vidéo numérique

Posez votre question Format imprimable Liste des forums Aidez-les Statistiques Rechercher Charte Forum Virus-Sécurité

Ordi lent, fenetres intempestives, erreurs

Dernière réponse le 18 jui 2008 à 13:56:16 ritchy, le 9 jui 2008 à 10:16:01

Signaler ce message aux modérateurs

Bonjour,
Depuis quelques temps mon ordi rame, l'acces à internet est long et fastidieux. Des messages d'erreur se multiplient et des fenetres de pubs s'ouvrent à tout va dont certaines me proposent d'analyser gratuitement mon pc.
Comment faire?

Configuration: Windows XP
Internet Explorer 6.0

Meilleures réponses pour « ordi lent, fenetres intempestives, erreurs » dans :

Ordi lent, fenetres publicitaires intempestiv (Résolu) Voir

Ordinateur lent (Résolu) Voir

Ordinateur lent à charger Voir

PC ou ordinateur lent / Windows très lent au démarrage VoirSi l'ordinateur met un temps très long à démarrer, le ralentissement peut provenir d'une des causes suivantes : L'ordinateur ne possède pas assez de mémoire vive : Ajouter de la mémoire Des programmes inutiles sont chargés en mémoire au...

Ordinateur, lent, messages d'erreur, coupures Voir

Ordinateur lent au démarrage (Résolu) Voir

Ordi lent par moment (Résolu) Voir

Bonjour, Ritchie Pour le téléchargement des fichiers, pourrais-tu Lire la suite

Posez votre question Répondre

verni29, le 9 jui 2008 à 10:19:20

Bonjour,
télécharge et installe HijackThis .
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

Choisir « Download Hijackthis Installer »
Après l'installation, un raccourci sera crée sur le bureau. Double-clique dessus pour le lancer.

Choisir l'option Do a system scan and save a logfile.
Le rapport va s'ouvrir. Tu copies/colles le contenu de ce rapport dans ton prochain message

A+

Répondre à verni29

ritchy, le 9 jui 2008 à 10:26:05

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:24:46, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMb760cbaf] Rundll32.exe "C:\WINDOWS\system32\xvwtuovf.dll",s
O4 - HKLM\..\Run: [b453f833] rundll32.exe "C:\WINDOWS\system32\fxtvhuac.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.3 85.255.112.127
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
End of file - 5958 bytes

Répondre à ritchy

verni29, le 9 jui 2008 à 10:35:36

Richy, il y a différentes infections.

On commence par ceci.

Télécharge FixWareout sur ton bureau :

http://downloads.subratam.org/Fixwareout.exe

Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran.
Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)

Répondre à verni29

ritchy, le 9 jui 2008 à 12:16:50

Username "RYCHIE" - 09/07/2008 10:38:24 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
"nameserver"="85.255.114.3 85.255.112.127" <Value cleared.

Cache de résolution DNS vidé.

