program Files\FBrowsingAdvisor
[28/12/2008|14:43] C:\Program Files\Fichiers communs
[30/12/2008|23:16] C:\Program Files\Free Download Manager
[08/01/2007|18:40] C:\Program Files\Google
[19/08/2008|19:12] C:\Program Files\Goto Software
[28/12/2008|15:17] C:\Program Files\Grisoft
[20/12/2008|19:36] C:\Program Files\Guillemot
[26/06/2007|17:02] C:\Program Files\Hasbro Interactive
[29/12/2008|00:03] C:\Program Files\InstallShield Installation Information
[06/01/2006|05:37] C:\Program Files\Intel
[13/12/2008|11:06] C:\Program Files\Internet Explorer
[28/12/2008|18:11] C:\Program Files\InternetProgram
[03/03/2008|20:47] C:\Program Files\iPod
[02/01/2009|14:41] C:\Program Files\Java
[25/08/2007|21:32] C:\Program Files\Launch Manager
[28/12/2008|14:15] C:\Program Files\Lavasoft
[03/05/2008|16:52] C:\Program Files\LimeWire
[26/11/2006|18:48] C:\Program Files\Livre Album Fuji Photo
[29/08/2006|17:34] C:\Program Files\Logiciel D'Album De Spector
[14/08/2006|22:09] C:\Program Files\Logitech
[30/12/2008|23:19] C:\Program Files\ma-config.com
[28/12/2008|17:06] C:\Program Files\Malwarebytes' Anti-Malware
[08/06/2008|19:46] C:\Program Files\MediaCoder Audio Edition
[02/12/2008|11:42] C:\Program Files\Messenger
[08/09/2008|18:55] C:\Program Files\Messenger Plus! Live
[05/06/2008|19:06] C:\Program Files\MessengerPlus! 3
[01/09/2008|15:51] C:\Program Files\Micro Application
[09/05/2007|20:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[06/01/2006|05:31] C:\Program Files\microsoft frontpage
[10/08/2006|06:25] C:\Program Files\Microsoft Office
[10/08/2006|06:24] C:\Program Files\Microsoft Works
[02/12/2008|11:10] C:\Program Files\Movie Maker
[02/12/2008|11:10] C:\Program Files\msn
[06/01/2006|05:29] C:\Program Files\MSN Gaming Zone
[17/11/2006|16:34] C:\Program Files\MSXML 4.0
[13/11/2008|01:14] C:\Program Files\MSXML 6.0
[04/01/2009|01:02] C:\Program Files\Navilog1
[02/12/2008|11:05] C:\Program Files\NetMeeting
[06/01/2006|05:58] C:\Program Files\NewTech Infosystems
[16/08/2008|10:07] C:\Program Files\NOS
[06/01/2006|05:29] C:\Program Files\Online Services
[10/09/2008|21:25] C:\Program Files\OpenOffice.org 2.4
[30/09/2006|16:20] C:\Program Files\orange
[02/12/2008|11:05] C:\Program Files\Outlook Express
[06/11/2007|20:55] C:\Program Files\Picasa2
[23/11/2007|15:32] C:\Program Files\QuickTime
[09/12/2007|21:30] C:\Program Files\Real
[29/12/2008|00:03] C:\Program Files\Realtek
[15/03/2007|17:37] C:\Program Files\Samsung
[10/08/2006|06:51] C:\Program Files\Securitoo
[06/01/2006|05:30] C:\Program Files\Services en ligne
[09/03/2008|12:22] C:\Program Files\SLD Codec Pack
[28/12/2008|22:23] C:\Program Files\Software Informer
[06/01/2006|05:48] C:\Program Files\Synaptics
[05/01/2009|21:47] C:\Program Files\Trend Micro
[06/01/2006|05:36] C:\Program Files\Uninstall Information
[11/06/2008|09:38] C:\Program Files\uTorrent
[09/03/2008|12:24] C:\Program Files\VideoLAN
[28/06/2008|12:30] C:\Program Files\Wanadoo
[15/02/2007|19:06] C:\Program Files\WinAVI Video Converter
[04/06/2007|18:31] C:\Program Files\Windows Live
[09/03/2008|12:25] C:\Program Files\Windows Live Toolbar
[02/01/2009|21:52] C:\Program Files\Windows Media Connect 2
[02/12/2008|11:05] C:\Program Files\Windows Media Player
[02/12/2008|11:05] C:\Program Files\Windows NT
[06/01/2006|05:30] C:\Program Files\WindowsUpdate
[10/08/2006|06:17] C:\Program Files\WinPCap
[04/09/2007|15:21] C:\Program Files\WinRAR
[06/01/2006|05:31] C:\Program Files\xerox
[16/08/2006|19:14] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/11/2006|17:42] C:\Program Files\Fichiers communs\ACD Systems
[06/01/2006|05:51] C:\Program Files\Fichiers communs\Adobe
[26/05/2007|12:43] C:\Program Files\Fichiers communs\GTK
[06/01/2006|05:37] C:\Program Files\Fichiers communs\InstallShield
[14/08/2006|22:09] C:\Program Files\Fichiers communs\Logitech
[07/10/2007|08:32] C:\Program Files\Fichiers communs\Microsoft Shared
[06/01/2006|05:30] C:\Program Files\Fichiers communs\MSSoap
[06/01/2006|05:58] C:\Program Files\Fichiers communs\muvee Technologies
[06/01/2006|05:58] C:\Program Files\Fichiers communs\NewTech Infosystems
[06/01/2006|05:25] C:\Program Files\Fichiers communs\ODBC
[09/12/2007|21:30] C:\Program Files\Fichiers communs\Real
[06/01/2006|05:30] C:\Program Files\Fichiers communs\Services
[06/01/2006|05:25] C:\Program Files\Fichiers communs\SpeechEngines
[08/03/2008|17:35] C:\Program Files\Fichiers communs\Symantec Shared
[02/12/2008|11:05] C:\Program Files\Fichiers communs\System
[15/02/2007|19:57] C:\Program Files\Fichiers communs\WhenU
[28/12/2008|14:14] C:\Program Files\Fichiers communs\Wise Installation Wizard
[09/12/2007|21:31] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 69 Processes )

iexplore.exe ~ [PID:3288]

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\edwige\LOCALS~1\Temp\nsh7.tmp
C:\DOCUME~1\edwige\LOCALS~1\Temp\nsh8.tmp
C:\DOCUME~1\edwige\LOCALS~1\Temp\nsn48.tmp
C:\DOCUME~1\edwige\LOCALS~1\Temp\nso49.tmp
C:\DOCUME~1\edwige\LOCALS~1\Temp\nsr4C.tmp
C:\DOCUME~1\edwige\Cookies\edwige@advertising[1].txt
C:\DOCUME~1\edwige\Cookies\edwige@cotedazurpalace[2].txt
C:\DOCUME~1\edwige\Cookies\edwige@www.cotedazurpalace[1].txt
C:\DOCUME~1\edwige\Cookies\edwige@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:05:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 416

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:701][D:22]-> C:\DOCUME~1\edwige\LOCALS~1\Temp
[F:141][D:0]-> C:\DOCUME~1\edwige\Cookies
[F:6197][D:8]-> C:\DOCUME~1\edwige\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 05/01/2009|22:07 - Option : [1]

--------------------\\ Fin du rapport a 22:07:26

   
Répondre à dadou

5

geoffrey5, le 5 jan 2009 à 22:10:13

Ok maintenant fais ceci stp :

▶ Relance Lop S&D

▶ Choisis cette fois-ci l'option 2 (Suppression)

▶ Ne ferme pas la fenêtre lors de la suppression !

