Ordi lent, fenetres intempestives, erreurs
Résolu/Fermé
ritchy
-
9 juil. 2008 à 10:16
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 - 18 juil. 2008 à 13:56
verni29 Messages postés 6699 Date d'inscription dimanche 6 juillet 2008 Statut Contributeur sécurité Dernière intervention 26 décembre 2016 - 18 juil. 2008 à 13:56
A voir également:
- Ordi lent, fenetres intempestives, erreurs
- Ordinateur lent - Guide
- Comment reinitialiser un ordi - Guide
- Ordi ecran noir - Guide
- Mon mac est lent comment le nettoyer - Guide
- Ordi scrabble - Télécharger - Jeux vidéo
52 réponses
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
9 juil. 2008 à 10:19
9 juil. 2008 à 10:19
Bonjour,
télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer.
Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message
A+
télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer.
Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message
A+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:46, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMb760cbaf] Rundll32.exe "C:\WINDOWS\system32\xvwtuovf.dll",s
O4 - HKLM\..\Run: [b453f833] rundll32.exe "C:\WINDOWS\system32\fxtvhuac.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
Scan saved at 10:24:46, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMb760cbaf] Rundll32.exe "C:\WINDOWS\system32\xvwtuovf.dll",s
O4 - HKLM\..\Run: [b453f833] rundll32.exe "C:\WINDOWS\system32\fxtvhuac.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
9 juil. 2008 à 10:35
9 juil. 2008 à 10:35
Richy, il y a différentes infections.
On commence par ceci.
Télécharge FixWareout sur ton bureau :
http://downloads.subratam.org/Fixwareout.exe
Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)
On commence par ceci.
Télécharge FixWareout sur ton bureau :
http://downloads.subratam.org/Fixwareout.exe
Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)
Username "RYCHIE" - 09/07/2008 10:38:24 [Fixwareout edited 9/01/2007]
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.3 85.255.112.127" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"PRISMSTA.EXE"="PRISMSTA.EXE START"
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"SpeedOptimizer"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
"NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe"
"NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"BMb760cbaf"="Rundll32.exe \"C:\\WINDOWS\\system32\\xvwtuovf.dll\",s"
"b453f833"="rundll32.exe \"C:\\WINDOWS\\system32\\fxtvhuac.dll\",b"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Shareaza"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"EPSON Stylus DX4400 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICAE.EXE /FU \"C:\\WINDOWS\\TEMP\\E_S145.tmp\" /EF \"HKCU\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMBgMonitor.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
~~~~~ Prerun check
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.3 85.255.112.127" <Value cleared.
Cache de résolution DNS vidé.
System was rebooted successfully.
~~~~~ Postrun check
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....
~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"PRISMSTA.EXE"="PRISMSTA.EXE START"
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"SpeedOptimizer"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
"NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe"
"NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"BMb760cbaf"="Rundll32.exe \"C:\\WINDOWS\\system32\\xvwtuovf.dll\",s"
"b453f833"="rundll32.exe \"C:\\WINDOWS\\system32\\fxtvhuac.dll\",b"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Shareaza"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"EPSON Stylus DX4400 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICAE.EXE /FU \"C:\\WINDOWS\\TEMP\\E_S145.tmp\" /EF \"HKCU\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMBgMonitor.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
9 juil. 2008 à 12:26
9 juil. 2008 à 12:26
Ritchy,
1) Pourrais-tu me poster un nouveau rapport Hijackthis pour que je vérifie que cette première infection est nettoyée ?
Je ne te cache pas qu'il y a un peu de travail pour rendre ton ordinateur propre.
2) l y a une chose très importante qu'il faut que tu fasses.
Il n'y a pas de protection sur ton ordinateur. tu dois installer :
- un antivirus
- un parefeu
- un antispyware
Je te mets quelques liens qui te donneront le choix :
Antivirus :
- Antivir :
https://www.malekal.com/avira-free-security-antivirus-gratuit/
- AVG :
http://www.commentcamarche.net/telecharger/telecharger 118 avg antivirus free edition
antispyware :
spybot
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
AVG :
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
Pare-feu :
- Comodo™ Firewall
http://www.personalfirewall.comodo.com/
- Kerio Personal Firewall
http://www.sunbelt-software.com/Kerio-Download.cfm
- PC Tools Firewall Plus
https://fr.norton.com/
Tu installes ces trois outils et on voit après pour la suite.
A+
1) Pourrais-tu me poster un nouveau rapport Hijackthis pour que je vérifie que cette première infection est nettoyée ?
Je ne te cache pas qu'il y a un peu de travail pour rendre ton ordinateur propre.
2) l y a une chose très importante qu'il faut que tu fasses.
Il n'y a pas de protection sur ton ordinateur. tu dois installer :
- un antivirus
- un parefeu
- un antispyware
Je te mets quelques liens qui te donneront le choix :
Antivirus :
- Antivir :
https://www.malekal.com/avira-free-security-antivirus-gratuit/
- AVG :
http://www.commentcamarche.net/telecharger/telecharger 118 avg antivirus free edition
antispyware :
spybot
https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/
AVG :
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
Pare-feu :
- Comodo™ Firewall
http://www.personalfirewall.comodo.com/
- Kerio Personal Firewall
http://www.sunbelt-software.com/Kerio-Download.cfm
- PC Tools Firewall Plus
https://fr.norton.com/
Tu installes ces trois outils et on voit après pour la suite.
A+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:28, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMb760cbaf] Rundll32.exe "C:\WINDOWS\system32\qqmyqcnw.dll",s
O4 - HKLM\..\Run: [b453f833] rundll32.exe "C:\WINDOWS\system32\rfkkkunn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
Scan saved at 12:47:28, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMb760cbaf] Rundll32.exe "C:\WINDOWS\system32\qqmyqcnw.dll",s
O4 - HKLM\..\Run: [b453f833] rundll32.exe "C:\WINDOWS\system32\rfkkkunn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
9 juil. 2008 à 12:57
9 juil. 2008 à 12:57
L'outil a bien travaillé.
Tu installes les protections et tu me fais signe quand tu auras terminé.
A+
Tu installes les protections et tu me fais signe quand tu auras terminé.
A+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
j'ai installée antiniv mais je n'arive pas à virer le fichier TR/Crypt.XPACK.Gen la fenetre revient sans cesse , il est logé dans system32\rfkkunn.dll
comment faire??
comment faire??
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
9 juil. 2008 à 13:45
9 juil. 2008 à 13:45
Antivir est un très bon antivirus ( le plus coté actuellement ) mais dans certains cas, il n'arrive pas à tout nettoyer.
Ce qui est le cas pour toi.
Installe le parefeu et l'antispyware et on voit pour la suite.
Ce qui est le cas pour toi.
Installe le parefeu et l'antispyware et on voit pour la suite.
bon, j'y suis mais ça fuse de partout, ya des messages qui ne cessent de s'afficher, c'est pénible, ça vient d'antivir et de sunbelt
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
9 juil. 2008 à 16:43
9 juil. 2008 à 16:43
Effectivement, vu que ton ordinateur n'avait pas de protection. :-)
Une fois qu'on aura fini, ça va se calmer.
Télécharge Toolbar-S&D sur ton Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue puis valide.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Copie/colle le contenu du rapport situé dans C:\TB.txt .
A+
Une fois qu'on aura fini, ça va se calmer.
Télécharge Toolbar-S&D sur ton Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue puis valide.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Copie/colle le contenu du rapport situé dans C:\TB.txt .
A+
je nettoie l'ordi de mon copain...qui voulait jamais m'écouter et installer tout ce qu'il fallait!
Est-ce normal que ce soient tjs les mêmes fichiers qu'antivir m'indique???
Est-ce normal que ce soient tjs les mêmes fichiers qu'antivir m'indique???
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
9 juil. 2008 à 17:12
9 juil. 2008 à 17:12
Citation :
Est-ce normal que ce soient tjs les mêmes fichiers qu'antivir m'indique???
Oui. Antivir ne doit pas réussier à les nettoyer.
Est-ce vraiment génant pour poursuivre ?
Si oui, on passe aux choses sérieuses et on reviendra sur les barres d'outils.
A+
Est-ce normal que ce soient tjs les mêmes fichiers qu'antivir m'indique???
Oui. Antivir ne doit pas réussier à les nettoyer.
Est-ce vraiment génant pour poursuivre ?
Si oui, on passe aux choses sérieuses et on reviendra sur les barres d'outils.
A+
oui, c'est un peu gênant...les fenetres s'affichent et me bloquent dans ce que je fais
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
9 juil. 2008 à 17:21
9 juil. 2008 à 17:21
OK,
On va passer MlawareBytes en mode sans échec. Cela peut prendre un peu de temps ( 40 mn ou plus ).
Désactive Antivir le temps de la mise à jour de MalwareBytes. tu la réactiveras après.
Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.
Tu relances l'ordinateur en mode sans échec ( touche F8 après redémarrage ).
Tu choisis ton compte utilisateur.
Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.
Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.
A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message, ainsi qu'un nouveau rapport Hijackthis.
A+
On va passer MlawareBytes en mode sans échec. Cela peut prendre un peu de temps ( 40 mn ou plus ).
Désactive Antivir le temps de la mise à jour de MalwareBytes. tu la réactiveras après.
Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.
Tu relances l'ordinateur en mode sans échec ( touche F8 après redémarrage ).
Tu choisis ton compte utilisateur.
Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.
Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.
A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message, ainsi qu'un nouveau rapport Hijackthis.
A+
rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:06, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll (file missing)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\awtRkLFu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {d149597f-20f6-83d8-0294-195eb0a509be} - {eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O20 - Winlogon Notify: awtRkLFu - C:\WINDOWS\SYSTEM32\awtRkLFu.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:06, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll (file missing)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\awtRkLFu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {d149597f-20f6-83d8-0294-195eb0a509be} - {eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O20 - Winlogon Notify: awtRkLFu - C:\WINDOWS\SYSTEM32\awtRkLFu.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
9 juil. 2008 à 18:43
9 juil. 2008 à 18:43
Richy,
Oui, je préférerais car, après, on ne repassera plus cet outil .
Cela prendra plus de temps, mais il est préférable d'agir ainsi.
Tu repostes un rapport Hijackthis avec le rapport MalwareBytes.
A+
Oui, je préférerais car, après, on ne repassera plus cet outil .
Cela prendra plus de temps, mais il est préférable d'agir ainsi.
Tu repostes un rapport Hijackthis avec le rapport MalwareBytes.
A+
après plus de 4h, on y est!
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 934
Windows 5.1.2600 Service Pack 2
08:36:03 10/07/2008
mbam-log-7-10-2008 (08-36-03).txt
Type de recherche: Examen complet (C:\|I:\|)
Eléments examinés: 133106
Temps écoulé: 4 hour(s), 8 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 79
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrklfu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP917\A0098436.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP917\A0098437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098454.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098471.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098475.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP920\A0100492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP923\A0100525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP924\A0100550.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP926\A0100571.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP926\A0100572.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP928\A0101593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP928\A0101594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP930\A0101618.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP930\A0101619.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP932\A0101649.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP932\A0101650.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP933\A0101671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP935\A0101693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP935\A0101694.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102727.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP937\A0102746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP938\A0102772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP939\A0102794.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP940\A0102845.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP942\A0102869.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP942\A0102870.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP944\A0102911.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP945\A0102943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP945\A0102961.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP946\A0102979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP947\A0103979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP948\A0103998.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP950\A0104043.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP951\A0104063.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109266.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109271.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109272.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109275.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109276.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109278.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109283.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109285.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIaywv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 934
Windows 5.1.2600 Service Pack 2
08:36:03 10/07/2008
mbam-log-7-10-2008 (08-36-03).txt
Type de recherche: Examen complet (C:\|I:\|)
Eléments examinés: 133106
Temps écoulé: 4 hour(s), 8 minute(s), 39 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 79
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrklfu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP917\A0098436.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP917\A0098437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098454.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098471.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098475.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP920\A0100492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP923\A0100525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP924\A0100550.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP926\A0100571.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP926\A0100572.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP928\A0101593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP928\A0101594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP930\A0101618.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP930\A0101619.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP932\A0101649.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP932\A0101650.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP933\A0101671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP935\A0101693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP935\A0101694.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102727.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP937\A0102746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP938\A0102772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP939\A0102794.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP940\A0102845.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP942\A0102869.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP942\A0102870.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP944\A0102911.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP945\A0102943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP945\A0102961.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP946\A0102979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP947\A0103979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP948\A0103998.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP950\A0104043.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP951\A0104063.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109266.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109271.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109272.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109275.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109276.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109278.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109283.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109285.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIaywv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
10 juil. 2008 à 09:10
10 juil. 2008 à 09:10
Bonjour,
1) Pourrais-tu m'envoyer un rapport Hijackthis ?