System was rebooted successfully.

~~~~~ Postrun check
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"PRISMSTA.EXE"="PRISMSTA.EXE START"
"DownloadAccelerator"="\"C:\\Program Files\\DAP\\DAP.EXE\" /STARTUP"
"SpeedOptimizer"="C:\\PROGRA~1\\SPEEDO~1\\SPO.EXE -s "
"NeroFilterCheck"="C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NeroCheck.exe"
"NBKeyScan"="\"C:\\Program Files\\Nero\\Nero8\\Nero BackItUp\\NBKeyScan.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"BMb760cbaf"="Rundll32.exe \"C:\\WINDOWS\\system32\\xvwtuovf.dll\",s"
"b453f833"="rundll32.exe \"C:\\WINDOWS\\system32\\fxtvhuac.dll\",b"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"Shareaza"="\"C:\\Program Files\\Shareaza\\Shareaza.exe\" -tray"
"EPSON Stylus DX4400 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATICAE.EXE /FU \"C:\\WINDOWS\\TEMP\\E_S145.tmp\" /EF \"HKCU\""
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Fichiers communs\\Nero\\Lib\\NMBgMonitor.exe\""
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

Répondre à ritchy

verni29, le 9 jui 2008 à 12:26:20

Ritchy,

1) Pourrais-tu me poster un nouveau rapport Hijackthis pour que je vérifie que cette première infection est nettoyée ?
Je ne te cache pas qu'il y a un peu de travail pour rendre ton ordinateur propre.

2) l y a une chose très importante qu'il faut que tu fasses.
Il n'y a pas de protection sur ton ordinateur. tu dois installer :
- un antivirus
- un parefeu
- un antispyware

Je te mets quelques liens qui te donneront le choix :

Antivirus :

- Antivir :
http://www.malekal.com/tutorial_antivir.php

- AVG :
http://www.commentcamarche.net/telecharger/telecharger 118 avg antivirus free edition

antispyware :

spybot
http://www.malekal.com/tutorial_spybot.html

AVG :
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

Pare-feu :

- Comodo™ Firewall
http://www.personalfirewall.comodo.com/

- Kerio Personal Firewall
http://www.sunbelt-software.com/Kerio-Download.cfm

- PC Tools Firewall Plus
http://www.pctools.com/fr/firewall/

Tu installes ces trois outils et on voit après pour la suite.

A+

Répondre à verni29

ritchy, le 9 jui 2008 à 12:48:41

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:28, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BMb760cbaf] Rundll32.exe "C:\WINDOWS\system32\qqmyqcnw.dll",s
O4 - HKLM\..\Run: [b453f833] rundll32.exe "C:\WINDOWS\system32\rfkkkunn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - HKCU\..\Policies\Explorer\Run: [Windows Printing Driver] WinSpooler.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
End of file - 5685 bytes

j'installe les différents éléments et je vous
recontacte

Répondre à ritchy

verni29, le 9 jui 2008 à 12:57:18

L'outil a bien travaillé.

Tu installes les protections et tu me fais signe quand tu auras terminé.

A+

Répondre à verni29

ritchy, le 9 jui 2008 à 13:38:08

J'ai installée antiniv mais je n'arive pas à virer le fichier TR/Crypt.XPACK.Gen la fenetre revient sans cesse , il est logé dans system32\rfkkunn.dll
comment faire??

Répondre à ritchy

verni29, le 9 jui 2008 à 13:45:49

Antivir est un très bon antivirus ( le plus coté actuellement ) mais dans certains cas, il n'arrive pas à tout nettoyer.
Ce qui est le cas pour toi.

Installe le parefeu et l'antispyware et on voit pour la suite.

Répondre à verni29

ritchy, le 9 jui 2008 à 16:36:00

Bon, j'y suis mais ça fuse de partout, ya des messages qui ne cessent de s'afficher, c'est pénible, ça vient d'antivir et de sunbelt

Répondre à ritchy

verni29, le 9 jui 2008 à 16:43:59

Effectivement, vu que ton ordinateur n'avait pas de protection. :-)

Une fois qu'on aura fini, ça va se calmer.

Télécharge Toolbar-S&D sur ton Bureau :
http://eric.71.mespages.googlepages.com/ToolBarSD.exe

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue puis valide.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Copie/colle le contenu du rapport situé dans C:\TB.txt .

A+

Répondre à verni29

ritchy, le 9 jui 2008 à 17:01:53

Je nettoie l'ordi de mon copain...qui voulait jamais m'écouter et installer tout ce qu'il fallait!

Est-ce normal que ce soient tjs les mêmes fichiers qu'antivir m'indique???

Répondre à ritchy

verni29, le 9 jui 2008 à 17:12:34

Citation :
Est-ce normal que ce soient tjs les mêmes fichiers qu'antivir m'indique???

Oui. Antivir ne doit pas réussier à les nettoyer.
Est-ce vraiment génant pour poursuivre ?
Si oui, on passe aux choses sérieuses et on reviendra sur les barres d'outils.

A+

Répondre à verni29

ritchy, le 9 jui 2008 à 17:17:26

Oui, c'est un peu gênant...les fenetres s'affichent et me bloquent dans ce que je fais

Répondre à ritchy

verni29, le 9 jui 2008 à 17:21:42

OK,

On va passer MlawareBytes en mode sans échec. Cela peut prendre un peu de temps ( 40 mn ou plus ).
Désactive Antivir le temps de la mise à jour de MalwareBytes. tu la réactiveras après.

Tu télécharges MalwareBytes.