▶ Poste le rapport généré (C:\lopR.txt)

* (Si le Bureau ne réapparait pas, presse Ctrl+Alt+Suppr, Onglet Fichier, Nouvelle tâche, tape explorer.exe et valide)

   
Répondre à geoffrey5

6

dadou, le 5 jan 2009 à 22:18:46

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : edwige ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:6 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:27 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 05/01/2009|22:11 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION

Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nsh7.tmp
Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nsh8.tmp
Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nsn48.tmp
Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nso49.tmp
Supprime! - C:\DOCUME~1\edwige\LOCALS~1\Temp\nsr4C.tmp
Supprime! - C:\DOCUME~1\edwige\Cookies\edwige@cotedazurpalace[2].txt
Supprime! - C:\DOCUME~1\edwige\Cookies\edwige@www.cotedazurpalace[1].txt
Supprime! - C:\DOCUME~1\edwige\Cookies\edwige@adopt.euroclick[2].txt

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[06/01/2006|05:36] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[06/01/2006|05:25] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

[10/08/2006|06:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Acer
[06/01/2006|05:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[17/07/2007|09:09] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[14/08/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[07/12/2008|19:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
[06/01/2006|05:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[28/12/2008|15:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[08/04/2007|21:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\JollyBear
[28/12/2008|14:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[30/12/2008|23:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ma-config.com
[28/12/2008|17:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
[05/06/2007|13:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[10/02/2008|00:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[13/10/2007|16:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[16/08/2008|10:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
[17/12/2006|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[14/08/2006|21:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[13/12/2006|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SugarGames
[21/10/2007|17:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[31/12/2006|10:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[16/08/2006|14:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\UDL
[19/08/2008|19:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\VadeRetro
[26/11/2006|19:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[03/12/2006|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
[15/07/2007|17:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WindowsLiveInstaller
[07/10/2007|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

[06/01/2006|05:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[06/01/2006|05:25] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

[12/11/2006|17:44] C:\DOCUME~1\edwige\APPLIC~1\ACD Systems
[10/08/2006|06:20] C:\DOCUME~1\edwige\APPLIC~1\Acer
[10/09/2008|22:23] C:\DOCUME~1\edwige\APPLIC~1\Adobe
[14/08/2006|21:12] C:\DOCUME~1\edwige\APPLIC~1\AdobeAUM
[15/07/2008|19:55] C:\DOCUME~1\edwige\APPLIC~1\AdobeUM
[25/01/2007|17:46] C:\DOCUME~1\edwige\APPLIC~1\Angkor
[08/08/2007|11:38] C:\DOCUME~1\edwige\APPLIC~1\Apple Computer
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\ConvertTemp
[10/08/2006|07:14] C:\DOCUME~1\edwige\APPLIC~1\CyberLink
[29/08/2006|17:51] C:\DOCUME~1\edwige\APPLIC~1\EfHome
[24/08/2006|13:52] C:\DOCUME~1\edwige\APPLIC~1\EPSON
[27/11/2006|11:13] C:\DOCUME~1\edwige\APPLIC~1\funkitron
[18/01/2007|18:04] C:\DOCUME~1\edwige\APPLIC~1\Gaijin Ent
[26/05/2007|12:47] C:\DOCUME~1\edwige\APPLIC~1\gtk-2.0
[10/08/2006|07:10] C:\DOCUME~1\edwige\APPLIC~1\Help
[06/01/2006|05:36] C:\DOCUME~1\edwige\APPLIC~1\Identities
[16/08/2006|16:09] C:\DOCUME~1\edwige\APPLIC~1\Leadertech
[02/01/2009|22:07] C:\DOCUME~1\edwige\APPLIC~1\LimeWire
[10/08/2006|06:14] C:\DOCUME~1\edwige\APPLIC~1\Macromedia
[28/12/2008|17:06] C:\DOCUME~1\edwige\APPLIC~1\Malwarebytes
[04/05/2008|10:38] C:\DOCUME~1\edwige\APPLIC~1\Media Player Classic
[31/05/2008|10:53] C:\DOCUME~1\edwige\APPLIC~1\Microsoft
[13/10/2007|14:38] C:\DOCUME~1\edwige\APPLIC~1\Nero
[05/01/2009|08:41] C:\DOCUME~1\edwige\APPLIC~1\OpenOffice.org2
[17/12/2006|12:35] C:\DOCUME~1\edwige\APPLIC~1\PlayFirst
[09/12/2007|21:35] C:\DOCUME~1\edwige\APPLIC~1\Real
[28/12/2008|15:03] C:\DOCUME~1\edwige\APPLIC~1\Samsung
[23/03/2007|15:45] C:\DOCUME~1\edwige\APPLIC~1\Screenshot Sender
[05/01/2009|18:42] C:\DOCUME~1\edwige\APPLIC~1\Software Informer
[29/08/2006|17:35] C:\DOCUME~1\edwige\APPLIC~1\SPB
[05/01/2007|10:07] C:\DOCUME~1\edwige\APPLIC~1\Sun
[14/08/2006|21:26] C:\DOCUME~1\edwige\APPLIC~1\Template
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\Temporary
[15/03/2007|17:43] C:\DOCUME~1\edwige\APPLIC~1\TransRender
[30/10/2008|10:35] C:\DOCUME~1\edwige\APPLIC~1\U3
[05/01/2009|21:28] C:\DOCUME~1\edwige\APPLIC~1\uTorrent
[19/08/2008|18:49] C:\DOCUME~1\edwige\APPLIC~1\VadeRetro
[15/02/2007|19:57] C:\DOCUME~1\edwige\APPLIC~1\WhenU
[04/09/2007|15:21] C:\DOCUME~1\edwige\APPLIC~1\WinRAR