2) Tu vas télécharger ComBoFix sur le bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
On va le passer une première fois pour rechercher les infections.
Pour un meilleur résultat, on va le passer aussi en mode sans échec.
Redémarre l'ordinateur en mode sans échec ( touche F8 ) et choisis ton compte.
Double sur Combofix.exe et suis les invites.
Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.
Effectivement, il y avait du monde.
A+
1) Pourrais-tu m'envoyer un rapport Hijackthis ?
2) Tu vas télécharger ComBoFix sur le bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
On va le passer une première fois pour rechercher les infections.
Pour un meilleur résultat, on va le passer aussi en mode sans échec.
Redémarre l'ordinateur en mode sans échec ( touche F8 ) et choisis ton compte.
Double sur Combofix.exe et suis les invites.
Une fois le scan fini, un rapport va apparaitre.
Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.
Effectivement, il y avait du monde.
A+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:04, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll (file missing)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\awtRkLFu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {d149597f-20f6-83d8-0294-195eb0a509be} - {eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O20 - Winlogon Notify: awtRkLFu - C:\WINDOWS\SYSTEM32\awtRkLFu.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
Scan saved at 09:14:04, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=D4322FEE7CF74A348CB9CE970F098EF5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll (file missing)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\awtRkLFu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {d149597f-20f6-83d8-0294-195eb0a509be} - {eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O20 - Winlogon Notify: awtRkLFu - C:\WINDOWS\SYSTEM32\awtRkLFu.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
ComboFix 08-07-09.5 - RYCHIE 2008-07-10 12:43:19.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.369 [GMT 2:00]
Endroit: C:\Documents and Settings\RYCHIE\Bureau\claire\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMb760cbaf.txt
C:\WINDOWS\system32\aefmnewx.dll
C:\WINDOWS\system32\ajbgdjgk.ini
C:\WINDOWS\system32\alhuipxv.ini
C:\WINDOWS\system32\awtRkLFu.dll
C:\WINDOWS\system32\ayupca.dll
C:\WINDOWS\system32\bbwyeasx.dll
C:\WINDOWS\system32\bhvtfhkp.dll
C:\WINDOWS\system32\bkyylpnr.ini
C:\WINDOWS\system32\bnprqcyw.ini
C:\WINDOWS\system32\bnzxct.dll
C:\WINDOWS\system32\btuytagc.ini
C:\WINDOWS\system32\byoilrdg.ini
C:\WINDOWS\system32\cauhvtxf.ini
C:\WINDOWS\system32\cdzrht.dll
C:\WINDOWS\system32\cpmbuqix.dll
C:\WINDOWS\system32\dcdwhwgq.dll
C:\WINDOWS\system32\dfhnpsku.ini
C:\WINDOWS\system32\dgbblz.dll
C:\WINDOWS\system32\dstptrvy.ini
C:\WINDOWS\system32\dwojbw.dll
C:\WINDOWS\system32\dxphvxgi.ini
C:\WINDOWS\system32\eamxqfoc.dll
C:\WINDOWS\system32\eqjikbiy.ini
C:\WINDOWS\system32\eufixndj.dll
C:\WINDOWS\system32\faenehwx.ini
C:\WINDOWS\system32\fcepdrgs.ini
C:\WINDOWS\system32\ffntwpsf.dll
C:\WINDOWS\system32\fghqccdm.dll
C:\WINDOWS\system32\fgjccetq.dll
C:\WINDOWS\system32\fqivalnn.ini
C:\WINDOWS\system32\fueddkhq.dll
C:\WINDOWS\system32\gcsncfty.dll
C:\WINDOWS\system32\gvvpfiwt.dll
C:\WINDOWS\system32\gyvtmycj.ini
C:\WINDOWS\system32\hgGxUNeb.dll
C:\WINDOWS\system32\hikcqbui.dll
C:\WINDOWS\system32\hniggnbb.dll
C:\WINDOWS\system32\hrnmerwm.dll
C:\WINDOWS\system32\hshtyvne.dll
C:\WINDOWS\system32\htadxrfq.ini
C:\WINDOWS\system32\hvsouada.dll
C:\WINDOWS\system32\igegvfxo.dll
C:\WINDOWS\system32\ikywfn.dll
C:\WINDOWS\system32\imdokg.dll
C:\WINDOWS\system32\iojimpoh.dll
C:\WINDOWS\system32\isqogjrw.ini
C:\WINDOWS\system32\iwwvbx.dll
C:\WINDOWS\system32\jdpdxyvy.dll
C:\WINDOWS\system32\jdudysrs.ini
C:\WINDOWS\system32\jletxm.dll
C:\WINDOWS\system32\joymojbm.ini
C:\WINDOWS\system32\jvjqbluj.ini
C:\WINDOWS\system32\jwkcifqf.ini
C:\WINDOWS\system32\kdfrptiy.dll
C:\WINDOWS\system32\kerkoblt.dll
C:\WINDOWS\system32\knlfqswv.dll
C:\WINDOWS\system32\lcawgdbd.dll
C:\WINDOWS\system32\liwegggf.ini
C:\WINDOWS\system32\ljsfcbum.ini
C:\WINDOWS\system32\lpnnyo.dll
C:\WINDOWS\system32\lqzkol.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mohbayvy.dll
C:\WINDOWS\system32\mpxvixfb.ini
C:\WINDOWS\system32\neccbvik.ini
C:\WINDOWS\system32\nfbmbufj.ini
C:\WINDOWS\system32\nhrpvq.dll
C:\WINDOWS\system32\nmeoqsla.ini
C:\WINDOWS\system32\nnukkkfr.ini
C:\WINDOWS\system32\nrwbfa.dll
C:\WINDOWS\system32\ntasmkws.dll
C:\WINDOWS\system32\ntiyup.dll
C:\WINDOWS\system32\ntwajfmt.dll
C:\WINDOWS\system32\oenkrbos.ini
C:\WINDOWS\system32\ofcdbxvu.ini
C:\WINDOWS\system32\orgtiddw.dll
C:\WINDOWS\system32\panrkued.dll
C:\WINDOWS\system32\pcvcpoqo.ini
C:\WINDOWS\system32\pmnljJBq.dll
C:\WINDOWS\system32\poaxqmfr.dll
C:\WINDOWS\system32\qbiplfbr.ini
C:\WINDOWS\system32\qfxjylim.dll
C:\WINDOWS\system32\qhptngjh.ini
C:\WINDOWS\system32\qnpkcolv.ini
C:\WINDOWS\system32\qqmyqcnw.dll
C:\WINDOWS\system32\qrbdtkas.dll
C:\WINDOWS\system32\qsyqhdns.dll
C:\WINDOWS\system32\rldcyojm.dll
C:\WINDOWS\system32\rllugcxg.dll
C:\WINDOWS\system32\rqofhrxc.ini
C:\WINDOWS\system32\rvhpejva.dll
C:\WINDOWS\system32\sknnichm.dll
C:\WINDOWS\system32\snujvurx.dll
C:\WINDOWS\system32\swcaviuj.dll
C:\WINDOWS\system32\tduiddck.ini
C:\WINDOWS\system32\tikaulcm.ini
C:\WINDOWS\system32\toccsabk.ini
C:\WINDOWS\system32\tttuuutw.ini
C:\WINDOWS\system32\tylruy.dll
C:\WINDOWS\system32\ukqvejkk.dll
C:\WINDOWS\system32\uqrzdo.dll
C:\WINDOWS\system32\vkqgwmjr.dll
C:\WINDOWS\system32\vufqhoka.ini
C:\WINDOWS\system32\vuqmopsn.dll
C:\WINDOWS\system32\vzzapt.dll
C:\WINDOWS\system32\wfbwnqqu.ini
C:\WINDOWS\system32\whddmowa.dll
C:\WINDOWS\system32\wienum.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\wqhtlucj.ini
C:\WINDOWS\system32\wqkwjakv.dll
C:\WINDOWS\system32\xexvetss.dll
C:\WINDOWS\system32\xhjuihpg.ini
C:\WINDOWS\system32\xijiypuv.dll
C:\WINDOWS\system32\xrtukt.dll
C:\WINDOWS\system32\xvwtuovf.dll
C:\WINDOWS\system32\xwudasgu.dll
C:\WINDOWS\system32\yacydfeg.ini
C:\WINDOWS\system32\yiupiqte.ini
C:\WINDOWS\system32\yqokekvx.dll
C:\WINDOWS\system32\YyIlkRqr.ini
C:\WINDOWS\system32\YyIlkRqr.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.
2008-07-10 12:30 . 2008-07-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 12:30 . 2008-07-10 12:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\RYCHIE\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 17:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-09 16:58 . 2008-07-09 17:02 <REP> d-------- C:\Toolbar SD
2008-07-09 16:22 . 2008-07-09 16:22 149 --a------ C:\WINDOWS\wininit.ini
2008-07-09 14:03 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-07-09 14:03 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-07-09 14:02 . 2008-07-09 14:02 <REP> d-------- C:\Program Files\Sunbelt Software
2008-07-09 14:00 . 2008-07-09 14:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 14:00 . 2008-07-09 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Program Files\Avira
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-09 10:36 . 2008-07-09 10:45 <REP> d-------- C:\fixwareout
2008-07-09 10:22 . 2008-07-09 10:22 <REP> d-------- C:\Program Files\Trend Micro
2008-07-01 19:23 . 2008-07-01 19:23 1,713,713 --ahs---- C:\WINDOWS\system32\pwjwqucf.tmp
2008-07-01 19:23 . 2008-07-01 19:23 294 --ahs---- C:\WINDOWS\system32\pwjwqucf.ini
2008-06-30 19:11 . 2008-06-30 19:11 1,733,619 --ahs---- C:\WINDOWS\system32\joymojbm.tmp
2008-06-28 10:18 . 2008-06-28 10:17 294 --ahs---- C:\WINDOWS\system32\jkfoolas.ini
2008-06-28 10:17 . 2008-06-28 10:17 1,733,640 --ahs---- C:\WINDOWS\system32\jkfoolas.tmp
2008-06-26 19:14 . 2008-06-26 19:14 1,706,852 ---hs---- C:\WINDOWS\system32\dxphvxgi.tmp
2008-06-24 20:56 . 2008-06-25 20:33 1,126 ---hs---- C:\WINDOWS\system32\pomenrob.ini
2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 14:24 --------- d-----w C:\Program Files\Safari
2008-07-09 12:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-18 07:42 --------- d-----w C:\Program Files\Apple Software Update
2008-05-17 17:29 6,712 ----a-w C:\Documents and Settings\RYCHIE\Application Data\wklnhst.dat
2008-05-17 09:14 --------- d-----w C:\Program Files\iTunes
2008-05-17 09:14 --------- d-----w C:\Program Files\iPod
2008-05-17 09:12 --------- d-----w C:\Program Files\QuickTime
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-15 18:09 81,920 ----a-w C:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe
2007-12-15 18:09 47,360 ----a-w C:\Documents and Settings\RYCHIE\Application Data\pcouffin.sys
2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip3_1.mpg
2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip2_1.mpg
2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip1_1.mpg
2006-06-15 18:00 2,193,412 ----a-w C:\Program Files\((dream2_1.mpg
2006-06-15 18:00 2,134,020 ----a-w C:\Program Files\((dream1_1.mpg
2006-06-15 17:58 1,984,516 ----a-w C:\Program Files\gonzo1.mpg
2006-06-15 17:58 1,959,940 ----a-w C:\Program Files\gonzo2.mpg
2006-06-15 17:48 1,700,047 ----a-w C:\Program Files\$$003.mpg
2006-06-15 17:48 1,699,852 ----a-w C:\Program Files\$$002_3.mpg
2006-06-15 17:48 1,698,143 ----a-w C:\Program Files\$$001.mpg
2006-05-21 09:20 1,030,213 ----a-w C:\Program Files\3.mpg
2006-05-16 21:46 2,234,372 ----a-w C:\Program Files\magic1.mpg
2006-05-16 21:46 2,146,308 ----a-w C:\Program Files\magic2.mpg
2006-05-13 12:36 2,379,780 ----a-w C:\Program Files\dream2.mpg
2006-05-13 12:36 2,373,636 ----a-w C:\Program Files\dream1.mpg