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Tu l'installes. Choisis les options par défaut.
A la fin de l’installation, il te sera demandé de mettre à jour MalwareBytes et de l’exécuter .
Ne choisis que la mise à jour. Le logiciel sera lancé en mode sans échec.

Tu relances l'ordinateur en mode sans échec ( touche F8 après redémarrage ).
Tu choisis ton compte utilisateur.

Pour lancer MalwareBytes, double-clique sur le raccourci du bureau.

Dans l’onglet Recherche, sélectionne Exécuter un examen complet.
Clique sur recherche. Tu ne sélectionnes que les disques durs de l’ordinateur.
Clique sur lancer l’examen.

A la fin de la recherche, Comme il est demandé, clique sur afficher les résultats de la recherche.
Choisis alors Supprimer la selection pour nettoyer les infections.
Tu postes le rapport dans ton prochain message, ainsi qu'un nouveau rapport Hijackthis.

A+

Répondre à verni29

ritchy, le 9 jui 2008 à 18:14:56

Rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:06, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll (file missing)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\awtRkLFu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {d149597f-20f6-83d8-0294-195eb0a509be} - {eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O20 - Winlogon Notify: awtRkLFu - C:\WINDOWS\SYSTEM32\awtRkLFu.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
End of file - 7752 bytes

je me rends compte que j'ai fait un exam rapide...je te poste le rapport dis-moi s'il faut en faire un complet qd mm

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 934
Windows 5.1.2600 Service Pack 2

18:07:38 09/07/2008
mbam-log-7-9-2008 (18-07-38).txt

Type de recherche: Examen rapide
Eléments examinés: 42828
Temps écoulé: 11 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 34

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrklfu (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\spybotdeletingc9618 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\b453f833 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bmb760cbaf (Trojan.Agent) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\clypuvla.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\alvupylc.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lbvpqmpt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tpmqpvbl.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\bcbmhgph.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\cbXNFutU.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ctasctqb.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\efcYSiij.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\eiemuxyy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccaawtT.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hnivyymu.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hvjeajik.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\igiimska.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iircjnqt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ivptfqxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jppmrmud.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kpaqjssf.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ljJArOIy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mffrtlak.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nnnmMDVp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nyjpvohy.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rbbvbvxh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssxjda.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tlmtwjti.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tmwyhdul.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\woconqip.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yayXrPge.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\yciaijov.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nneumptn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fccyaXpP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\iibsxdbg.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Répondre à ritchy

verni29, le 9 jui 2008 à 18:43:06

Richy,

Oui, je préférerais car, après, on ne repassera plus cet outil .
Cela prendra plus de temps, mais il est préférable d'agir ainsi.

Tu repostes un rapport Hijackthis avec le rapport MalwareBytes.

A+

Répondre à verni29

ritchy, le 10 jui 2008 à 08:42:33

Après plus de 4h, on y est!

Malwarebytes' Anti-Malware 1.20
Version de la base de données: 934
Windows 5.1.2600 Service Pack 2

08:36:03 10/07/2008
mbam-log-7-10-2008 (08-36-03).txt

Type de recherche: Examen complet (C:\|I:\|)
Eléments examinés: 133106
Temps écoulé: 4 hour(s), 8 minute(s), 39 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 79