[07/09/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\Adobe
[07/09/2008|16:03] C:\DOCUME~1\LOCALS~1\APPLIC~1\AdobeUM
[06/01/2006|05:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[06/01/2006|05:25] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[05/01/2009 08:40][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 04:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[06/01/2006|05:52] C:\Program Files\Acer
[06/01/2006|05:50] C:\Program Files\Acer Inc
[06/01/2006|05:51] C:\Program Files\Adobe
[12/11/2006|16:32] C:\Program Files\Alwil Software
[12/11/2006|17:36] C:\Program Files\American Systems
[03/03/2008|20:44] C:\Program Files\Apple Software Update
[07/12/2008|19:52] C:\Program Files\Avira
[06/01/2006|05:29] C:\Program Files\ComPlus Applications
[06/01/2006|05:42] C:\Program Files\CONEXANT
[06/01/2006|05:53] C:\Program Files\CyberLink
[15/02/2007|19:56] C:\Program Files\DAEMON Tools
[28/05/2007|12:16] C:\Program Files\EA GAMES
[28/06/2008|12:28] C:\Program Files\ElcomSoft
[12/08/2008|11:56] C:\Program Files\epson
[16/03/2008|15:13] C:\Program Files\FBrowserAdvisor
[16/03/2008|15:13] C:\Program Files\FBrowsingAdvisor
[28/12/2008|14:43] C:\Program Files\Fichiers communs
[30/12/2008|23:16] C:\Program Files\Free Download Manager
[08/01/2007|18:40] C:\Program Files\Google
[19/08/2008|19:12] C:\Program Files\Goto Software
[28/12/2008|15:17] C:\Program Files\Grisoft
[20/12/2008|19:36] C:\Program Files\Guillemot
[26/06/2007|17:02] C:\Program Files\Hasbro Interactive
[29/12/2008|00:03] C:\Program Files\InstallShield Installation Information
[06/01/2006|05:37] C:\Program Files\Intel
[13/12/2008|11:06] C:\Program Files\Internet Explorer
[28/12/2008|18:11] C:\Program Files\InternetProgram
[03/03/2008|20:47] C:\Program Files\iPod
[02/01/2009|14:41] C:\Program Files\Java
[25/08/2007|21:32] C:\Program Files\Launch Manager
[28/12/2008|14:15] C:\Program Files\Lavasoft
[03/05/2008|16:52] C:\Program Files\LimeWire
[26/11/2006|18:48] C:\Program Files\Livre Album Fuji Photo
[29/08/2006|17:34] C:\Program Files\Logiciel D'Album De Spector
[14/08/2006|22:09] C:\Program Files\Logitech
[30/12/2008|23:19] C:\Program Files\ma-config.com
[28/12/2008|17:06] C:\Program Files\Malwarebytes' Anti-Malware
[08/06/2008|19:46] C:\Program Files\MediaCoder Audio Edition
[02/12/2008|11:42] C:\Program Files\Messenger
[08/09/2008|18:55] C:\Program Files\Messenger Plus! Live
[05/06/2008|19:06] C:\Program Files\MessengerPlus! 3
[01/09/2008|15:51] C:\Program Files\Micro Application
[09/05/2007|20:35] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[06/01/2006|05:31] C:\Program Files\microsoft frontpage
[10/08/2006|06:25] C:\Program Files\Microsoft Office
[10/08/2006|06:24] C:\Program Files\Microsoft Works
[02/12/2008|11:10] C:\Program Files\Movie Maker
[02/12/2008|11:10] C:\Program Files\msn
[06/01/2006|05:29] C:\Program Files\MSN Gaming Zone
[17/11/2006|16:34] C:\Program Files\MSXML 4.0
[13/11/2008|01:14] C:\Program Files\MSXML 6.0
[04/01/2009|01:02] C:\Program Files\Navilog1
[02/12/2008|11:05] C:\Program Files\NetMeeting
[06/01/2006|05:58] C:\Program Files\NewTech Infosystems
[16/08/2008|10:07] C:\Program Files\NOS
[06/01/2006|05:29] C:\Program Files\Online Services
[10/09/2008|21:25] C:\Program Files\OpenOffice.org 2.4
[30/09/2006|16:20] C:\Program Files\orange
[02/12/2008|11:05] C:\Program Files\Outlook Express
[06/11/2007|20:55] C:\Program Files\Picasa2
[23/11/2007|15:32] C:\Program Files\QuickTime
[09/12/2007|21:30] C:\Program Files\Real
[29/12/2008|00:03] C:\Program Files\Realtek
[15/03/2007|17:37] C:\Program Files\Samsung
[10/08/2006|06:51] C:\Program Files\Securitoo
[06/01/2006|05:30] C:\Program Files\Services en ligne
[09/03/2008|12:22] C:\Program Files\SLD Codec Pack
[28/12/2008|22:23] C:\Program Files\Software Informer
[06/01/2006|05:48] C:\Program Files\Synaptics
[05/01/2009|21:47] C:\Program Files\Trend Micro
[06/01/2006|05:36] C:\Program Files\Uninstall Information
[11/06/2008|09:38] C:\Program Files\uTorrent
[09/03/2008|12:24] C:\Program Files\VideoLAN
[28/06/2008|12:30] C:\Program Files\Wanadoo
[15/02/2007|19:06] C:\Program Files\WinAVI Video Converter
[04/06/2007|18:31] C:\Program Files\Windows Live
[09/03/2008|12:25] C:\Program Files\Windows Live Toolbar
[02/01/2009|21:52] C:\Program Files\Windows Media Connect 2
[02/12/2008|11:05] C:\Program Files\Windows Media Player
[02/12/2008|11:05] C:\Program Files\Windows NT
[06/01/2006|05:30] C:\Program Files\WindowsUpdate
[10/08/2006|06:17] C:\Program Files\WinPCap
[04/09/2007|15:21] C:\Program Files\WinRAR
[06/01/2006|05:31] C:\Program Files\xerox
[16/08/2006|19:14] C:\Program Files\Yahoo!

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[12/11/2006|17:42] C:\Program Files\Fichiers communs\ACD Systems
[06/01/2006|05:51] C:\Program Files\Fichiers communs\Adobe
[26/05/2007|12:43] C:\Program Files\Fichiers communs\GTK
[06/01/2006|05:37] C:\Program Files\Fichiers communs\InstallShield
[14/08/2006|22:09] C:\Program Files\Fichiers communs\Logitech
[07/10/2007|08:32] C:\Program Files\Fichiers communs\Microsoft Shared
[06/01/2006|05:30] C:\Program Files\Fichiers communs\MSSoap
[06/01/2006|05:58] C:\Program Files\Fichiers communs\muvee Technologies
[06/01/2006|05:58] C:\Program Files\Fichiers communs\NewTech Infosystems
[06/01/2006|05:25] C:\Program Files\Fichiers communs\ODBC
[09/12/2007|21:30] C:\Program Files\Fichiers communs\Real
[06/01/2006|05:30] C:\Program Files\Fichiers communs\Services
[06/01/2006|05:25] C:\Program Files\Fichiers communs\SpeechEngines
[08/03/2008|17:35] C:\Program Files\Fichiers communs\Symantec Shared
[02/12/2008|11:05] C:\Program Files\Fichiers communs\System
[15/02/2007|19:57] C:\Program Files\Fichiers communs\WhenU
[28/12/2008|14:14] C:\Program Files\Fichiers communs\Wise Installation Wizard
[09/12/2007|21:31] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 67 Processes )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

C:\DOCUME~1\edwige\Cookies\edwige@advertising[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 22:15:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 416

--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[F:690][D:19]-> C:\DOCUME~1\edwige\LOCALS~1\Temp
[F:138][D:0]-> C:\DOCUME~1\edwige\Cookies
[F:6259][D:8]-> C:\DOCUME~1\edwige\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled

1 - "C:\Lop SD\LopR_1.txt" - 05/01/2009|22:07 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 05/01/2009|22:17 - Option : [2]

--------------------\\ Fin du rapport a 22:17:36

   
Répondre à dadou

7

geoffrey5, le 5 jan 2009 à 22:20:33

Très bien... Maintenant fais ceci stp :

▶ Télécharge malwarebyte's anti-malware

▶ Un tutoriel sera à ta disposition sur mon site pour t'aider à l'utiliser.

▶ Fais la mise à jour du logiciel (elle se fait normalement à l'installation)

▶ Lance une analyse complète en cliquant sur "Exécuter un examen complet"

▶ Sélectionnes les disques que tu veux analyser et cliques sur "Lancer l'examen"

▶ L'analyse peut durer un bon moment.....