2006-05-07 19:04 700,420 ----a-w C:\Program Files\2.mpg
2006-05-06 09:27 736,206 ----a-w C:\Program Files\4_9.wmv
2006-05-06 09:27 705,882 ----a-w C:\Program Files\3_10.wmv
2006-05-06 09:26 731,874 ----a-w C:\Program Files\2_11.wmv
2006-05-06 09:26 702,994 ----a-w C:\Program Files\1_11.wmv
2006-05-06 08:59 1,395,843 ----a-w C:\Program Files\3_12.mpg
2006-05-06 08:59 1,395,759 ----a-w C:\Program Files\4_2.mpg
2006-05-06 08:57 1,394,424 ----a-w C:\Program Files\1_16.mpg
2006-05-06 08:57 1,393,645 ----a-w C:\Program Files\2_17.mpg
2006-05-06 08:55 933,892 ----a-w C:\Program Files\3_11.mpg
2006-05-06 08:55 860,164 ----a-w C:\Program Files\2_16.mpg
2006-05-06 08:55 860,164 ----a-w C:\Program Files\1_15.mpg
2006-04-30 12:43 782,340 ----a-w C:\Program Files\2_15.mpg
2006-04-29 08:23 1,687,845 ----a-w C:\Program Files\[u]0[/u]003.mpg
2006-04-24 19:14 1,437,700 ----a-w C:\Program Files\2_14.mpg
2006-04-24 19:14 1,368,068 ----a-w C:\Program Files\3_10.mpg
2006-04-24 19:08 1,290,894 ----a-w C:\Program Files\1_14.mpg
2006-04-24 19:03 735,236 ----a-w C:\Program Files\1_13.mpg
2006-04-24 19:03 700,420 ----a-w C:\Program Files\2_13.mpg
2006-04-19 05:42 1,395,843 ----a-w C:\Program Files\3_9.mpg
2006-04-19 05:42 1,395,759 ----a-w C:\Program Files\4_1.mpg
2006-04-19 05:41 1,394,424 ----a-w C:\Program Files\1_12.mpg
2006-04-19 05:41 1,393,645 ----a-w C:\Program Files\2_12.mpg
2006-04-15 09:07 1,291,124 ----a-w C:\Program Files\3_8.mpg
2006-04-15 09:07 1,284,546 ----a-w C:\Program Files\2_11.mpg
2006-04-15 09:07 1,279,776 ----a-w C:\Program Files\1_11.mpg
2006-04-15 08:54 1,599,492 ----a-w C:\Program Files\2_10.mpg
2006-04-15 08:54 1,597,444 ----a-w C:\Program Files\1_10.mpg
2006-04-12 18:24 2,256,900 ----a-w C:\Program Files\[u]0[/u]3_9.mpg
2006-04-12 18:24 2,129,924 ----a-w C:\Program Files\[u]0[/u]1_10.mpg
2006-04-12 18:24 2,109,444 ----a-w C:\Program Files\[u]0[/u]2_10.mpg
2006-04-11 21:07 521,350 ----a-w C:\Program Files\2_10.wmv
2006-04-11 21:07 493,920 ----a-w C:\Program Files\3_9.wmv
2006-04-11 21:07 492,470 ----a-w C:\Program Files\1_10.wmv
2006-04-11 21:07 460,702 ----a-w C:\Program Files\4_8.wmv
2006-04-11 21:05 1,269,637 ----a-w C:\Program Files\3_7.mpg
2006-04-11 18:46 1,260,693 ----a-w C:\Program Files\1_9.mpg
2006-04-11 18:46 1,252,854 ----a-w C:\Program Files\2_9.mpg
2006-04-11 18:12 1,751,044 ----a-w C:\Program Files\2_8.mpg
2006-04-11 18:12 1,751,044 ----a-w C:\Program Files\1_8.mpg
2006-04-11 18:03 1,343,492 ----a-w C:\Program Files\[u]0[/u]2_9.mpg
2006-04-11 18:03 1,232,900 ----a-w C:\Program Files\[u]0[/u]3_8.mpg
2006-04-11 17:59 1,220,612 ----a-w C:\Program Files\[u]0[/u]2_8.mpg
2006-04-09 12:10 1,629,124 ----a-w C:\Program Files\[u]0[/u]001_2.mpg
2006-04-09 12:10 1,561,728 ----a-w C:\Program Files\[u]0[/u]002_2.mpg
2006-04-09 11:58 804,868 ----a-w C:\Program Files\2_7.mpg
2006-04-09 11:58 802,820 ----a-w C:\Program Files\1_7.mpg
2006-04-08 12:23 1,255,428 ----a-w C:\Program Files\[u]0[/u]3_6.mpg
2006-04-08 12:15 983,075 ----a-w C:\Program Files\4_7.wmv
2006-04-08 12:15 983,075 ----a-w C:\Program Files\3_8.wmv
2006-04-08 12:15 977,275 ----a-w C:\Program Files\1_9.wmv
2006-04-08 12:15 1,029,475 ----a-w C:\Program Files\2_9.wmv
2006-04-08 12:14 2,034,885 ----a-w C:\Program Files\1_8.wmv
2006-04-08 12:14 1,986,885 ----a-w C:\Program Files\2_8.wmv
2006-04-08 12:14 1,978,885 ----a-w C:\Program Files\4_6.wmv
2006-04-08 12:14 1,930,885 ----a-w C:\Program Files\3_7.wmv
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]3_5.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]2_6.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]1_6.mpg
2006-04-06 18:39 1,710,564 ----a-w C:\Program Files\3_6.mpg
2006-04-06 18:38 1,637,533 ----a-w C:\Program Files\2_6.mpg
2006-04-06 18:38 1,637,407 ----a-w C:\Program Files\1_6.mpg
2006-04-06 18:14 2,236,420 ----a-w C:\Program Files\[u]0[/u]3_4.mpg
2006-04-06 18:14 2,207,748 ----a-w C:\Program Files\[u]0[/u]4_2.mpg
2006-04-06 18:11 2,166,788 ----a-w C:\Program Files\3_5.mpg
2006-04-06 18:10 2,222,084 ----a-w C:\Program Files\2_5.mpg
2006-04-06 18:10 2,166,788 ----a-w C:\Program Files\1_5.mpg
2006-04-04 18:34 1,220,612 ----a-w C:\Program Files\[u]0[/u]3_3.mpg
2006-04-04 18:34 1,157,124 ----a-w C:\Program Files\[u]0[/u]2_4.mpg
2006-04-04 18:33 1,042,436 ----a-w C:\Program Files\[u]0[/u]1_4.mpg
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-10-14 09:55 3335944]
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 16:53 607232]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pxxkiixs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
S3 PRISM_USB;Prism Mini USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2002-02-24 22:39]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-09 12:38:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll
BHO-{487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
BHO-{eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll
HKLM-Run-PRISMSTA.EXE - PRISMSTA.EXE
Notify-awtRkLFu - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 12:50:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-10 12:57:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 10:56:03
Pre-Run: 5,848,817,664 octets libres
Post-Run: 5,878,308,864 octets libres
361 --- E O F --- 2008-07-10 10:25:56
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.369 [GMT 2:00]
Endroit: C:\Documents and Settings\RYCHIE\Bureau\claire\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMb760cbaf.txt
C:\WINDOWS\system32\aefmnewx.dll
C:\WINDOWS\system32\ajbgdjgk.ini
C:\WINDOWS\system32\alhuipxv.ini
C:\WINDOWS\system32\awtRkLFu.dll
C:\WINDOWS\system32\ayupca.dll
C:\WINDOWS\system32\bbwyeasx.dll
C:\WINDOWS\system32\bhvtfhkp.dll
C:\WINDOWS\system32\bkyylpnr.ini
C:\WINDOWS\system32\bnprqcyw.ini
C:\WINDOWS\system32\bnzxct.dll
C:\WINDOWS\system32\btuytagc.ini
C:\WINDOWS\system32\byoilrdg.ini
C:\WINDOWS\system32\cauhvtxf.ini
C:\WINDOWS\system32\cdzrht.dll
C:\WINDOWS\system32\cpmbuqix.dll
C:\WINDOWS\system32\dcdwhwgq.dll
C:\WINDOWS\system32\dfhnpsku.ini
C:\WINDOWS\system32\dgbblz.dll
C:\WINDOWS\system32\dstptrvy.ini
C:\WINDOWS\system32\dwojbw.dll
C:\WINDOWS\system32\dxphvxgi.ini
C:\WINDOWS\system32\eamxqfoc.dll
C:\WINDOWS\system32\eqjikbiy.ini
C:\WINDOWS\system32\eufixndj.dll
C:\WINDOWS\system32\faenehwx.ini
C:\WINDOWS\system32\fcepdrgs.ini
C:\WINDOWS\system32\ffntwpsf.dll
C:\WINDOWS\system32\fghqccdm.dll
C:\WINDOWS\system32\fgjccetq.dll
C:\WINDOWS\system32\fqivalnn.ini
C:\WINDOWS\system32\fueddkhq.dll
C:\WINDOWS\system32\gcsncfty.dll
C:\WINDOWS\system32\gvvpfiwt.dll
C:\WINDOWS\system32\gyvtmycj.ini
C:\WINDOWS\system32\hgGxUNeb.dll
C:\WINDOWS\system32\hikcqbui.dll
C:\WINDOWS\system32\hniggnbb.dll
C:\WINDOWS\system32\hrnmerwm.dll
C:\WINDOWS\system32\hshtyvne.dll
C:\WINDOWS\system32\htadxrfq.ini
C:\WINDOWS\system32\hvsouada.dll
C:\WINDOWS\system32\igegvfxo.dll
C:\WINDOWS\system32\ikywfn.dll
C:\WINDOWS\system32\imdokg.dll
C:\WINDOWS\system32\iojimpoh.dll
C:\WINDOWS\system32\isqogjrw.ini
C:\WINDOWS\system32\iwwvbx.dll
C:\WINDOWS\system32\jdpdxyvy.dll
C:\WINDOWS\system32\jdudysrs.ini
C:\WINDOWS\system32\jletxm.dll
C:\WINDOWS\system32\joymojbm.ini
C:\WINDOWS\system32\jvjqbluj.ini
C:\WINDOWS\system32\jwkcifqf.ini
C:\WINDOWS\system32\kdfrptiy.dll
C:\WINDOWS\system32\kerkoblt.dll
C:\WINDOWS\system32\knlfqswv.dll
C:\WINDOWS\system32\lcawgdbd.dll
C:\WINDOWS\system32\liwegggf.ini
C:\WINDOWS\system32\ljsfcbum.ini
C:\WINDOWS\system32\lpnnyo.dll
C:\WINDOWS\system32\lqzkol.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mohbayvy.dll
C:\WINDOWS\system32\mpxvixfb.ini
C:\WINDOWS\system32\neccbvik.ini
C:\WINDOWS\system32\nfbmbufj.ini
C:\WINDOWS\system32\nhrpvq.dll
C:\WINDOWS\system32\nmeoqsla.ini
C:\WINDOWS\system32\nnukkkfr.ini
C:\WINDOWS\system32\nrwbfa.dll
C:\WINDOWS\system32\ntasmkws.dll
C:\WINDOWS\system32\ntiyup.dll
C:\WINDOWS\system32\ntwajfmt.dll
C:\WINDOWS\system32\oenkrbos.ini
C:\WINDOWS\system32\ofcdbxvu.ini
C:\WINDOWS\system32\orgtiddw.dll
C:\WINDOWS\system32\panrkued.dll
C:\WINDOWS\system32\pcvcpoqo.ini
C:\WINDOWS\system32\pmnljJBq.dll
C:\WINDOWS\system32\poaxqmfr.dll
C:\WINDOWS\system32\qbiplfbr.ini
C:\WINDOWS\system32\qfxjylim.dll
C:\WINDOWS\system32\qhptngjh.ini
C:\WINDOWS\system32\qnpkcolv.ini
C:\WINDOWS\system32\qqmyqcnw.dll
C:\WINDOWS\system32\qrbdtkas.dll
C:\WINDOWS\system32\qsyqhdns.dll
C:\WINDOWS\system32\rldcyojm.dll
C:\WINDOWS\system32\rllugcxg.dll
C:\WINDOWS\system32\rqofhrxc.ini
C:\WINDOWS\system32\rvhpejva.dll
C:\WINDOWS\system32\sknnichm.dll
C:\WINDOWS\system32\snujvurx.dll
C:\WINDOWS\system32\swcaviuj.dll
C:\WINDOWS\system32\tduiddck.ini
C:\WINDOWS\system32\tikaulcm.ini
C:\WINDOWS\system32\toccsabk.ini
C:\WINDOWS\system32\tttuuutw.ini
C:\WINDOWS\system32\tylruy.dll
C:\WINDOWS\system32\ukqvejkk.dll
C:\WINDOWS\system32\uqrzdo.dll
C:\WINDOWS\system32\vkqgwmjr.dll
C:\WINDOWS\system32\vufqhoka.ini
C:\WINDOWS\system32\vuqmopsn.dll
C:\WINDOWS\system32\vzzapt.dll
C:\WINDOWS\system32\wfbwnqqu.ini
C:\WINDOWS\system32\whddmowa.dll
C:\WINDOWS\system32\wienum.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\wqhtlucj.ini
C:\WINDOWS\system32\wqkwjakv.dll
C:\WINDOWS\system32\xexvetss.dll
C:\WINDOWS\system32\xhjuihpg.ini
C:\WINDOWS\system32\xijiypuv.dll
C:\WINDOWS\system32\xrtukt.dll
C:\WINDOWS\system32\xvwtuovf.dll
C:\WINDOWS\system32\xwudasgu.dll
C:\WINDOWS\system32\yacydfeg.ini
C:\WINDOWS\system32\yiupiqte.ini
C:\WINDOWS\system32\yqokekvx.dll
C:\WINDOWS\system32\YyIlkRqr.ini
C:\WINDOWS\system32\YyIlkRqr.ini2
.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.