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awtrklfu (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{487c9905-26a8-42c8-8033-c58ad3d2aec3} (Trojan.FakeAlert) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\awtRkLFu.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP917\A0098436.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP917\A0098437.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098454.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098469.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098470.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098471.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP918\A0098475.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP920\A0100492.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP923\A0100525.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP924\A0100550.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP926\A0100571.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP926\A0100572.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP928\A0101593.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP928\A0101594.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP930\A0101618.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP930\A0101619.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP932\A0101649.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP932\A0101650.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP933\A0101671.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP935\A0101693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP935\A0101694.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102693.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102713.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP936\A0102727.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP937\A0102746.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP938\A0102772.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP939\A0102794.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP940\A0102845.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP942\A0102869.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP942\A0102870.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP944\A0102911.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP945\A0102943.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP945\A0102961.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP946\A0102979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP947\A0103979.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP948\A0103998.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP950\A0104043.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP951\A0104063.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107169.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107176.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107179.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107184.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107189.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107195.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107198.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107199.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107200.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107201.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107203.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107205.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107209.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0107210.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109262.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109264.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109265.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109266.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109267.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109268.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109269.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109270.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109271.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109272.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109273.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109274.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109275.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109276.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109277.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109278.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109279.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109280.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109281.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109282.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109283.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109284.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109285.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109286.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{4FEE8C91-F9BC-43F5-9FC0-B31CB6A5D68D}\RP955\A0109287.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\rqRIaywv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