▶ Une fois l'analyse terminée, cliques sur "OK" puis sur "Afficher les résultats"

▶ Vérifies que tout est bien coché et cliques sur "Supprimer la sélection" => et ensuite sur "OK"

▶ Un rapport va s'ouvrir dans le bloc note... Fais un copié/collé du rapport dans ta prochaine réponse sur le forum


* Il se pourrait que certains fichiers devront être supprimés au redémarrage du PC... Faites le en cliquant sur "oui" à la question posée


Et ensuite refais un nouveau rapport hijackthis stp

   
Répondre à geoffrey5

8

dadou, le 5 jan 2009 à 23:14:20

Malwarebytes' Anti-Malware 1.31
Version de la base de données: 1562
Windows 5.1.2600 Service Pack 3

05/01/2009 23:13:38
mbam-log-2009-01-05 (23-13-38).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 108022
Temps écoulé: 50 minute(s), 46 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 4
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\watusero.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\yevazani.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\johabuji.dll (Trojan.Vundo.H) -> Delete on reboot.
c:\WINDOWS\system32\kanolalo.dll (Trojan.Vundo) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba01aa28-5314-4742-b8bd-75cece9d257b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{ba01aa28-5314-4742-b8bd-75cece9d257b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ba01aa28-5314-4742-b8bd-75cece9d257b} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WUSN.1 (Adware.WhenUSave) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sidelovofi (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\watusero.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\watusero.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\watusero.dll -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\yevazani.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\johabuji.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\system32\watusero.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP632\A0074036.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP632\A0074035.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\RP632\A0074037.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tobirugo.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ramegige.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fegenope.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ropoligi.dll.tmp (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kedohugu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\katowola.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vozobiya.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kanolalo.dll (Trojan.Vundo) -> Delete on reboot.

   
Répondre à dadou

9

geoffrey5, le 5 jan 2009 à 23:18:56

Je suppose que tu as bien redémarré le PC pour terminer la suppression...

Pour vérification :

Option 1 - Recherche :


▶ télécharge smitfraudfix et enregistre le sur le bureau

▶ Ensuite double clique sur smitfraudfix puis exécuter

▶ Sélectionner 1 pour créer un rapport des fichiers responsables de l'infection.

(attention : N utilises pas l option 2 si je ne te l ai pas demandé !!)

▶ copier/coller le rapport dans la réponse.


Voici un tutoriel sonore et animé en cas de problème d'utilisation



(Attention : "process.exe", un composant de l'outil, est détecté par certains antivirus comme étant un "RiskTool".
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus. Mis entre de mauvaises mains,
cet utilitaire pourrait arrêter des logiciels de sécurité.)

   
Répondre à geoffrey5

10

dadou, le 5 jan 2009 à 23:24:03

SmitFraudFix v2.388

Rapport fait à 23:22:51,71, 05/01/2009
Executé à partir de C:\Documents and Settings\edwige\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\edwige\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\edwige


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\edwige\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\edwige\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\edwige\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\\windows\\system32\\yimazitu.dll c:\\windows\\system32\\vapudabi.dll c:\\windows\\system32\\sofapohe.dll"
"LoadAppInit_DLLs"=dword:00000001


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/Wireless 2200BG Network Connection - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E73A3CF5-B92C-4B9B-9B2B-E9F13088FBA2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E73A3CF5-B92C-4B9B-9B2B-E9F13088FBA2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E73A3CF5-B92C-4B9B-9B2B-E9F13088FBA2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E73A3CF5-B92C-4B9B-9B2B-E9F13088FBA2}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

   
Répondre à dadou

11

geoffrey5, le 5 jan 2009 à 23:29:32

Ok maintenant refais un nouveau rapport hijackthis stp

   
Répondre à geoffrey5

12

dadou, le 5 jan 2009 à 23:31:56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:26, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll (file missing)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [sidelovofi] Rundll32.exe "C:\WINDOWS\system32\yevazani.dll",s (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: c:\windows\system32\yimazitu.dll c:\windows\system32\vapudabi.dll c:\windows\system32\sofapohe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
End of file - 12905 bytes

   
Répondre à dadou

13

geoffrey5, le 5 jan 2009 à 23:35:14

▶ Télécharge Combofix de sUBs


▶ et enregistre le sur le Bureau.


▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)


Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


Je te conseille d'installer la console de récupération !!


ensuite envois le rapport et refais un nouveau rapport hijackthis stp

   
Répondre à geoffrey5

14

dadou, le 5 jan 2009 à 23:47:08

Il me dit
findstr : impossible d'ouvrier le fichier temp01

   
Répondre à dadou

15

dadou, le 5 jan 2009 à 23:48:34

ComboFix 09-01-05.02 - edwige 2009-01-05 23:39:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\edwige\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\abeyugas.ini
c:\windows\system32\alanokeh.ini
c:\windows\system32\anagoval.ini
c:\windows\system32\azidadur.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ezejiweb.ini
c:\windows\system32\idulojoz.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\imawowan.ini
c:\windows\system32\imobeyaw.ini
c:\windows\system32\imozuhiw.ini
c:\windows\system32\jogopamo.dll
c:\windows\system32\kugeyugu.dll
c:\windows\system32\lifemima.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\ohisimak.ini
c:\windows\system32\olapehop.ini
c:\windows\system32\ozarelak.ini
c:\windows\system32\packet.dll
c:\windows\system32\pivumedo.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\ratifuya.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\toyedofi.dll
c:\windows\system32\uvizapuz.ini
c:\windows\system32\uzidigem.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vetuyija.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-05 au 2009-01-05 ))))))))))))))))))))))))))))))))))))
.

   
Répondre à dadou

16

geoffrey5, le 5 jan 2009 à 23:48:39

C est un message quand tu veux ouvrir ComboFix ?

   
Répondre à geoffrey5

17

dadou, le 5 jan 2009 à 23:49:43

Nn c bn le rapport a fini par s'ouvrir
voir au dessus

   
Répondre à dadou

18

geoffrey5, le 5 jan 2009 à 23:52:31

Le rapport est incomplet...

Comment copier/coller le rapport :


▶ Quand tu as le rapport à l écran, tu fais ctrl A pour "sélectionner tout" puis ctrl C pour "copier".

▶ ensuite tu viens sur le forum pour me répondre et tu fais ctrl V pour "coller" le rapport.