2008-07-10 12:30 . 2008-07-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 12:30 . 2008-07-10 12:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\RYCHIE\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 17:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-09 16:58 . 2008-07-09 17:02 <REP> d-------- C:\Toolbar SD
2008-07-09 16:22 . 2008-07-09 16:22 149 --a------ C:\WINDOWS\wininit.ini
2008-07-09 14:03 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-07-09 14:03 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-07-09 14:02 . 2008-07-09 14:02 <REP> d-------- C:\Program Files\Sunbelt Software
2008-07-09 14:00 . 2008-07-09 14:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 14:00 . 2008-07-09 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Program Files\Avira
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-09 10:36 . 2008-07-09 10:45 <REP> d-------- C:\fixwareout
2008-07-09 10:22 . 2008-07-09 10:22 <REP> d-------- C:\Program Files\Trend Micro
2008-07-01 19:23 . 2008-07-01 19:23 1,713,713 --ahs---- C:\WINDOWS\system32\pwjwqucf.tmp
2008-07-01 19:23 . 2008-07-01 19:23 294 --ahs---- C:\WINDOWS\system32\pwjwqucf.ini
2008-06-30 19:11 . 2008-06-30 19:11 1,733,619 --ahs---- C:\WINDOWS\system32\joymojbm.tmp
2008-06-28 10:18 . 2008-06-28 10:17 294 --ahs---- C:\WINDOWS\system32\jkfoolas.ini
2008-06-28 10:17 . 2008-06-28 10:17 1,733,640 --ahs---- C:\WINDOWS\system32\jkfoolas.tmp
2008-06-26 19:14 . 2008-06-26 19:14 1,706,852 ---hs---- C:\WINDOWS\system32\dxphvxgi.tmp
2008-06-24 20:56 . 2008-06-25 20:33 1,126 ---hs---- C:\WINDOWS\system32\pomenrob.ini
2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 14:24 --------- d-----w C:\Program Files\Safari
2008-07-09 12:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-18 07:42 --------- d-----w C:\Program Files\Apple Software Update
2008-05-17 17:29 6,712 ----a-w C:\Documents and Settings\RYCHIE\Application Data\wklnhst.dat
2008-05-17 09:14 --------- d-----w C:\Program Files\iTunes
2008-05-17 09:14 --------- d-----w C:\Program Files\iPod
2008-05-17 09:12 --------- d-----w C:\Program Files\QuickTime
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-15 18:09 81,920 ----a-w C:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe
2007-12-15 18:09 47,360 ----a-w C:\Documents and Settings\RYCHIE\Application Data\pcouffin.sys
2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip3_1.mpg
2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip2_1.mpg
2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip1_1.mpg
2006-06-15 18:00 2,193,412 ----a-w C:\Program Files\((dream2_1.mpg
2006-06-15 18:00 2,134,020 ----a-w C:\Program Files\((dream1_1.mpg
2006-06-15 17:58 1,984,516 ----a-w C:\Program Files\gonzo1.mpg
2006-06-15 17:58 1,959,940 ----a-w C:\Program Files\gonzo2.mpg
2006-06-15 17:48 1,700,047 ----a-w C:\Program Files\$$003.mpg
2006-06-15 17:48 1,699,852 ----a-w C:\Program Files\$$002_3.mpg
2006-06-15 17:48 1,698,143 ----a-w C:\Program Files\$$001.mpg
2006-05-21 09:20 1,030,213 ----a-w C:\Program Files\3.mpg
2006-05-16 21:46 2,234,372 ----a-w C:\Program Files\magic1.mpg
2006-05-16 21:46 2,146,308 ----a-w C:\Program Files\magic2.mpg
2006-05-13 12:36 2,379,780 ----a-w C:\Program Files\dream2.mpg
2006-05-13 12:36 2,373,636 ----a-w C:\Program Files\dream1.mpg
2006-05-07 19:04 700,420 ----a-w C:\Program Files\2.mpg
2006-05-06 09:27 736,206 ----a-w C:\Program Files\4_9.wmv
2006-05-06 09:27 705,882 ----a-w C:\Program Files\3_10.wmv
2006-05-06 09:26 731,874 ----a-w C:\Program Files\2_11.wmv
2006-05-06 09:26 702,994 ----a-w C:\Program Files\1_11.wmv
2006-05-06 08:59 1,395,843 ----a-w C:\Program Files\3_12.mpg
2006-05-06 08:59 1,395,759 ----a-w C:\Program Files\4_2.mpg
2006-05-06 08:57 1,394,424 ----a-w C:\Program Files\1_16.mpg
2006-05-06 08:57 1,393,645 ----a-w C:\Program Files\2_17.mpg
2006-05-06 08:55 933,892 ----a-w C:\Program Files\3_11.mpg
2006-05-06 08:55 860,164 ----a-w C:\Program Files\2_16.mpg
2006-05-06 08:55 860,164 ----a-w C:\Program Files\1_15.mpg
2006-04-30 12:43 782,340 ----a-w C:\Program Files\2_15.mpg
2006-04-29 08:23 1,687,845 ----a-w C:\Program Files\[u]0[/u]003.mpg
2006-04-24 19:14 1,437,700 ----a-w C:\Program Files\2_14.mpg
2006-04-24 19:14 1,368,068 ----a-w C:\Program Files\3_10.mpg
2006-04-24 19:08 1,290,894 ----a-w C:\Program Files\1_14.mpg
2006-04-24 19:03 735,236 ----a-w C:\Program Files\1_13.mpg
2006-04-24 19:03 700,420 ----a-w C:\Program Files\2_13.mpg
2006-04-19 05:42 1,395,843 ----a-w C:\Program Files\3_9.mpg
2006-04-19 05:42 1,395,759 ----a-w C:\Program Files\4_1.mpg
2006-04-19 05:41 1,394,424 ----a-w C:\Program Files\1_12.mpg
2006-04-19 05:41 1,393,645 ----a-w C:\Program Files\2_12.mpg
2006-04-15 09:07 1,291,124 ----a-w C:\Program Files\3_8.mpg
2006-04-15 09:07 1,284,546 ----a-w C:\Program Files\2_11.mpg
2006-04-15 09:07 1,279,776 ----a-w C:\Program Files\1_11.mpg
2006-04-15 08:54 1,599,492 ----a-w C:\Program Files\2_10.mpg
2006-04-15 08:54 1,597,444 ----a-w C:\Program Files\1_10.mpg
2006-04-12 18:24 2,256,900 ----a-w C:\Program Files\[u]0[/u]3_9.mpg
2006-04-12 18:24 2,129,924 ----a-w C:\Program Files\[u]0[/u]1_10.mpg
2006-04-12 18:24 2,109,444 ----a-w C:\Program Files\[u]0[/u]2_10.mpg
2006-04-11 21:07 521,350 ----a-w C:\Program Files\2_10.wmv
2006-04-11 21:07 493,920 ----a-w C:\Program Files\3_9.wmv
2006-04-11 21:07 492,470 ----a-w C:\Program Files\1_10.wmv
2006-04-11 21:07 460,702 ----a-w C:\Program Files\4_8.wmv
2006-04-11 21:05 1,269,637 ----a-w C:\Program Files\3_7.mpg
2006-04-11 18:46 1,260,693 ----a-w C:\Program Files\1_9.mpg
2006-04-11 18:46 1,252,854 ----a-w C:\Program Files\2_9.mpg
2006-04-11 18:12 1,751,044 ----a-w C:\Program Files\2_8.mpg
2006-04-11 18:12 1,751,044 ----a-w C:\Program Files\1_8.mpg
2006-04-11 18:03 1,343,492 ----a-w C:\Program Files\[u]0[/u]2_9.mpg
2006-04-11 18:03 1,232,900 ----a-w C:\Program Files\[u]0[/u]3_8.mpg
2006-04-11 17:59 1,220,612 ----a-w C:\Program Files\[u]0[/u]2_8.mpg
2006-04-09 12:10 1,629,124 ----a-w C:\Program Files\[u]0[/u]001_2.mpg
2006-04-09 12:10 1,561,728 ----a-w C:\Program Files\[u]0[/u]002_2.mpg
2006-04-09 11:58 804,868 ----a-w C:\Program Files\2_7.mpg
2006-04-09 11:58 802,820 ----a-w C:\Program Files\1_7.mpg
2006-04-08 12:23 1,255,428 ----a-w C:\Program Files\[u]0[/u]3_6.mpg
2006-04-08 12:15 983,075 ----a-w C:\Program Files\4_7.wmv
2006-04-08 12:15 983,075 ----a-w C:\Program Files\3_8.wmv
2006-04-08 12:15 977,275 ----a-w C:\Program Files\1_9.wmv
2006-04-08 12:15 1,029,475 ----a-w C:\Program Files\2_9.wmv
2006-04-08 12:14 2,034,885 ----a-w C:\Program Files\1_8.wmv
2006-04-08 12:14 1,986,885 ----a-w C:\Program Files\2_8.wmv
2006-04-08 12:14 1,978,885 ----a-w C:\Program Files\4_6.wmv
2006-04-08 12:14 1,930,885 ----a-w C:\Program Files\3_7.wmv
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]3_5.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]2_6.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]1_6.mpg
2006-04-06 18:39 1,710,564 ----a-w C:\Program Files\3_6.mpg
2006-04-06 18:38 1,637,533 ----a-w C:\Program Files\2_6.mpg
2006-04-06 18:38 1,637,407 ----a-w C:\Program Files\1_6.mpg
2006-04-06 18:14 2,236,420 ----a-w C:\Program Files\[u]0[/u]3_4.mpg
2006-04-06 18:14 2,207,748 ----a-w C:\Program Files\[u]0[/u]4_2.mpg
2006-04-06 18:11 2,166,788 ----a-w C:\Program Files\3_5.mpg
2006-04-06 18:10 2,222,084 ----a-w C:\Program Files\2_5.mpg
2006-04-06 18:10 2,166,788 ----a-w C:\Program Files\1_5.mpg
2006-04-04 18:34 1,220,612 ----a-w C:\Program Files\[u]0[/u]3_3.mpg
2006-04-04 18:34 1,157,124 ----a-w C:\Program Files\[u]0[/u]2_4.mpg
2006-04-04 18:33 1,042,436 ----a-w C:\Program Files\[u]0[/u]1_4.mpg
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-10-14 09:55 3335944]
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 16:53 607232]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pxxkiixs.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
S3 PRISM_USB;Prism Mini USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2002-02-24 22:39]
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-09 12:38:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll
BHO-{487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
BHO-{eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll
HKLM-Run-PRISMSTA.EXE - PRISMSTA.EXE
Notify-awtRkLFu - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 12:50:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-10 12:57:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 10:56:03
Pre-Run: 5,848,817,664 octets libres
Post-Run: 5,878,308,864 octets libres
361 --- E O F --- 2008-07-10 10:25:56
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
10 juil. 2008 à 13:02
10 juil. 2008 à 13:02
Ritchy
Il me faut un peu de temps pour préparer le script de désinfection.
Peux-tu me poster un rapport Hijackthis, STP ?
De retour dans une heure.
A+
Il me faut un peu de temps pour préparer le script de désinfection.
Peux-tu me poster un rapport Hijackthis, STP ?
De retour dans une heure.
A+
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
>
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
10 juil. 2008 à 14:06
10 juil. 2008 à 14:06
Ritchty,
Il me faut vérifier le chemin dans la base de registre de ce fichier : WinUpdating.exe
Ouvre la base de registre :
Démarrer --> Exécuter --> Regedit
dans le menu Edition --> Rechercher
Vérifie que toutes les options sont cochées ( clés, valeurs, données ) et effectue la recherche sur le nom du ficihier.
Quand il aura trouvé la clé, le fichier apparaitra en bleu dans la partie droite.
Ce qui m'intéresse c'est la clé dans laquelle se trouve ce fichier.
regarde dans la partie gauche, il y a un dossier ouvert. Tu fais un clic droit dessus --> Copier le nom de la clé.
Tu me la colles dans ton prochain message.