Répondre à ritchy

verni29, le 10 jui 2008 à 09:10:37

Bonjour,

1) Pourrais-tu m'envoyer un rapport Hijackthis ?

2) Tu vas télécharger ComBoFix sur le bureau.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

On va le passer une première fois pour rechercher les infections.
Pour un meilleur résultat, on va le passer aussi en mode sans échec.

Redémarre l'ordinateur en mode sans échec ( touche F8 ) et choisis ton compte.

Double sur Combofix.exe et suis les invites.
Une fois le scan fini, un rapport va apparaitre.

Copie/colle ce rapport dans ta prochaine réponse.
Si tu ne le trouves pas, il est à C:\ComboFix.txt.

Effectivement, il y avait du monde.

A+

Répondre à verni29

ritchy, le 10 jui 2008 à 09:14:46

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:14:04, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: (no name) - {0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll (file missing)
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - C:\WINDOWS\system32\awtRkLFu.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: {d149597f-20f6-83d8-0294-195eb0a509be} - {eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Policies\Explorer\Run: [WinUpdating] WinUpdating.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O20 - Winlogon Notify: awtRkLFu - C:\WINDOWS\SYSTEM32\awtRkLFu.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
End of file - 7662 bytes

Répondre à ritchy

ritchy, le 10 jui 2008 à 13:00:34

ComboFix 08-07-09.5 - RYCHIE 2008-07-10 12:43:19.1 - NTFSx86 MINIMAL
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.369 [GMT 2:00]
Endroit: C:\Documents and Settings\RYCHIE\Bureau\claire\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b /color
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMb760cbaf.txt
C:\WINDOWS\system32\aefmnewx.dll
C:\WINDOWS\system32\ajbgdjgk.ini
C:\WINDOWS\system32\alhuipxv.ini
C:\WINDOWS\system32\awtRkLFu.dll
C:\WINDOWS\system32\ayupca.dll
C:\WINDOWS\system32\bbwyeasx.dll
C:\WINDOWS\system32\bhvtfhkp.dll
C:\WINDOWS\system32\bkyylpnr.ini
C:\WINDOWS\system32\bnprqcyw.ini
C:\WINDOWS\system32\bnzxct.dll
C:\WINDOWS\system32\btuytagc.ini
C:\WINDOWS\system32\byoilrdg.ini
C:\WINDOWS\system32\cauhvtxf.ini
C:\WINDOWS\system32\cdzrht.dll
C:\WINDOWS\system32\cpmbuqix.dll
C:\WINDOWS\system32\dcdwhwgq.dll
C:\WINDOWS\system32\dfhnpsku.ini
C:\WINDOWS\system32\dgbblz.dll
C:\WINDOWS\system32\dstptrvy.ini
C:\WINDOWS\system32\dwojbw.dll
C:\WINDOWS\system32\dxphvxgi.ini
C:\WINDOWS\system32\eamxqfoc.dll
C:\WINDOWS\system32\eqjikbiy.ini
C:\WINDOWS\system32\eufixndj.dll
C:\WINDOWS\system32\faenehwx.ini
C:\WINDOWS\system32\fcepdrgs.ini
C:\WINDOWS\system32\ffntwpsf.dll
C:\WINDOWS\system32\fghqccdm.dll
C:\WINDOWS\system32\fgjccetq.dll
C:\WINDOWS\system32\fqivalnn.ini
C:\WINDOWS\system32\fueddkhq.dll
C:\WINDOWS\system32\gcsncfty.dll
C:\WINDOWS\system32\gvvpfiwt.dll
C:\WINDOWS\system32\gyvtmycj.ini
C:\WINDOWS\system32\hgGxUNeb.dll
C:\WINDOWS\system32\hikcqbui.dll
C:\WINDOWS\system32\hniggnbb.dll
C:\WINDOWS\system32\hrnmerwm.dll
C:\WINDOWS\system32\hshtyvne.dll
C:\WINDOWS\system32\htadxrfq.ini
C:\WINDOWS\system32\hvsouada.dll
C:\WINDOWS\system32\igegvfxo.dll
C:\WINDOWS\system32\ikywfn.dll
C:\WINDOWS\system32\imdokg.dll
C:\WINDOWS\system32\iojimpoh.dll
C:\WINDOWS\system32\isqogjrw.ini
C:\WINDOWS\system32\iwwvbx.dll
C:\WINDOWS\system32\jdpdxyvy.dll
C:\WINDOWS\system32\jdudysrs.ini
C:\WINDOWS\system32\jletxm.dll
C:\WINDOWS\system32\joymojbm.ini
C:\WINDOWS\system32\jvjqbluj.ini
C:\WINDOWS\system32\jwkcifqf.ini
C:\WINDOWS\system32\kdfrptiy.dll
C:\WINDOWS\system32\kerkoblt.dll
C:\WINDOWS\system32\knlfqswv.dll
C:\WINDOWS\system32\lcawgdbd.dll
C:\WINDOWS\system32\liwegggf.ini
C:\WINDOWS\system32\ljsfcbum.ini
C:\WINDOWS\system32\lpnnyo.dll
C:\WINDOWS\system32\lqzkol.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mohbayvy.dll
C:\WINDOWS\system32\mpxvixfb.ini
C:\WINDOWS\system32\neccbvik.ini
C:\WINDOWS\system32\nfbmbufj.ini
C:\WINDOWS\system32\nhrpvq.dll
C:\WINDOWS\system32\nmeoqsla.ini
C:\WINDOWS\system32\nnukkkfr.ini
C:\WINDOWS\system32\nrwbfa.dll
C:\WINDOWS\system32\ntasmkws.dll
C:\WINDOWS\system32\ntiyup.dll
C:\WINDOWS\system32\ntwajfmt.dll
C:\WINDOWS\system32\oenkrbos.ini
C:\WINDOWS\system32\ofcdbxvu.ini
C:\WINDOWS\system32\orgtiddw.dll
C:\WINDOWS\system32\panrkued.dll
C:\WINDOWS\system32\pcvcpoqo.ini
C:\WINDOWS\system32\pmnljJBq.dll
C:\WINDOWS\system32\poaxqmfr.dll
C:\WINDOWS\system32\qbiplfbr.ini
C:\WINDOWS\system32\qfxjylim.dll
C:\WINDOWS\system32\qhptngjh.ini
C:\WINDOWS\system32\qnpkcolv.ini
C:\WINDOWS\system32\qqmyqcnw.dll
C:\WINDOWS\system32\qrbdtkas.dll
C:\WINDOWS\system32\qsyqhdns.dll
C:\WINDOWS\system32\rldcyojm.dll
C:\WINDOWS\system32\rllugcxg.dll
C:\WINDOWS\system32\rqofhrxc.ini
C:\WINDOWS\system32\rvhpejva.dll
C:\WINDOWS\system32\sknnichm.dll