   
Répondre à geoffrey5

19

dadou, le 5 jan 2009 à 23:53:55

ComboFix 09-01-05.02 - edwige 2009-01-05 23:39:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\edwige\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\abeyugas.ini
c:\windows\system32\alanokeh.ini
c:\windows\system32\anagoval.ini
c:\windows\system32\azidadur.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ezejiweb.ini
c:\windows\system32\idulojoz.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\imawowan.ini
c:\windows\system32\imobeyaw.ini
c:\windows\system32\imozuhiw.ini
c:\windows\system32\jogopamo.dll
c:\windows\system32\kugeyugu.dll
c:\windows\system32\lifemima.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\ohisimak.ini
c:\windows\system32\olapehop.ini
c:\windows\system32\ozarelak.ini
c:\windows\system32\packet.dll
c:\windows\system32\pivumedo.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\ratifuya.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\toyedofi.dll
c:\windows\system32\uvizapuz.ini
c:\windows\system32\uzidigem.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vetuyija.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-05 au 2009-01-05 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 22:00 . 2009-01-05 22:17 <REP> d-------- C:\Lop SD
2009-01-05 21:47 . 2009-01-05 21:47 <REP> d-------- c:\program files\Trend Micro
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-04 01:00 . 2006-01-06 05:25 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-04 01:00 . 2009-01-04 01:00 <REP> d-------- c:\documents and settings\Administrateur
2009-01-02 14:41 . 2009-01-02 14:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-29 00:04 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-12-29 00:03 . 2008-12-29 00:03 <REP> d-------- c:\program files\Realtek
2008-12-28 22:26 . 2008-12-30 23:14 <REP> d-------- C:\Downloads
2008-12-28 22:24 . 2009-01-05 23:17 <REP> d-------- c:\documents and settings\edwige\Application Data\Software Informer
2008-12-28 22:23 . 2008-12-28 22:23 <REP> d-------- c:\program files\Software Informer
2008-12-28 22:23 . 2008-12-30 23:16 <REP> d-------- c:\program files\Free Download Manager
2008-12-28 20:42 . 2008-12-30 23:19 <REP> d-------- c:\program files\ma-config.com
2008-12-28 20:42 . 2008-12-30 23:18 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\edwige\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:06 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 15:18 . 2008-12-28 15:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-28 14:15 . 2008-12-28 14:15 <REP> d-------- c:\program files\Lavasoft
2008-12-28 14:15 . 2008-12-28 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-28 13:43 . 2009-01-02 14:41 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-28 13:36 . 2008-12-28 13:36 2,724 ---hs---- c:\windows\system32\nezogeju.dll
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-20 19:36 . 2008-12-20 19:36 <REP> d-------- c:\program files\Guillemot
2008-12-20 19:36 . 2007-03-23 14:57 118,784 --a------ c:\windows\system32\HDJAPI.dll
2008-12-20 19:36 . 2005-01-28 12:49 106,496 --a------ c:\windows\system32\GUStrLib.dll
2008-12-20 19:36 . 2007-01-09 14:47 86,016 --a------ c:\windows\system32\HRFDongle.dll
2008-12-20 19:36 . 2007-02-08 19:23 39,296 --a------ c:\windows\system32\drivers\HDJMidi.sys
2008-12-20 19:36 . 2007-03-23 14:58 23,040 --a------ c:\windows\system32\HDJSAPI.dll
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\program files\Avira
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:44 --------- d-----w c:\documents and settings\edwige\Application Data\OpenOffice.org2
2009-01-05 20:28 --------- d-----w c:\documents and settings\edwige\Application Data\uTorrent
2009-01-04 00:02 --------- d-----w c:\program files\Navilog1
2009-01-02 21:07 --------- d-----w c:\documents and settings\edwige\Application Data\LimeWire
2009-01-02 20:52 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-02 13:41 --------- d-----w c:\program files\Java
2008-12-28 23:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 17:11 --------- d-----w c:\program files\InternetProgram
2008-12-28 14:03 --------- d-----w c:\documents and settings\edwige\Application Data\Samsung
2008-12-28 13:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-23 17:12 4,967,424 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-12-23 10:34 18,077,696 ----a-w c:\windows\RTHDCPL.EXE
2008-11-13 00:14 --------- d-----w c:\program files\MSXML 6.0
2008-10-30 16:19 7,142 ----a-w c:\documents and settings\edwige\Application Data\wklnhst.dat
2008-10-23 16:42 290,816 ----a-w c:\windows\vncutil.exe
2008-04-14 02:33 65,024 --sha-w c:\windows\system32\asycfilt.dll
2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2004-08-05 03:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
2004-08-05 03:00 253,952 --sha-w c:\windows\system32\msvcrt20.dll
1601-01-01 00:12 39,936 --sha-w c:\windows\system32\nunuwege.dll
1601-01-01 00:12 40,960 --sha-w c:\windows\system32\vawinaso.dll
2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2008-12-18 1667141]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-09 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\edwige\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ulsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe"=
"c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\epm-dm.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_FATIACE.EXE"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WksCal.exe"=
"c:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"=

R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2006-08-10 12106]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2006-08-10 4392]
R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-08-10 4096]
R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-08-10 78208]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-08-10 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-08-10 4010]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys --> c:\windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2008-12-20 39296]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UBHELPER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e72898-2c81-11db-bc5b-00166f44482b}]
\Shell\AutoRun\command - F:\Loader.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6697df4-8425-11dd-bf6c-00166f44482b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef177916-99d0-11dc-be48-00166f44482b}]
\Shell\AutoRun\command - setupSNK.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WOOKIT - c:\progra~1\WANADOO\Shell.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
HKCU-Run-fsm - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 23:43:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-05 23:47:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-05 22:47:31

Avant-CF: 6 680 393 728 octets libres
Après-CF: 6,868,678,656 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