Tu devrais obtenir quelque chose comme ceci :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
A+
Il me faut vérifier le chemin dans la base de registre de ce fichier : WinUpdating.exe
Ouvre la base de registre :
Démarrer --> Exécuter --> Regedit
dans le menu Edition --> Rechercher
Vérifie que toutes les options sont cochées ( clés, valeurs, données ) et effectue la recherche sur le nom du ficihier.
Quand il aura trouvé la clé, le fichier apparaitra en bleu dans la partie droite.
Ce qui m'intéresse c'est la clé dans laquelle se trouve ce fichier.
regarde dans la partie gauche, il y a un dossier ouvert. Tu fais un clic droit dessus --> Copier le nom de la clé.
Tu me la colles dans ton prochain message.
Tu devrais obtenir quelque chose comme ceci :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
A+
HKEY_CLASSES_ROOT\Applications\regedit.exe
si je me suis pas trompée c ça!
si je me suis pas trompée c ça!
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
10 juil. 2008 à 18:56
10 juil. 2008 à 18:56
Ritchy,
La recherche doit se faire sur le nom de fichier WinUpdating.exe.
Sinon, j'ai oublié de te demander. Antivir se comporte comment.
A+
La recherche doit se faire sur le nom de fichier WinUpdating.exe.
Sinon, j'ai oublié de te demander. Antivir se comporte comment.
A+
trouve pas le fichier........
antivir se calme, y'a moins de fenetres qui s'affichent, enfin pour l'instant!
antivir se calme, y'a moins de fenetres qui s'affichent, enfin pour l'instant!
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
10 juil. 2008 à 19:13
10 juil. 2008 à 19:13
Pourrais-tu me poster un rapport Hijackthis ?
Je poste le script de désinfection dans une demi-heure ?
A+
Je poste le script de désinfection dans une demi-heure ?
A+
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
Scan saved at 19:14, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
10 juil. 2008 à 19:33
10 juil. 2008 à 19:33
1) fermes ton navigateur.
Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O20 - AppInit_DLLs: pxxkiixs.dll
Tu choisis l'option " Fixchecked" en bas de la page.
2) Ouvre le bloc-notes et sélectionne le texte suivant.
Copie/colle ce texte dans le bloc-notes.
Enregistre le fichier sur le bureau et nomme-le CFScript.txt.
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
File::
C:\WINDOWS\system32\WinUpdating.exe
C:\WINDOWS\system32\pwjwqucf.tmp
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\Program Files\^^clip3_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\$$003.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$001.mpg
C:\Program Files\3.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\Program Files\dream2.mpg
C:\Program Files\dream1.mpg
C:\Program Files\2.mpg
C:\Program Files\4_9.wmv
C:\Program Files\3_10.wmv
C:\Program Files\2_11.wmv
C:\Program Files\1_11.wmv
C:\Program Files\3_12.mpg
C:\Program Files\4_2.mpg
C:\Program Files\1_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\3_11.mpg
C:\Program Files\2_16.mpg
C:\Program Files\1_15.mpg
C:\Program Files\2_15.mpg
C:\Program Files\[u]0/u003.mpg
C:\Program Files\2_14.mpg
C:\Program Files\3_10.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_13.mpg
C:\Program Files\2_13.mpg
C:\Program Files\3_9.mpg
C:\Program Files\4_1.mpg
C:\Program Files\1_12.mpg
C:\Program Files\2_12.mpg
C:\Program Files\3_8.mpg
C:\Program Files\2_11.mpg
C:\Program Files\1_11.mpg
C:\Program Files\2_10.mpg
C:\Program Files\1_10.mpg
C:\Program Files\[u]0/u3_9.mpg
C:\Program Files\[u]0/u1_10.mpg
C:\Program Files\[u]0/u2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\3_9.wmv
C:\Program Files\1_10.wmv
C:\Program Files\4_8.wmv
C:\Program Files\3_7.mpg
C:\Program Files\1_9.mpg
C:\Program Files\2_9.mpg
C:\Program Files\2_8.mpg
C:\Program Files\1_8.mpg
C:\Program Files\[u]0/u2_9.mpg
C:\Program Files\[u]0/u3_8.mpg
C:\Program Files\[u]0/u2_8.mpg
C:\Program Files\[u]0/u001_2.mpg
C:\Program Files\[u]0/u002_2.mpg
C:\Program Files\2_7.mpg
C:\Program Files\1_7.mpg
C:\Program Files\[u]0/u3_6.mpg
C:\Program Files\4_7.wmv
C:\Program Files\3_8.wmv
C:\Program Files\1_9.wmv
C:\Program Files\2_9.wmv
C:\Program Files\1_8.wmv
C:\Program Files\2_8.wmv
C:\Program Files\4_6.wmv
C:\Program Files\3_7.wmv
C:\Program Files\[u]0/u3_5.mpg
C:\Program Files\[u]0/u2_6.mpg
C:\Program Files\[u]0/u1_6.mpg
C:\Program Files\3_6.mpg
C:\Program Files\2_6.mpg
C:\Program Files\1_6.mpg
C:\Program Files\[u]0/u3_4.mpg
C:\Program Files\[u]0/u4_2.mpg
C:\Program Files\3_5.mpg
C:\Program Files\2_5.mpg
C:\Program Files\1_5.mpg
C:\Program Files\[u]0/u3_3.mpg
C:\Program Files\[u]0/u2_4.mpg
C:\Program Files\[u]0/u1_4.mpg
Vérifie que l'icone de Combofix se trouve également sur le bureau, sinon, tu relécharges combofix et tu l'enregistres aussi sur le bureau.
Glisse/dépose le script sur ComBoFix. Tu suis les invites.
Ton bureau va disparaître à plusieurs reprises. Normal.
Une fois le scan achevé, tu enregistres le rapport et tu le postes avec un rapport Hijackthis.
A+
Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O20 - AppInit_DLLs: pxxkiixs.dll
Tu choisis l'option " Fixchecked" en bas de la page.
2) Ouvre le bloc-notes et sélectionne le texte suivant.
Copie/colle ce texte dans le bloc-notes.
Enregistre le fichier sur le bureau et nomme-le CFScript.txt.
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
File::
C:\WINDOWS\system32\WinUpdating.exe
C:\WINDOWS\system32\pwjwqucf.tmp
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\Program Files\^^clip3_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\$$003.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$001.mpg
C:\Program Files\3.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\Program Files\dream2.mpg
C:\Program Files\dream1.mpg
C:\Program Files\2.mpg
C:\Program Files\4_9.wmv
C:\Program Files\3_10.wmv
C:\Program Files\2_11.wmv
C:\Program Files\1_11.wmv
C:\Program Files\3_12.mpg
C:\Program Files\4_2.mpg
C:\Program Files\1_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\3_11.mpg
C:\Program Files\2_16.mpg
C:\Program Files\1_15.mpg
C:\Program Files\2_15.mpg
C:\Program Files\[u]0/u003.mpg
C:\Program Files\2_14.mpg
C:\Program Files\3_10.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_13.mpg
C:\Program Files\2_13.mpg
C:\Program Files\3_9.mpg
C:\Program Files\4_1.mpg
C:\Program Files\1_12.mpg
C:\Program Files\2_12.mpg
C:\Program Files\3_8.mpg
C:\Program Files\2_11.mpg
C:\Program Files\1_11.mpg
C:\Program Files\2_10.mpg
C:\Program Files\1_10.mpg
C:\Program Files\[u]0/u3_9.mpg
C:\Program Files\[u]0/u1_10.mpg
C:\Program Files\[u]0/u2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\3_9.wmv
C:\Program Files\1_10.wmv
C:\Program Files\4_8.wmv
C:\Program Files\3_7.mpg
C:\Program Files\1_9.mpg
C:\Program Files\2_9.mpg
C:\Program Files\2_8.mpg
C:\Program Files\1_8.mpg
C:\Program Files\[u]0/u2_9.mpg
C:\Program Files\[u]0/u3_8.mpg
C:\Program Files\[u]0/u2_8.mpg
C:\Program Files\[u]0/u001_2.mpg
C:\Program Files\[u]0/u002_2.mpg
C:\Program Files\2_7.mpg
C:\Program Files\1_7.mpg
C:\Program Files\[u]0/u3_6.mpg
C:\Program Files\4_7.wmv
C:\Program Files\3_8.wmv
C:\Program Files\1_9.wmv
C:\Program Files\2_9.wmv
C:\Program Files\1_8.wmv
C:\Program Files\2_8.wmv
C:\Program Files\4_6.wmv
C:\Program Files\3_7.wmv
C:\Program Files\[u]0/u3_5.mpg
C:\Program Files\[u]0/u2_6.mpg
C:\Program Files\[u]0/u1_6.mpg
C:\Program Files\3_6.mpg
C:\Program Files\2_6.mpg
C:\Program Files\1_6.mpg
C:\Program Files\[u]0/u3_4.mpg
C:\Program Files\[u]0/u4_2.mpg
C:\Program Files\3_5.mpg
C:\Program Files\2_5.mpg
C:\Program Files\1_5.mpg
C:\Program Files\[u]0/u3_3.mpg
C:\Program Files\[u]0/u2_4.mpg
C:\Program Files\[u]0/u1_4.mpg
Vérifie que l'icone de Combofix se trouve également sur le bureau, sinon, tu relécharges combofix et tu l'enregistres aussi sur le bureau.
Glisse/dépose le script sur ComBoFix. Tu suis les invites.
Ton bureau va disparaître à plusieurs reprises. Normal.
Une fois le scan achevé, tu enregistres le rapport et tu le postes avec un rapport Hijackthis.
A+
ComboFix 08-07-09.5 - RYCHIE 2008-07-10 19:40:47.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
Endroit: C:\Documents and Settings\RYCHIE\Bureau\claire\ComboFix.exe
Command switches used :: C:\Documents and Settings\RYCHIE\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Program Files\$$001.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$003.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\[u]0/u001_2.mpg
C:\Program Files\[u]0/u002_2.mpg
C:\Program Files\[u]0/u003.mpg
C:\Program Files\[u]0/u1_10.mpg
C:\Program Files\[u]0/u1_4.mpg
C:\Program Files\[u]0/u1_6.mpg
C:\Program Files\[u]0/u2_10.mpg
C:\Program Files\[u]0/u2_4.mpg
C:\Program Files\[u]0/u2_6.mpg
C:\Program Files\[u]0/u2_8.mpg
C:\Program Files\[u]0/u2_9.mpg
C:\Program Files\[u]0/u3_3.mpg
C:\Program Files\[u]0/u3_4.mpg
C:\Program Files\[u]0/u3_5.mpg
C:\Program Files\[u]0/u3_6.mpg
C:\Program Files\[u]0/u3_8.mpg
C:\Program Files\[u]0/u3_9.mpg
C:\Program Files\[u]0/u4_2.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip3_1.mpg
C:\Program Files\1_10.mpg
C:\Program Files\1_10.wmv
C:\Program Files\1_11.mpg
C:\Program Files\1_11.wmv
C:\Program Files\1_12.mpg
C:\Program Files\1_13.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_15.mpg
C:\Program Files\1_16.mpg
C:\Program Files\1_5.mpg
C:\Program Files\1_6.mpg
C:\Program Files\1_7.mpg
C:\Program Files\1_8.mpg
C:\Program Files\1_8.wmv
C:\Program Files\1_9.mpg
C:\Program Files\1_9.wmv
C:\Program Files\2.mpg
C:\Program Files\2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\2_11.mpg
C:\Program Files\2_11.wmv
C:\Program Files\2_12.mpg
C:\Program Files\2_13.mpg
C:\Program Files\2_14.mpg
C:\Program Files\2_15.mpg
C:\Program Files\2_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\2_5.mpg
C:\Program Files\2_6.mpg
C:\Program Files\2_7.mpg
C:\Program Files\2_8.mpg
C:\Program Files\2_8.wmv
C:\Program Files\2_9.mpg
C:\Program Files\2_9.wmv
C:\Program Files\3.mpg
C:\Program Files\3_10.mpg
C:\Program Files\3_10.wmv
C:\Program Files\3_11.mpg
C:\Program Files\3_12.mpg
C:\Program Files\3_5.mpg
C:\Program Files\3_6.mpg
C:\Program Files\3_7.mpg
C:\Program Files\3_7.wmv
C:\Program Files\3_8.mpg
C:\Program Files\3_8.wmv
C:\Program Files\3_9.mpg
C:\Program Files\3_9.wmv
C:\Program Files\4_1.mpg
C:\Program Files\4_2.mpg
C:\Program Files\4_6.wmv
C:\Program Files\4_7.wmv
C:\Program Files\4_8.wmv
C:\Program Files\4_9.wmv
C:\Program Files\dream1.mpg
C:\Program Files\dream2.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\pwjwqucf.tmp
C:\WINDOWS\system32\WinUpdating.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\$$001.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$003.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip3_1.mpg
C:\Program Files\1_10.mpg
C:\Program Files\1_10.wmv
C:\Program Files\1_11.mpg
C:\Program Files\1_11.wmv
C:\Program Files\1_12.mpg
C:\Program Files\1_13.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_15.mpg
C:\Program Files\1_16.mpg
C:\Program Files\1_5.mpg
C:\Program Files\1_6.mpg
C:\Program Files\1_7.mpg
C:\Program Files\1_8.mpg
C:\Program Files\1_8.wmv
C:\Program Files\1_9.mpg
C:\Program Files\1_9.wmv
C:\Program Files\2.mpg
C:\Program Files\2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\2_11.mpg
C:\Program Files\2_11.wmv
C:\Program Files\2_12.mpg
C:\Program Files\2_13.mpg
C:\Program Files\2_14.mpg
C:\Program Files\2_15.mpg
C:\Program Files\2_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\2_5.mpg
C:\Program Files\2_6.mpg
C:\Program Files\2_7.mpg
C:\Program Files\2_8.mpg
C:\Program Files\2_8.wmv
C:\Program Files\2_9.mpg
C:\Program Files\2_9.wmv
C:\Program Files\3.mpg
C:\Program Files\3_10.mpg
C:\Program Files\3_10.wmv
C:\Program Files\3_11.mpg
C:\Program Files\3_12.mpg
C:\Program Files\3_5.mpg
C:\Program Files\3_6.mpg
C:\Program Files\3_7.mpg
C:\Program Files\3_7.wmv
C:\Program Files\3_8.mpg
C:\Program Files\3_8.wmv
C:\Program Files\3_9.mpg
C:\Program Files\3_9.wmv
C:\Program Files\4_1.mpg
C:\Program Files\4_2.mpg
C:\Program Files\4_6.wmv
C:\Program Files\4_7.wmv
C:\Program Files\4_8.wmv
C:\Program Files\4_9.wmv
C:\Program Files\dream1.mpg
C:\Program Files\dream2.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\WINDOWS\BMb760cbaf.xml
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\pwjwqucf.tmp
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.
2008-07-10 12:30 . 2008-07-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 12:30 . 2008-07-10 12:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\RYCHIE\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 17:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-09 16:58 . 2008-07-09 17:02 <REP> d-------- C:\Toolbar SD
2008-07-09 16:22 . 2008-07-09 16:22 149 --a------ C:\WINDOWS\wininit.ini
2008-07-09 14:03 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-07-09 14:03 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-07-09 14:02 . 2008-07-09 14:02 <REP> d-------- C:\Program Files\Sunbelt Software
2008-07-09 14:00 . 2008-07-09 14:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 14:00 . 2008-07-09 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Program Files\Avira
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-09 10:36 . 2008-07-09 10:45 <REP> d-------- C:\fixwareout
2008-07-09 10:22 . 2008-07-09 10:22 <REP> d-------- C:\Program Files\Trend Micro
2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 14:24 --------- d-----w C:\Program Files\Safari
2008-07-09 12:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-18 07:42 --------- d-----w C:\Program Files\Apple Software Update
2008-05-17 17:29 6,712 ----a-w C:\Documents and Settings\RYCHIE\Application Data\wklnhst.dat
2008-05-17 09:14 --------- d-----w C:\Program Files\iTunes
2008-05-17 09:14 --------- d-----w C:\Program Files\iPod
2008-05-17 09:12 --------- d-----w C:\Program Files\QuickTime
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-15 18:09 81,920 ----a-w C:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe
2007-12-15 18:09 47,360 ----a-w C:\Documents and Settings\RYCHIE\Application Data\pcouffin.sys
2006-04-29 08:23 1,687,845 ----a-w C:\Program Files\[u]0[/u]003.mpg
2006-04-12 18:24 2,256,900 ----a-w C:\Program Files\[u]0[/u]3_9.mpg
2006-04-12 18:24 2,129,924 ----a-w C:\Program Files\[u]0[/u]1_10.mpg
2006-04-12 18:24 2,109,444 ----a-w C:\Program Files\[u]0[/u]2_10.mpg
2006-04-11 18:03 1,343,492 ----a-w C:\Program Files\[u]0[/u]2_9.mpg
2006-04-11 18:03 1,232,900 ----a-w C:\Program Files\[u]0[/u]3_8.mpg
2006-04-11 17:59 1,220,612 ----a-w C:\Program Files\[u]0[/u]2_8.mpg
2006-04-09 12:10 1,629,124 ----a-w C:\Program Files\[u]0[/u]001_2.mpg
2006-04-09 12:10 1,561,728 ----a-w C:\Program Files\[u]0[/u]002_2.mpg
2006-04-08 12:23 1,255,428 ----a-w C:\Program Files\[u]0[/u]3_6.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]3_5.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]2_6.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]1_6.mpg
2006-04-06 18:14 2,236,420 ----a-w C:\Program Files\[u]0[/u]3_4.mpg
2006-04-06 18:14 2,207,748 ----a-w C:\Program Files\[u]0[/u]4_2.mpg
2006-04-04 18:34 1,220,612 ----a-w C:\Program Files\[u]0[/u]3_3.mpg
2006-04-04 18:34 1,157,124 ----a-w C:\Program Files\[u]0[/u]2_4.mpg
2006-04-04 18:33 1,042,436 ----a-w C:\Program Files\[u]0[/u]1_4.mpg
2006-04-04 18:27 1,719,391 ----a-w C:\Program Files\[u]0[/u]03_1.mpg
2006-04-04 18:27 1,699,359 ----a-w C:\Program Files\[u]0[/u]02_2.mpg
2006-04-04 18:26 1,699,924 ----a-w C:\Program Files\[u]0[/u]01_2.mpg
2006-04-02 16:16 950,858 ----a-w C:\Program Files\[u]0[/u]1_3.wmv
2006-04-02 16:16 921,864 ----a-w C:\Program Files\[u]0[/u]2_3.wmv
2006-04-02 16:16 829,058 ----a-w C:\Program Files\[u]0[/u]3_3.wmv
2006-04-02 16:16 782,652 ----a-w C:\Program Files\[u]0[/u]4_3.wmv
2006-04-02 16:13 921,953 ----a-w C:\Program Files\2_4.mpg
2006-04-02 16:13 921,937 ----a-w C:\Program Files\1_4.mpg
2006-04-02 16:13 857,128 ----a-w C:\Program Files\4.mpg
2006-04-02 16:13 857,007 ----a-w C:\Program Files\3_4.mpg
2006-03-31 20:48 1,507,072 ----a-w C:\Program Files\1_7.wmv
2006-03-31 20:48 1,491,072 ----a-w C:\Program Files\2_7.wmv
2006-03-31 18:56 1,783,209 ----a-w C:\Program Files\[u]0[/u]3_2.mpg
2006-03-31 18:55 1,895,578 ----a-w C:\Program Files\[u]0[/u]2_3.mpg
2006-03-31 18:55 1,820,407 ----a-w C:\Program Files\[u]0[/u]1_3.mpg
2006-03-31 18:55 1,769,544 ----a-w C:\Program Files\[u]0[/u]4_1.mpg
2006-03-31 18:46 564,676 ----a-w C:\Program Files\2_6.wmv
2006-03-31 18:46 545,904 ----a-w C:\Program Files\3_6.wmv
2006-03-31 18:46 525,682 ----a-w C:\Program Files\1_6.wmv
2006-03-31 18:46 514,136 ----a-w C:\Program Files\4_5.wmv
2006-03-31 18:44 2,381,564 ----a-w C:\Program Files\4_4.wmv
2006-03-31 18:44 2,373,564 ----a-w C:\Program Files\3_5.wmv
2006-03-31 18:43 2,389,564 ----a-w C:\Program Files\2_5.wmv
2006-03-31 18:43 2,373,564 ----a-w C:\Program Files\1_5.wmv
2006-03-31 18:41 1,564,254 ----a-w C:\Program Files\2_3.mpg
2006-03-31 18:41 1,557,429 ----a-w C:\Program Files\3_3.mpg
2006-03-31 18:39 1,563,655 ----a-w C:\Program Files\1_3.mpg
2006-03-31 18:27 1,669,124 ----a-w C:\Program Files\[u]0[/u]3_1.mpg
2006-03-31 18:27 1,626,116 ----a-w C:\Program Files\[u]0[/u]4.mpg
2006-03-31 18:27 1,601,540 ----a-w C:\Program Files\[u]0[/u]2_2.mpg
2006-03-31 18:27 1,568,772 ----a-w C:\Program Files\[u]0[/u]1_2.mpg
2006-03-30 19:37 1,378,374 ----a-w C:\Program Files\2_4.wmv
2006-03-30 19:37 1,072,274 ----a-w C:\Program Files\4_3.wmv
2006-03-30 19:37 1,057,792 ----a-w C:\Program Files\3_4.wmv
2006-03-30 19:37 1,052,072 ----a-w C:\Program Files\1_4.wmv
2006-03-30 19:06 884,463 ----a-w C:\Program Files\1_3.wmv
2006-03-30 19:05 872,863 ----a-w C:\Program Files\4_2.wmv
2006-03-30 19:05 872,863 ----a-w C:\Program Files\3_3.wmv
2006-03-30 19:05 1,035,263 ----a-w C:\Program Files\2_3.wmv
2006-03-30 18:46 939,270 ----a-w C:\Program Files\[u]0[/u]3_2.wmv
2006-03-30 18:46 921,864 ----a-w C:\Program Files\[u]0[/u]4_2.wmv
2006-03-30 18:46 916,064 ----a-w C:\Program Files\[u]0[/u]1_2.wmv
2006-03-30 18:46 852,264 ----a-w C:\Program Files\[u]0[/u]2_2.wmv
2006-03-30 18:21 1,552,388 ----a-w C:\Program Files\1_2.mpg
2006-03-30 18:20 1,546,244 ----a-w C:\Program Files\2_2.mpg
2006-03-30 18:20 1,333,252 ----a-w C:\Program Files\3_2.mpg
2006-03-30 18:01 1,081,685 ----a-w C:\Program Files\1_2.wmv
2006-03-30 18:01 1,075,885 ----a-w C:\Program Files\4_1.wmv
2006-03-30 18:01 1,064,285 ----a-w C:\Program Files\3_2.wmv
2006-03-30 18:00 1,035,285 ----a-w C:\Program Files\2_2.wmv
2006-03-30 17:47 884,740 ----a-w C:\Program Files\3_1.mpg
2006-03-30 17:41 1,099,075 ----a-w C:\Program Files\4.wmv
2006-03-30 17:40 1,000,475 ----a-w C:\Program Files\3_1.wmv
2006-03-30 17:39 988,875 ----a-w C:\Program Files\1_1.wmv
2006-03-30 17:39 2,241,075 ----a-w C:\Program Files\[u]0[/u]02_1.mpg
2006-03-30 17:39 1,000,475 ----a-w C:\Program Files\2_1.wmv
2006-03-30 17:29 1,841,156 ----a-w C:\Program Files\[u]0[/u]02.mpg
2006-03-28 18:57 962,470 ----a-w C:\Program Files\[u]0[/u]4_1.wmv
2006-03-24 19:33 2,054,148 ----a-w C:\Program Files\1.mpg
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-10-14 09:55 3335944]
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 16:53 607232]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
S3 PRISM_USB;Prism Mini USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2002-02-24 22:39]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-09 12:38:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 19:46:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-07-10 19:50:14
ComboFix-quarantined-files.txt 2008-07-10 17:49:07
ComboFix2.txt 2008-07-10 10:57:17
Pre-Run: 5,727,092,736 octets libres
Post-Run: 5,736,017,920 octets libres
368 --- E O F --- 2008-07-10 10:25:56
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
Endroit: C:\Documents and Settings\RYCHIE\Bureau\claire\ComboFix.exe
Command switches used :: C:\Documents and Settings\RYCHIE\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
FILE ::
C:\Program Files\$$001.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$003.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\[u]0/u001_2.mpg
C:\Program Files\[u]0/u002_2.mpg
C:\Program Files\[u]0/u003.mpg
C:\Program Files\[u]0/u1_10.mpg
C:\Program Files\[u]0/u1_4.mpg
C:\Program Files\[u]0/u1_6.mpg
C:\Program Files\[u]0/u2_10.mpg
C:\Program Files\[u]0/u2_4.mpg
C:\Program Files\[u]0/u2_6.mpg
C:\Program Files\[u]0/u2_8.mpg
C:\Program Files\[u]0/u2_9.mpg
C:\Program Files\[u]0/u3_3.mpg
C:\Program Files\[u]0/u3_4.mpg
C:\Program Files\[u]0/u3_5.mpg
C:\Program Files\[u]0/u3_6.mpg
C:\Program Files\[u]0/u3_8.mpg
C:\Program Files\[u]0/u3_9.mpg
C:\Program Files\[u]0/u4_2.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip3_1.mpg
C:\Program Files\1_10.mpg
C:\Program Files\1_10.wmv
C:\Program Files\1_11.mpg
C:\Program Files\1_11.wmv
C:\Program Files\1_12.mpg
C:\Program Files\1_13.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_15.mpg
C:\Program Files\1_16.mpg
C:\Program Files\1_5.mpg
C:\Program Files\1_6.mpg
C:\Program Files\1_7.mpg
C:\Program Files\1_8.mpg
C:\Program Files\1_8.wmv
C:\Program Files\1_9.mpg
C:\Program Files\1_9.wmv
C:\Program Files\2.mpg
C:\Program Files\2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\2_11.mpg
C:\Program Files\2_11.wmv
C:\Program Files\2_12.mpg
C:\Program Files\2_13.mpg
C:\Program Files\2_14.mpg
C:\Program Files\2_15.mpg
C:\Program Files\2_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\2_5.mpg
C:\Program Files\2_6.mpg
C:\Program Files\2_7.mpg
C:\Program Files\2_8.mpg
C:\Program Files\2_8.wmv
C:\Program Files\2_9.mpg
C:\Program Files\2_9.wmv
C:\Program Files\3.mpg
C:\Program Files\3_10.mpg
C:\Program Files\3_10.wmv
C:\Program Files\3_11.mpg
C:\Program Files\3_12.mpg
C:\Program Files\3_5.mpg
C:\Program Files\3_6.mpg
C:\Program Files\3_7.mpg