288 --- E O F --- 2008-12-20 17:31:51

   
Répondre à dadou

20

geoffrey5, le 5 jan 2009 à 23:57:50

Refais un nouveau rapport hijackthis stp

   
Répondre à geoffrey5

21

dadou, le 6 jan 2009 à 00:00:39

Voici,
ComboFix 09-01-05.02 - edwige 2009-01-05 23:39:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\edwige\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\abeyugas.ini
c:\windows\system32\alanokeh.ini
c:\windows\system32\anagoval.ini
c:\windows\system32\azidadur.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ezejiweb.ini
c:\windows\system32\idulojoz.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\imawowan.ini
c:\windows\system32\imobeyaw.ini
c:\windows\system32\imozuhiw.ini
c:\windows\system32\jogopamo.dll
c:\windows\system32\kugeyugu.dll
c:\windows\system32\lifemima.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\ohisimak.ini
c:\windows\system32\olapehop.ini
c:\windows\system32\ozarelak.ini
c:\windows\system32\packet.dll
c:\windows\system32\pivumedo.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\ratifuya.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\toyedofi.dll
c:\windows\system32\uvizapuz.ini
c:\windows\system32\uzidigem.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vetuyija.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-05 au 2009-01-05 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 22:00 . 2009-01-05 22:17 <REP> d-------- C:\Lop SD
2009-01-05 21:47 . 2009-01-05 21:47 <REP> d-------- c:\program files\Trend Micro
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-04 01:00 . 2006-01-06 05:25 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-04 01:00 . 2009-01-04 01:00 <REP> d-------- c:\documents and settings\Administrateur
2009-01-02 14:41 . 2009-01-02 14:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-29 00:04 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-12-29 00:03 . 2008-12-29 00:03 <REP> d-------- c:\program files\Realtek
2008-12-28 22:26 . 2008-12-30 23:14 <REP> d-------- C:\Downloads
2008-12-28 22:24 . 2009-01-05 23:17 <REP> d-------- c:\documents and settings\edwige\Application Data\Software Informer
2008-12-28 22:23 . 2008-12-28 22:23 <REP> d-------- c:\program files\Software Informer
2008-12-28 22:23 . 2008-12-30 23:16 <REP> d-------- c:\program files\Free Download Manager
2008-12-28 20:42 . 2008-12-30 23:19 <REP> d-------- c:\program files\ma-config.com
2008-12-28 20:42 . 2008-12-30 23:18 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\edwige\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:06 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 15:18 . 2008-12-28 15:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-28 14:15 . 2008-12-28 14:15 <REP> d-------- c:\program files\Lavasoft
2008-12-28 14:15 . 2008-12-28 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-28 13:43 . 2009-01-02 14:41 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-28 13:36 . 2008-12-28 13:36 2,724 ---hs---- c:\windows\system32\nezogeju.dll
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-20 19:36 . 2008-12-20 19:36 <REP> d-------- c:\program files\Guillemot
2008-12-20 19:36 . 2007-03-23 14:57 118,784 --a------ c:\windows\system32\HDJAPI.dll
2008-12-20 19:36 . 2005-01-28 12:49 106,496 --a------ c:\windows\system32\GUStrLib.dll
2008-12-20 19:36 . 2007-01-09 14:47 86,016 --a------ c:\windows\system32\HRFDongle.dll
2008-12-20 19:36 . 2007-02-08 19:23 39,296 --a------ c:\windows\system32\drivers\HDJMidi.sys
2008-12-20 19:36 . 2007-03-23 14:58 23,040 --a------ c:\windows\system32\HDJSAPI.dll
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\program files\Avira
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:44 --------- d-----w c:\documents and settings\edwige\Application Data\OpenOffice.org2
2009-01-05 20:28 --------- d-----w c:\documents and settings\edwige\Application Data\uTorrent
2009-01-04 00:02 --------- d-----w c:\program files\Navilog1
2009-01-02 21:07 --------- d-----w c:\documents and settings\edwige\Application Data\LimeWire
2009-01-02 20:52 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-02 13:41 --------- d-----w c:\program files\Java
2008-12-28 23:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 17:11 --------- d-----w c:\program files\InternetProgram
2008-12-28 14:03 --------- d-----w c:\documents and settings\edwige\Application Data\Samsung
2008-12-28 13:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-23 17:12 4,967,424 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-12-23 10:34 18,077,696 ----a-w c:\windows\RTHDCPL.EXE
2008-11-13 00:14 --------- d-----w c:\program files\MSXML 6.0
2008-10-30 16:19 7,142 ----a-w c:\documents and settings\edwige\Application Data\wklnhst.dat
2008-10-23 16:42 290,816 ----a-w c:\windows\vncutil.exe
2008-04-14 02:33 65,024 --sha-w c:\windows\system32\asycfilt.dll
2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2004-08-05 03:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
2004-08-05 03:00 253,952 --sha-w c:\windows\system32\msvcrt20.dll
1601-01-01 00:12 39,936 --sha-w c:\windows\system32\nunuwege.dll
1601-01-01 00:12 40,960 --sha-w c:\windows\system32\vawinaso.dll
2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2008-12-18 1667141]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-09 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\edwige\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ulsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe"=
"c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\epm-dm.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_FATIACE.EXE"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WksCal.exe"=
"c:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"=

R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2006-08-10 12106]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2006-08-10 4392]
R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-08-10 4096]
R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-08-10 78208]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-08-10 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-08-10 4010]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys --> c:\windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2008-12-20 39296]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UBHELPER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e72898-2c81-11db-bc5b-00166f44482b}]
\Shell\AutoRun\command - F:\Loader.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6697df4-8425-11dd-bf6c-00166f44482b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef177916-99d0-11dc-be48-00166f44482b}]
\Shell\AutoRun\command - setupSNK.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WOOKIT - c:\progra~1\WANADOO\Shell.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
HKCU-Run-fsm - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 23:43:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-05 23:47:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-05 22:47:31

Avant-CF: 6 680 393 728 octets libres
Après-CF: 6,868,678,656 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

288 --- E O F --- 2008-12-20 17:31:51

   
Répondre à dadou

22

dadou, le 6 jan 2009 à 00:00:49

Voici,
ComboFix 09-01-05.02 - edwige 2009-01-05 23:39:00.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1014.568 [GMT 1:00]
Lancé depuis: c:\documents and settings\edwige\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\404Fix.exe
c:\windows\system32\abeyugas.ini
c:\windows\system32\alanokeh.ini
c:\windows\system32\anagoval.ini
c:\windows\system32\azidadur.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\ezejiweb.ini
c:\windows\system32\idulojoz.ini
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\imawowan.ini
c:\windows\system32\imobeyaw.ini
c:\windows\system32\imozuhiw.ini
c:\windows\system32\jogopamo.dll
c:\windows\system32\kugeyugu.dll
c:\windows\system32\lifemima.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\ohisimak.ini
c:\windows\system32\olapehop.ini
c:\windows\system32\ozarelak.ini
c:\windows\system32\packet.dll
c:\windows\system32\pivumedo.dll
c:\windows\system32\Process.exe
c:\windows\system32\pthreadVC.dll
c:\windows\system32\ratifuya.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\toyedofi.dll
c:\windows\system32\uvizapuz.ini
c:\windows\system32\uzidigem.ini
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\vetuyija.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
D:\Autorun.inf

----- BITS: Il y a peut-être des sites infectés -----

hxxp://77.74.48.105
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((((((( Fichiers créés du 2008-12-05 au 2009-01-05 ))))))))))))))))))))))))))))))))))))
.