C:\Program Files\3_7.wmv
C:\Program Files\3_8.mpg
C:\Program Files\3_8.wmv
C:\Program Files\3_9.mpg
C:\Program Files\3_9.wmv
C:\Program Files\4_1.mpg
C:\Program Files\4_2.mpg
C:\Program Files\4_6.wmv
C:\Program Files\4_7.wmv
C:\Program Files\4_8.wmv
C:\Program Files\4_9.wmv
C:\Program Files\dream1.mpg
C:\Program Files\dream2.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\pwjwqucf.tmp
C:\WINDOWS\system32\WinUpdating.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\$$001.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$003.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip3_1.mpg
C:\Program Files\1_10.mpg
C:\Program Files\1_10.wmv
C:\Program Files\1_11.mpg
C:\Program Files\1_11.wmv
C:\Program Files\1_12.mpg
C:\Program Files\1_13.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_15.mpg
C:\Program Files\1_16.mpg
C:\Program Files\1_5.mpg
C:\Program Files\1_6.mpg
C:\Program Files\1_7.mpg
C:\Program Files\1_8.mpg
C:\Program Files\1_8.wmv
C:\Program Files\1_9.mpg
C:\Program Files\1_9.wmv
C:\Program Files\2.mpg
C:\Program Files\2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\2_11.mpg
C:\Program Files\2_11.wmv
C:\Program Files\2_12.mpg
C:\Program Files\2_13.mpg
C:\Program Files\2_14.mpg
C:\Program Files\2_15.mpg
C:\Program Files\2_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\2_5.mpg
C:\Program Files\2_6.mpg
C:\Program Files\2_7.mpg
C:\Program Files\2_8.mpg
C:\Program Files\2_8.wmv
C:\Program Files\2_9.mpg
C:\Program Files\2_9.wmv
C:\Program Files\3.mpg
C:\Program Files\3_10.mpg
C:\Program Files\3_10.wmv
C:\Program Files\3_11.mpg
C:\Program Files\3_12.mpg
C:\Program Files\3_5.mpg
C:\Program Files\3_6.mpg
C:\Program Files\3_7.mpg
C:\Program Files\3_7.wmv
C:\Program Files\3_8.mpg
C:\Program Files\3_8.wmv
C:\Program Files\3_9.mpg
C:\Program Files\3_9.wmv
C:\Program Files\4_1.mpg
C:\Program Files\4_2.mpg
C:\Program Files\4_6.wmv
C:\Program Files\4_7.wmv
C:\Program Files\4_8.wmv
C:\Program Files\4_9.wmv
C:\Program Files\dream1.mpg
C:\Program Files\dream2.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\WINDOWS\BMb760cbaf.xml
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\pwjwqucf.tmp
.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.
2008-07-10 12:30 . 2008-07-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 12:30 . 2008-07-10 12:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\RYCHIE\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 17:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-09 16:58 . 2008-07-09 17:02 <REP> d-------- C:\Toolbar SD
2008-07-09 16:22 . 2008-07-09 16:22 149 --a------ C:\WINDOWS\wininit.ini
2008-07-09 14:03 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-07-09 14:03 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-07-09 14:02 . 2008-07-09 14:02 <REP> d-------- C:\Program Files\Sunbelt Software
2008-07-09 14:00 . 2008-07-09 14:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 14:00 . 2008-07-09 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Program Files\Avira
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-09 10:36 . 2008-07-09 10:45 <REP> d-------- C:\fixwareout
2008-07-09 10:22 . 2008-07-09 10:22 <REP> d-------- C:\Program Files\Trend Micro
2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 14:24 --------- d-----w C:\Program Files\Safari
2008-07-09 12:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-18 07:42 --------- d-----w C:\Program Files\Apple Software Update
2008-05-17 17:29 6,712 ----a-w C:\Documents and Settings\RYCHIE\Application Data\wklnhst.dat
2008-05-17 09:14 --------- d-----w C:\Program Files\iTunes
2008-05-17 09:14 --------- d-----w C:\Program Files\iPod
2008-05-17 09:12 --------- d-----w C:\Program Files\QuickTime
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-15 18:09 81,920 ----a-w C:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe
2007-12-15 18:09 47,360 ----a-w C:\Documents and Settings\RYCHIE\Application Data\pcouffin.sys
2006-04-29 08:23 1,687,845 ----a-w C:\Program Files\[u]0[/u]003.mpg
2006-04-12 18:24 2,256,900 ----a-w C:\Program Files\[u]0[/u]3_9.mpg
2006-04-12 18:24 2,129,924 ----a-w C:\Program Files\[u]0[/u]1_10.mpg
2006-04-12 18:24 2,109,444 ----a-w C:\Program Files\[u]0[/u]2_10.mpg
2006-04-11 18:03 1,343,492 ----a-w C:\Program Files\[u]0[/u]2_9.mpg
2006-04-11 18:03 1,232,900 ----a-w C:\Program Files\[u]0[/u]3_8.mpg
2006-04-11 17:59 1,220,612 ----a-w C:\Program Files\[u]0[/u]2_8.mpg
2006-04-09 12:10 1,629,124 ----a-w C:\Program Files\[u]0[/u]001_2.mpg
2006-04-09 12:10 1,561,728 ----a-w C:\Program Files\[u]0[/u]002_2.mpg
2006-04-08 12:23 1,255,428 ----a-w C:\Program Files\[u]0[/u]3_6.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]3_5.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]2_6.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0[/u]1_6.mpg
2006-04-06 18:14 2,236,420 ----a-w C:\Program Files\[u]0[/u]3_4.mpg
2006-04-06 18:14 2,207,748 ----a-w C:\Program Files\[u]0[/u]4_2.mpg
2006-04-04 18:34 1,220,612 ----a-w C:\Program Files\[u]0[/u]3_3.mpg
2006-04-04 18:34 1,157,124 ----a-w C:\Program Files\[u]0[/u]2_4.mpg
2006-04-04 18:33 1,042,436 ----a-w C:\Program Files\[u]0[/u]1_4.mpg
2006-04-04 18:27 1,719,391 ----a-w C:\Program Files\[u]0[/u]03_1.mpg
2006-04-04 18:27 1,699,359 ----a-w C:\Program Files\[u]0[/u]02_2.mpg
2006-04-04 18:26 1,699,924 ----a-w C:\Program Files\[u]0[/u]01_2.mpg
2006-04-02 16:16 950,858 ----a-w C:\Program Files\[u]0[/u]1_3.wmv
2006-04-02 16:16 921,864 ----a-w C:\Program Files\[u]0[/u]2_3.wmv
2006-04-02 16:16 829,058 ----a-w C:\Program Files\[u]0[/u]3_3.wmv
2006-04-02 16:16 782,652 ----a-w C:\Program Files\[u]0[/u]4_3.wmv
2006-04-02 16:13 921,953 ----a-w C:\Program Files\2_4.mpg
2006-04-02 16:13 921,937 ----a-w C:\Program Files\1_4.mpg
2006-04-02 16:13 857,128 ----a-w C:\Program Files\4.mpg
2006-04-02 16:13 857,007 ----a-w C:\Program Files\3_4.mpg
2006-03-31 20:48 1,507,072 ----a-w C:\Program Files\1_7.wmv
2006-03-31 20:48 1,491,072 ----a-w C:\Program Files\2_7.wmv
2006-03-31 18:56 1,783,209 ----a-w C:\Program Files\[u]0[/u]3_2.mpg
2006-03-31 18:55 1,895,578 ----a-w C:\Program Files\[u]0[/u]2_3.mpg
2006-03-31 18:55 1,820,407 ----a-w C:\Program Files\[u]0[/u]1_3.mpg
2006-03-31 18:55 1,769,544 ----a-w C:\Program Files\[u]0[/u]4_1.mpg
2006-03-31 18:46 564,676 ----a-w C:\Program Files\2_6.wmv
2006-03-31 18:46 545,904 ----a-w C:\Program Files\3_6.wmv
2006-03-31 18:46 525,682 ----a-w C:\Program Files\1_6.wmv
2006-03-31 18:46 514,136 ----a-w C:\Program Files\4_5.wmv
2006-03-31 18:44 2,381,564 ----a-w C:\Program Files\4_4.wmv
2006-03-31 18:44 2,373,564 ----a-w C:\Program Files\3_5.wmv
2006-03-31 18:43 2,389,564 ----a-w C:\Program Files\2_5.wmv
2006-03-31 18:43 2,373,564 ----a-w C:\Program Files\1_5.wmv
2006-03-31 18:41 1,564,254 ----a-w C:\Program Files\2_3.mpg
2006-03-31 18:41 1,557,429 ----a-w C:\Program Files\3_3.mpg
2006-03-31 18:39 1,563,655 ----a-w C:\Program Files\1_3.mpg
2006-03-31 18:27 1,669,124 ----a-w C:\Program Files\[u]0[/u]3_1.mpg
2006-03-31 18:27 1,626,116 ----a-w C:\Program Files\[u]0[/u]4.mpg
2006-03-31 18:27 1,601,540 ----a-w C:\Program Files\[u]0[/u]2_2.mpg
2006-03-31 18:27 1,568,772 ----a-w C:\Program Files\[u]0[/u]1_2.mpg
2006-03-30 19:37 1,378,374 ----a-w C:\Program Files\2_4.wmv
2006-03-30 19:37 1,072,274 ----a-w C:\Program Files\4_3.wmv
2006-03-30 19:37 1,057,792 ----a-w C:\Program Files\3_4.wmv
2006-03-30 19:37 1,052,072 ----a-w C:\Program Files\1_4.wmv
2006-03-30 19:06 884,463 ----a-w C:\Program Files\1_3.wmv
2006-03-30 19:05 872,863 ----a-w C:\Program Files\4_2.wmv
2006-03-30 19:05 872,863 ----a-w C:\Program Files\3_3.wmv
2006-03-30 19:05 1,035,263 ----a-w C:\Program Files\2_3.wmv
2006-03-30 18:46 939,270 ----a-w C:\Program Files\[u]0[/u]3_2.wmv
2006-03-30 18:46 921,864 ----a-w C:\Program Files\[u]0[/u]4_2.wmv
2006-03-30 18:46 916,064 ----a-w C:\Program Files\[u]0[/u]1_2.wmv
2006-03-30 18:46 852,264 ----a-w C:\Program Files\[u]0[/u]2_2.wmv
2006-03-30 18:21 1,552,388 ----a-w C:\Program Files\1_2.mpg
2006-03-30 18:20 1,546,244 ----a-w C:\Program Files\2_2.mpg
2006-03-30 18:20 1,333,252 ----a-w C:\Program Files\3_2.mpg
2006-03-30 18:01 1,081,685 ----a-w C:\Program Files\1_2.wmv
2006-03-30 18:01 1,075,885 ----a-w C:\Program Files\4_1.wmv
2006-03-30 18:01 1,064,285 ----a-w C:\Program Files\3_2.wmv
2006-03-30 18:00 1,035,285 ----a-w C:\Program Files\2_2.wmv
2006-03-30 17:47 884,740 ----a-w C:\Program Files\3_1.mpg
2006-03-30 17:41 1,099,075 ----a-w C:\Program Files\4.wmv
2006-03-30 17:40 1,000,475 ----a-w C:\Program Files\3_1.wmv
2006-03-30 17:39 988,875 ----a-w C:\Program Files\1_1.wmv
2006-03-30 17:39 2,241,075 ----a-w C:\Program Files\[u]0[/u]02_1.mpg
2006-03-30 17:39 1,000,475 ----a-w C:\Program Files\2_1.wmv
2006-03-30 17:29 1,841,156 ----a-w C:\Program Files\[u]0[/u]02.mpg
2006-03-28 18:57 962,470 ----a-w C:\Program Files\[u]0[/u]4_1.wmv
2006-03-24 19:33 2,054,148 ----a-w C:\Program Files\1.mpg
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-10-14 09:55 3335944]
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 16:53 607232]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
S3 PRISM_USB;Prism Mini USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2002-02-24 22:39]
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-09 12:38:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 19:46:54
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
**************************************************************************
.
Temps d'accomplissement: 2008-07-10 19:50:14
ComboFix-quarantined-files.txt 2008-07-10 17:49:07
ComboFix2.txt 2008-07-10 10:57:17
Pre-Run: 5,727,092,736 octets libres
Post-Run: 5,736,017,920 octets libres
368 --- E O F --- 2008-07-10 10:25:56
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
10 juil. 2008 à 20:48
10 juil. 2008 à 20:48
Ritchy,
Tous les fichiers n'ont pas été supprimés.
Je vais te demander, provisoirement ( après tu fais ce que tu veux ) de ne surtout pas télécharger via le P2P.
Tu désactives Shareaza le temps qu'on termine le travail.
J'ai une autre analyse à faire.
Pendant ce temps, on va s'occuper des barres d'outils.
Télécharge Toolbar-S&D sur ton Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue puis valide.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Copie/colle le contenu du rapport situé dans C:\TB.txt .
A+
Tous les fichiers n'ont pas été supprimés.
Je vais te demander, provisoirement ( après tu fais ce que tu veux ) de ne surtout pas télécharger via le P2P.
Tu désactives Shareaza le temps qu'on termine le travail.
J'ai une autre analyse à faire.
Pendant ce temps, on va s'occuper des barres d'outils.
Télécharge Toolbar-S&D sur ton Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue puis valide.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Copie/colle le contenu du rapport situé dans C:\TB.txt .
A+
-----------\\ ToolBar S&D 1.0.3 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : RYCHIE ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 10/07/2008 | 21:21:23,79 ] [ PC : RWIFI ]
[ MAJ : 08-07-2008 | 22:24 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\SrchAstt
C:\DOCUME~1\RYCHIE\LOCALS~1\TEMPOR~1\content.IE5\MYQGPFTT\B2884847[1].htm
-----------\\ [HKCU\..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
-----------\\ Fin du rapport a 21:22:53,45
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : RYCHIE ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 10/07/2008 | 21:21:23,79 ] [ PC : RWIFI ]
[ MAJ : 08-07-2008 | 22:24 ]
-----------\\ Recherche de Fichiers / Dossiers ...
C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\SrchAstt
C:\DOCUME~1\RYCHIE\LOCALS~1\TEMPOR~1\content.IE5\MYQGPFTT\B2884847[1].htm
-----------\\ [HKCU\..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
-----------\\ Fin du rapport a 21:22:53,45
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
10 juil. 2008 à 21:26
10 juil. 2008 à 21:26
Relance Toolbar-S&D en double-cliquant sur le raccourci.
Tape sur "2" puis valide en appuyant sur "Entrée".
Ne ferme pas la fenêtre lors de la suppression.
Un nouveau rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
Tape sur "2" puis valide en appuyant sur "Entrée".
Ne ferme pas la fenêtre lors de la suppression.
Un nouveau rapport sera généré, poste son contenu ici.
NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
-----------\\ ToolBar S&D 1.0.3 XP/Vista
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : RYCHIE ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
[ 10/07/2008 | 21:37:48,29 ] [ PC : RWIFI ]
[ MAJ : 08-07-2008 | 22:24 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\DOCUME~1\RYCHIE\LOCALS~1\TEMPOR~1\content.IE5\MYQGPFTT\B2884847[1].htm
Supprime! - C:\Program Files\AskTBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [HKCU\..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
-----------\\ Fin du rapport a 21:40:11,39
[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : RYCHIE ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
[ 10/07/2008 | 21:37:48,29 ] [ PC : RWIFI ]
[ MAJ : 08-07-2008 | 22:24 ]
-----------\\ SUPPRESSION
Supprime! - C:\Program Files\AskTBar\bar
Supprime! - C:\Program Files\AskTBar\PopSwatr
Supprime! - C:\Program Files\AskTBar\SrchAstt
Supprime! - C:\DOCUME~1\RYCHIE\LOCALS~1\TEMPOR~1\content.IE5\MYQGPFTT\B2884847[1].htm
Supprime! - C:\Program Files\AskTBar
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [HKCU\..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
-----------\\ Fin du rapport a 21:40:11,39
verni29
Messages postés
6699
Date d'inscription
dimanche 6 juillet 2008
Statut
Contributeur sécurité
Dernière intervention
26 décembre 2016
180
10 juil. 2008 à 21:46
10 juil. 2008 à 21:46
télécharge OtMoveIt
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.
C:\Program Files\[u]0/u003.mpg
C:\Program Files\[u]0/u3_9.mpg
C:\Program Files\[u]0/u1_10.mpg
C:\Program Files\[u]0/u2_10.mpg
C:\Program Files\[u]0/u2_9.mpg
C:\Program Files\[u]0/u3_8.mpg
C:\Program Files\[u]0/u2_8.mpg
C:\Program Files\[u]0/u001_2.mpg
C:\Program Files\[u]0/u002_2.mpg
C:\Program Files\[u]0/u3_6.mpg
C:\Program Files\[u]0/u3_5.mpg
C:\Program Files\[u]0/u2_6.mpg
C:\Program Files\[u]0/u1_6.mpg
C:\Program Files\[u]0/u3_4.mpg
C:\Program Files\[u]0/u4_2.mpg
C:\Program Files\[u]0/u3_3.mpg
C:\Program Files\[u]0/u2_4.mpg
C:\Program Files\[u]0/u1_4.mpg
C:\Program Files\[u]0/u03_1.mpg
C:\Program Files\[u]0/u02_2.mpg
C:\Program Files\[u]0/u01_2.mpg
C:\Program Files\[u]0/u1_3.wmv
C:\Program Files\[u]0/u2_3.wmv
C:\Program Files\[u]0/u3_3.wmv
C:\Program Files\[u]0/u4_3.wmv
C:\Program Files\2_4.mpg
C:\Program Files\1_4.mpg
C:\Program Files\4.mpg
C:\Program Files\3_4.mpg
C:\Program Files\1_7.wmv
C:\Program Files\2_7.wmv
C:\Program Files\[u]0/u3_2.mpg
C:\Program Files\[u]0/u2_3.mpg
C:\Program Files\[u]0/u1_3.mpg
C:\Program Files\[u]0/u4_1.mpg
C:\Program Files\2_6.wmv
C:\Program Files\3_6.wmv
C:\Program Files\1_6.wmv
C:\Program Files\4_5.wmv
C:\Program Files\4_4.wmv
C:\Program Files\3_5.wmv
C:\Program Files\2_5.wmv
C:\Program Files\1_5.wmv
C:\Program Files\2_3.mpg
C:\Program Files\3_3.mpg
C:\Program Files\1_3.mpg
C:\Program Files\[u]0/u3_1.mpg
C:\Program Files\[u]0/u4.mpg
C:\Program Files\[u]0/u2_2.mpg
C:\Program Files\[u]0/u1_2.mpg
C:\Program Files\2_4.wmv
C:\Program Files\4_3.wmv
C:\Program Files\3_4.wmv
C:\Program Files\1_4.wmv
C:\Program Files\1_3.wmv
C:\Program Files\4_2.wmv
C:\Program Files\3_3.wmv
C:\Program Files\2_3.wmv
C:\Program Files\[u]0/u3_2.wmv
C:\Program Files\[u]0/u4_2.wmv
C:\Program Files\[u]0/u1_2.wmv
C:\Program Files\[u]0/u2_2.wmv
C:\Program Files\1_2.mpg
C:\Program Files\2_2.mpg
C:\Program Files\3_2.mpg
C:\Program Files\1_2.wmv
C:\Program Files\4_1.wmv
C:\Program Files\3_2.wmv
C:\Program Files\2_2.wmv
C:\Program Files\3_1.mpg
C:\Program Files\4.wmv
C:\Program Files\3_1.wmv
C:\Program Files\1_1.wmv
C:\Program Files\[u]0/u02_1.mpg
C:\Program Files\2_1.wmv
C:\Program Files\[u]0/u02.mpg
C:\Program Files\[u]0/u4_1.wmv
C:\Program Files\1.mpg
clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Tu postes un rapport Hijackthis, après ca.
Et on fait le point sur les symptomes du PC.
A+
Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste List of Files/Folders to move.
C:\Program Files\[u]0/u003.mpg
C:\Program Files\[u]0/u3_9.mpg
C:\Program Files\[u]0/u1_10.mpg
C:\Program Files\[u]0/u2_10.mpg
C:\Program Files\[u]0/u2_9.mpg
C:\Program Files\[u]0/u3_8.mpg
C:\Program Files\[u]0/u2_8.mpg
C:\Program Files\[u]0/u001_2.mpg
C:\Program Files\[u]0/u002_2.mpg
C:\Program Files\[u]0/u3_6.mpg
C:\Program Files\[u]0/u3_5.mpg
C:\Program Files\[u]0/u2_6.mpg
C:\Program Files\[u]0/u1_6.mpg
C:\Program Files\[u]0/u3_4.mpg
C:\Program Files\[u]0/u4_2.mpg
C:\Program Files\[u]0/u3_3.mpg
C:\Program Files\[u]0/u2_4.mpg
C:\Program Files\[u]0/u1_4.mpg
C:\Program Files\[u]0/u03_1.mpg
C:\Program Files\[u]0/u02_2.mpg
C:\Program Files\[u]0/u01_2.mpg
C:\Program Files\[u]0/u1_3.wmv
C:\Program Files\[u]0/u2_3.wmv
C:\Program Files\[u]0/u3_3.wmv
C:\Program Files\[u]0/u4_3.wmv
C:\Program Files\2_4.mpg
C:\Program Files\1_4.mpg
C:\Program Files\4.mpg
C:\Program Files\3_4.mpg
C:\Program Files\1_7.wmv
C:\Program Files\2_7.wmv
C:\Program Files\[u]0/u3_2.mpg
C:\Program Files\[u]0/u2_3.mpg
C:\Program Files\[u]0/u1_3.mpg
C:\Program Files\[u]0/u4_1.mpg
C:\Program Files\2_6.wmv
C:\Program Files\3_6.wmv
C:\Program Files\1_6.wmv
C:\Program Files\4_5.wmv
C:\Program Files\4_4.wmv
C:\Program Files\3_5.wmv
C:\Program Files\2_5.wmv
C:\Program Files\1_5.wmv
C:\Program Files\2_3.mpg
C:\Program Files\3_3.mpg
C:\Program Files\1_3.mpg
C:\Program Files\[u]0/u3_1.mpg
C:\Program Files\[u]0/u4.mpg
C:\Program Files\[u]0/u2_2.mpg
C:\Program Files\[u]0/u1_2.mpg
C:\Program Files\2_4.wmv
C:\Program Files\4_3.wmv
C:\Program Files\3_4.wmv
C:\Program Files\1_4.wmv
C:\Program Files\1_3.wmv
C:\Program Files\4_2.wmv
C:\Program Files\3_3.wmv
C:\Program Files\2_3.wmv
C:\Program Files\[u]0/u3_2.wmv
C:\Program Files\[u]0/u4_2.wmv
C:\Program Files\[u]0/u1_2.wmv
C:\Program Files\[u]0/u2_2.wmv
C:\Program Files\1_2.mpg
C:\Program Files\2_2.mpg
C:\Program Files\3_2.mpg
C:\Program Files\1_2.wmv
C:\Program Files\4_1.wmv
C:\Program Files\3_2.wmv
C:\Program Files\2_2.wmv
C:\Program Files\3_1.mpg
C:\Program Files\4.wmv
C:\Program Files\3_1.wmv
C:\Program Files\1_1.wmv
C:\Program Files\[u]0/u02_1.mpg
C:\Program Files\2_1.wmv
C:\Program Files\[u]0/u02.mpg
C:\Program Files\[u]0/u4_1.wmv
C:\Program Files\1.mpg
clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.
Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Tu postes un rapport Hijackthis, après ca.
Et on fait le point sur les symptomes du PC.
A+