2009-01-05 22:00 . 2009-01-05 22:17 <REP> d-------- C:\Lop SD
2009-01-05 21:47 . 2009-01-05 21:47 <REP> d-------- c:\program files\Trend Micro
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage réseau
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Voisinage d'impression
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d--h----- c:\documents and settings\Administrateur\Modèles
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Mes documents
2009-01-04 01:00 . 2006-01-06 05:25 <REP> dr------- c:\documents and settings\Administrateur\Menu Démarrer
2009-01-04 01:00 . 2006-01-06 05:36 <REP> dr------- c:\documents and settings\Administrateur\Favoris
2009-01-04 01:00 . 2006-01-06 05:25 <REP> d-------- c:\documents and settings\Administrateur\Bureau
2009-01-04 01:00 . 2009-01-04 01:00 <REP> d-------- c:\documents and settings\Administrateur
2009-01-02 14:41 . 2009-01-02 14:41 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-29 00:04 . 2007-11-14 15:18 553 --a------ c:\windows\USetup.iss
2008-12-29 00:03 . 2008-12-29 00:03 <REP> d-------- c:\program files\Realtek
2008-12-28 22:26 . 2008-12-30 23:14 <REP> d-------- C:\Downloads
2008-12-28 22:24 . 2009-01-05 23:17 <REP> d-------- c:\documents and settings\edwige\Application Data\Software Informer
2008-12-28 22:23 . 2008-12-28 22:23 <REP> d-------- c:\program files\Software Informer
2008-12-28 22:23 . 2008-12-30 23:16 <REP> d-------- c:\program files\Free Download Manager
2008-12-28 20:42 . 2008-12-30 23:19 <REP> d-------- c:\program files\ma-config.com
2008-12-28 20:42 . 2008-12-30 23:18 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\edwige\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-28 17:06 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-28 17:06 . 2008-12-03 19:54 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-28 17:06 . 2008-12-03 19:54 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-28 15:18 . 2008-12-28 15:18 <REP> d-------- c:\documents and settings\All Users\Application Data\Grisoft
2008-12-28 14:15 . 2008-12-28 14:15 <REP> d-------- c:\program files\Lavasoft
2008-12-28 14:15 . 2008-12-28 14:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-28 13:43 . 2009-01-02 14:41 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-28 13:36 . 2008-12-28 13:36 2,724 ---hs---- c:\windows\system32\nezogeju.dll
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys
2008-12-20 19:37 . 2008-04-13 19:45 60,032 --a------ c:\windows\system32\dllcache\usbaudio.sys
2008-12-20 19:36 . 2008-12-20 19:36 <REP> d-------- c:\program files\Guillemot
2008-12-20 19:36 . 2007-03-23 14:57 118,784 --a------ c:\windows\system32\HDJAPI.dll
2008-12-20 19:36 . 2005-01-28 12:49 106,496 --a------ c:\windows\system32\GUStrLib.dll
2008-12-20 19:36 . 2007-01-09 14:47 86,016 --a------ c:\windows\system32\HRFDongle.dll
2008-12-20 19:36 . 2007-02-08 19:23 39,296 --a------ c:\windows\system32\drivers\HDJMidi.sys
2008-12-20 19:36 . 2007-03-23 14:58 23,040 --a------ c:\windows\system32\HDJSAPI.dll
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\program files\Avira
2008-12-07 19:52 . 2008-12-07 19:52 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-05 22:44 --------- d-----w c:\documents and settings\edwige\Application Data\OpenOffice.org2
2009-01-05 20:28 --------- d-----w c:\documents and settings\edwige\Application Data\uTorrent
2009-01-04 00:02 --------- d-----w c:\program files\Navilog1
2009-01-02 21:07 --------- d-----w c:\documents and settings\edwige\Application Data\LimeWire
2009-01-02 20:52 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-02 13:41 --------- d-----w c:\program files\Java
2008-12-28 23:03 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-28 17:11 --------- d-----w c:\program files\InternetProgram
2008-12-28 14:03 --------- d-----w c:\documents and settings\edwige\Application Data\Samsung
2008-12-28 13:14 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2008-12-23 17:12 4,967,424 ----a-w c:\windows\system32\drivers\RtkHDAud.sys
2008-12-23 10:34 18,077,696 ----a-w c:\windows\RTHDCPL.EXE
2008-11-13 00:14 --------- d-----w c:\program files\MSXML 6.0
2008-10-30 16:19 7,142 ----a-w c:\documents and settings\edwige\Application Data\wklnhst.dat
2008-10-23 16:42 290,816 ----a-w c:\windows\vncutil.exe
2008-04-14 02:33 65,024 --sha-w c:\windows\system32\asycfilt.dll
2008-04-14 02:33 617,472 --sha-w c:\windows\system32\comctl32.dll
2008-04-14 02:33 1,028,096 --sha-w c:\windows\system32\mfc42.dll
2004-08-05 03:00 57,344 --sha-w c:\windows\system32\mfc42loc.dll
2008-04-14 02:33 413,696 --sha-w c:\windows\system32\msvcp60.dll
2008-04-14 02:33 343,040 --sha-w c:\windows\system32\msvcrt.dll
2004-08-05 03:00 253,952 --sha-w c:\windows\system32\msvcrt20.dll
1601-01-01 00:12 39,936 --sha-w c:\windows\system32\nunuwege.dll
1601-01-01 00:12 40,960 --sha-w c:\windows\system32\vawinaso.dll
2008-04-14 02:33 30,749 --sha-w c:\windows\system32\vbajet32.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2008-12-18 1667141]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-01-07 102491]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-18 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-18 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-18 114688]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"EPM-DM"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-01 458752]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-17 52848]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"EPSON Stylus DX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE" [2005-02-08 98304]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-12-09 185896]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-23 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 443968]

c:\documents and settings\edwige\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 393216]
wkcalrem.LNK - c:\program files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0/ulsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\aawservice.exe"=
"c:\\Program Files\\CyberLink\\Shared Files\\RichVideo.exe"=
"c:\\Program Files\\Logitech\\Video\\LogiTray.exe"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\avgnt.exe"=
"c:\\WINDOWS\\system32\\igfxpers.exe"=
"c:\\Acer\\Empowering Technology\\ePower\\epm-dm.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"=
"c:\\WINDOWS\\system32\\igfxtray.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_FATIACE.EXE"=
"c:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WksCal.exe"=
"c:\\Program Files\\OpenOffice.org 2.4\\program\\soffice.bin"=
"c:\\Program Files\\Avira\\AntiVir PersonalEdition Classic\\sched.exe"=

R1 OsaFsLoc;OsaFsLoc;c:\windows\system32\drivers\OsaFsLoc.sys [2006-08-10 12106]
R3 NdisFilt;OSA NdisFilter Protocol;c:\windows\system32\drivers\NdisFilt.sys [2006-08-10 4392]
R4 EpmPsd;Acer EPM Power Scheme Driver;c:\windows\system32\drivers\epm-psd.sys [2006-08-10 4096]
R4 EpmShd;Acer EPM System Hardware Driver;c:\windows\system32\drivers\epm-shd.sys [2006-08-10 78208]
R4 osaio;osaio;c:\windows\system32\drivers\osaio.sys [2006-08-10 7296]
R4 osanbm;osanbm;c:\windows\system32\drivers\osanbm.sys [2006-08-10 4010]
S3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys --> c:\windows\system32\Drivers\HDJBulk.sys [?]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [?]
S3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys --> c:\windows\system32\Drivers\HDJAsioK.sys [?]
S3 HDJMidi;Hercules DJ Console MIDI;c:\windows\system32\drivers\HDJMidi.sys [2008-12-20 39296]
S3 ZDCndis5;ZDCndis5 Protocol Driver;\??\c:\windows\system32\ZDCndis5.SYS --> c:\windows\system32\ZDCndis5.SYS [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UBHELPER

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81e72898-2c81-11db-bc5b-00166f44482b}]
\Shell\AutoRun\command - F:\Loader.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e6697df4-8425-11dd-bf6c-00166f44482b}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef177916-99d0-11dc-be48-00166f44482b}]
\Shell\AutoRun\command - setupSNK.exe
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-WOOKIT - c:\progra~1\WANADOO\Shell.exe
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
HKCU-Run-fsm - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.orange.fr
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_3_1_0_4.cab
c:\windows\Downloaded Program Files\hardwaredetection.inf
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-05 23:43:09
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\program files\OpenOffice.org 2.4\program\soffice.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\OpenOffice.org 2.4\program\soffice.bin
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Heure de fin: 2009-01-05 23:47:40 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-01-05 22:47:31

Avant-CF: 6 680 393 728 octets libres
Après-CF: 6,868,678,656 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

288 --- E O F --- 2008-12-20 17:31:51

   
Répondre à dadou

23

geoffrey5, le 6 jan 2009 à 00:02:10

Un nouveau rapport hijackthis

Pas combofix lol

   
Répondre à geoffrey5

24

dadou, le 6 jan 2009 à 00:03:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:58:47, on 05/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
End of file - 12123 bytes

   
Répondre à dadou

25

geoffrey5, le 6 jan 2009 à 00:09:28

Ok maintenant fais quand meme ceci pour etre sure :

▶ Télécharge Toolbar-S&D (de Team IDN) sur ton Bureau

▶ Lance l'installation du programme en exécutant le fichier téléchargé.

▶ Double-clique maintenant sur le raccourci de Toolbar-S&D.

▶ Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.

▶ Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.

▶ Poste le rapport généré. (C:\TB.txt)

   
Répondre à geoffrey5

26

dadou, le 6 jan 2009 à 00:11:33

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : edwige ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:6 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:27 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 06/01/2009| 0:10 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\InternetProgram
C:\Program Files\InternetProgram\InternetProgram.dat
C:\Program Files\InternetProgram\pcre3.dll
C:\Program Files\InternetProgram\uninstall.exe
C:\DOCUME~1\edwige\APPLIC~1\WhenU
C:\DOCUME~1\edwige\APPLIC~1\WhenU\dtStore.dat
C:\Program Files\Fichiers communs\WhenU
C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.orange.fr"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 06/01/2009| 0:11 - Option : [1]

-----------\\ Fin du rapport a 0:11:11,71

   
Répondre à dadou

27

geoffrey5, le 6 jan 2009 à 00:51:17

▶ Relance Toolbar-S&D en double-cliquant sur le raccourci.
▶ Tape sur "2" puis valide en appuyant sur "Entrée".
/!\ Ne ferme pas la fenêtre lors de la suppression !
▶ Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

ensuite refais un nouveau rapport hijackthis pour vérifier stp

   
Répondre à geoffrey5

28

dadou, le 6 jan 2009 à 09:34:42

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 1.73GHz )
BIOS : Phoenix NoteBIOS 4.0 Release 6.1
USER : edwige ( Administrator )
BOOT : Normal boot
Antivirus : Avira AntiVir PersonalEdition Classic 8.0.1.30 (Activated)
C:\ (Local Disk) - NTFS - Total:35 Go (Free:6 Go)
D:\ (Local Disk) - FAT32 - Total:35 Go (Free:27 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 06/01/2009| 9:32 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\InternetProgram\InternetProgram.dat
Supprime! - C:\Program Files\InternetProgram\pcre3.dll
Supprime! - C:\Program Files\InternetProgram\uninstall.exe
Supprime! - C:\DOCUME~1\edwige\APPLIC~1\WhenU\dtStore.dat
Supprime! - C:\Program Files\Fichiers communs\WhenU\DTAdapter.exe
Supprime! - C:\Program Files\Fichiers communs\WhenU\DTPlugin.dll
Supprime! - C:\Program Files\InternetProgram
Supprime! - C:\DOCUME~1\edwige\APPLIC~1\WhenU
Supprime! - C:\Program Files\Fichiers communs\WhenU

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.orange.fr"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !


1 - "C:\ToolBar SD\TB_1.txt" - 06/01/2009| 0:11 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 06/01/2009| 9:33 - Option : [2]

-----------\\ Fin du rapport a 9:33:38,34

   
Répondre à dadou

29

dadou, le 6 jan 2009 à 09:35:49

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:35:13, on 06/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\acer\Empowering Technology\ePower\epm-dm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /P26 "EPSON Stylus DX3800 Series" /O6 "USB001" /M "Stylus DX3800"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Startup: wkcalrem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
End of file - 12065 bytes

   
Répondre à dadou

30

geoffrey5, le 6 jan 2009 à 17:05:41

Bonjour,

relance hijackthis en cliquant sur scan only et coches ces lignes stp :

R3 - Default URLSearchHook is missing
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')

puis tu cliques sur fix checked.

ensuite :

▶ Télécharge RegCleaner

▶ Une fois installé, double-clique sur son icône pour l'exécuter

▶ Dans la barre de menu, clique sur Options puis sélectionne Language => Choose the language

▶ recherche French.rlg et double-clique dessus pour appliquer la langue

▶ Clique ensuite sur Outils dans la barre de menu

▶ Sélectionne Nettoyage du registre => Nettoyeur de registre automatique

▶ RegCleaner va alors lancer le nettoyage automatiquement

▶ Coche ensuite les entrées invalides qui sont apparues dans la fenêtre et clique sur Supprimer sélections => Terminer => Quitter

ensuite :

vas faire la mise à jour d adobe reader à cette adresse stp :

http://www.adobe.com/fr/products/acrobat/readstep2.html

ensuite :

▶ Télécharge JavaRa.zip

▶ Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)

▶ Double-clique sur le répertoire JavaRa obtenu.

▶ Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)

▶ Clique sur Search For Updates.

▶ Sélectionne Update Using jucheck.exe puis clique sur Search.

▶ Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.

▶ Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.

▶ Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.

▶ Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.

* Note : le rapport se trouve aussi là : ( C:\JavaRa.log )

Ferme l'application et dis moi si tu as encore des problèmes.

   
Répondre à geoffrey5

31

dadou, le 6 jan 2009 à 19:57:07

Le logiciel javara bloque pour les mises a jour, il ne repond pas

   
Répondre à dadou

32

geoffrey5, le 6 jan 2009 à 20:05:29

Il faut le laisser chercher sans rien toucher

   
Répondre à geoffrey5

33

dadou, le 6 jan 2009 à 20:49:55

ça ne marche pa et j'ai toujours des virus ds le fichiers dll

   
Répondre à dadou

34

geoffrey5, le 6 jan 2009 à 20:53:28

Fais la mise à jour à partir de ce lien : http://www.java.com/fr/download/manual.jsp

ensuite revient à l'écran de JavaRa et clique sur Remove Older Versions.

lis la suite du message précédent pour savoir ce qu il faut faire..

Qu entends-tu par virus dans le fichier dll ?? Pourrais-tu être un peu plus précis stp ??

   
Répondre à geoffrey5

35

dadou, le 6 jan 2009 à 20:56:46

Voici ce qui a été detecté par mon antivirus:
Dans le fichier 'C:\System Volume Information\_restore{23F08A26-38FB-4A7A-96A8-388AD6A8D028}\R­P649\A0081409.dll'
un virus ou un programme indésirable 'TR/Trash.Gen' [trojan] a été détecté.

   
Répondre à dadou

36

dadou, le 6 jan 2009 à 21:00:28

JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 06 20:58:39 2009

Found and removed: C:\Program Files\Java\jre1.5.0_10

Found and removed: SOFTWARE\Classes\JavaWebStart.isInstalled.1.5.0.0

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData­\S-1-5-18\Products\8A0F842331866D117AB7000B0D610004

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA­}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA­}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB­}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\­\C:\Program Files\Java\jre1.5.0_10\

------------------------------------

Finished reporting.



JavaRa 1.12 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jan 06 20:59:44 2009

------------------------------------

Finished reporting.

   
Répondre à dadou

37

geoffrey5, le 6 jan 2009 à 21:02:58

C est un virus dans un point de restauration, on s en occupera en fin de désinfection ;-)

As-tu fais tout ce que je t ai demandé au message 30 ??

Si oui, as-tu encore des problèmes à part ce virus ??

   
Répondre à geoffrey5

38

dadou, le 6 jan 2009 à 21:07:30

Rapport juste au dessus

Bah maintenant il y a les fichiers torrent que mon ordi ne reconnait plus mis a part ça ... tt fonctionne

   
Répondre à dadou
47 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide
Collection CommentÇaMarche.net