C:\WINDOWS\system32\snujvurx.dll
C:\WINDOWS\system32\swcaviuj.dll
C:\WINDOWS\system32\tduiddck.ini
C:\WINDOWS\system32\tikaulcm.ini
C:\WINDOWS\system32\toccsabk.ini
C:\WINDOWS\system32\tttuuutw.ini
C:\WINDOWS\system32\tylruy.dll
C:\WINDOWS\system32\ukqvejkk.dll
C:\WINDOWS\system32\uqrzdo.dll
C:\WINDOWS\system32\vkqgwmjr.dll
C:\WINDOWS\system32\vufqhoka.ini
C:\WINDOWS\system32\vuqmopsn.dll
C:\WINDOWS\system32\vzzapt.dll
C:\WINDOWS\system32\wfbwnqqu.ini
C:\WINDOWS\system32\whddmowa.dll
C:\WINDOWS\system32\wienum.dll
C:\WINDOWS\system32\WinSpooler.exe
C:\WINDOWS\system32\wqhtlucj.ini
C:\WINDOWS\system32\wqkwjakv.dll
C:\WINDOWS\system32\xexvetss.dll
C:\WINDOWS\system32\xhjuihpg.ini
C:\WINDOWS\system32\xijiypuv.dll
C:\WINDOWS\system32\xrtukt.dll
C:\WINDOWS\system32\xvwtuovf.dll
C:\WINDOWS\system32\xwudasgu.dll
C:\WINDOWS\system32\yacydfeg.ini
C:\WINDOWS\system32\yiupiqte.ini
C:\WINDOWS\system32\yqokekvx.dll
C:\WINDOWS\system32\YyIlkRqr.ini
C:\WINDOWS\system32\YyIlkRqr.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.

2008-07-10 12:30 . 2008-07-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 12:30 . 2008-07-10 12:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\RYCHIE\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 17:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-09 16:58 . 2008-07-09 17:02 <REP> d-------- C:\Toolbar SD
2008-07-09 16:22 . 2008-07-09 16:22 149 --a------ C:\WINDOWS\wininit.ini
2008-07-09 14:03 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-07-09 14:03 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-07-09 14:02 . 2008-07-09 14:02 <REP> d-------- C:\Program Files\Sunbelt Software
2008-07-09 14:00 . 2008-07-09 14:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 14:00 . 2008-07-09 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Program Files\Avira
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-09 10:36 . 2008-07-09 10:45 <REP> d-------- C:\fixwareout
2008-07-09 10:22 . 2008-07-09 10:22 <REP> d-------- C:\Program Files\Trend Micro
2008-07-01 19:23 . 2008-07-01 19:23 1,713,713 --ahs---- C:\WINDOWS\system32\pwjwqucf.tmp
2008-07-01 19:23 . 2008-07-01 19:23 294 --ahs---- C:\WINDOWS\system32\pwjwqucf.ini
2008-06-30 19:11 . 2008-06-30 19:11 1,733,619 --ahs---- C:\WINDOWS\system32\joymojbm.tmp
2008-06-28 10:18 . 2008-06-28 10:17 294 --ahs---- C:\WINDOWS\system32\jkfoolas.ini
2008-06-28 10:17 . 2008-06-28 10:17 1,733,640 --ahs---- C:\WINDOWS\system32\jkfoolas.tmp
2008-06-26 19:14 . 2008-06-26 19:14 1,706,852 ---hs---- C:\WINDOWS\system32\dxphvxgi.tmp
2008-06-24 20:56 . 2008-06-25 20:33 1,126 ---hs---- C:\WINDOWS\system32\pomenrob.ini
2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 14:24 --------- d-----w C:\Program Files\Safari
2008-07-09 12:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-18 07:42 --------- d-----w C:\Program Files\Apple Software Update
2008-05-17 17:29 6,712 ----a-w C:\Documents and Settings\RYCHIE\Application Data\wklnhst.dat
2008-05-17 09:14 --------- d-----w C:\Program Files\iTunes
2008-05-17 09:14 --------- d-----w C:\Program Files\iPod
2008-05-17 09:12 --------- d-----w C:\Program Files\QuickTime
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-15 18:09 81,920 ----a-w C:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe
2007-12-15 18:09 47,360 ----a-w C:\Documents and Settings\RYCHIE\Application Data\pcouffin.sys
2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip3_1.mpg
2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip2_1.mpg
2006-07-11 20:04 1,155,076 ----a-w C:\Program Files\^^clip1_1.mpg
2006-06-15 18:00 2,193,412 ----a-w C:\Program Files\((dream2_1.mpg
2006-06-15 18:00 2,134,020 ----a-w C:\Program Files\((dream1_1.mpg
2006-06-15 17:58 1,984,516 ----a-w C:\Program Files\gonzo1.mpg
2006-06-15 17:58 1,959,940 ----a-w C:\Program Files\gonzo2.mpg
2006-06-15 17:48 1,700,047 ----a-w C:\Program Files\$$003.mpg
2006-06-15 17:48 1,699,852 ----a-w C:\Program Files\$$002_3.mpg
2006-06-15 17:48 1,698,143 ----a-w C:\Program Files\$$001.mpg
2006-05-21 09:20 1,030,213 ----a-w C:\Program Files\3.mpg
2006-05-16 21:46 2,234,372 ----a-w C:\Program Files\magic1.mpg
2006-05-16 21:46 2,146,308 ----a-w C:\Program Files\magic2.mpg
2006-05-13 12:36 2,379,780 ----a-w C:\Program Files\dream2.mpg
2006-05-13 12:36 2,373,636 ----a-w C:\Program Files\dream1.mpg
2006-05-07 19:04 700,420 ----a-w C:\Program Files\2.mpg
2006-05-06 09:27 736,206 ----a-w C:\Program Files\4_9.wmv
2006-05-06 09:27 705,882 ----a-w C:\Program Files\3_10.wmv
2006-05-06 09:26 731,874 ----a-w C:\Program Files\2_11.wmv
2006-05-06 09:26 702,994 ----a-w C:\Program Files\1_11.wmv
2006-05-06 08:59 1,395,843 ----a-w C:\Program Files\3_12.mpg
2006-05-06 08:59 1,395,759 ----a-w C:\Program Files\4_2.mpg
2006-05-06 08:57 1,394,424 ----a-w C:\Program Files\1_16.mpg
2006-05-06 08:57 1,393,645 ----a-w C:\Program Files\2_17.mpg
2006-05-06 08:55 933,892 ----a-w C:\Program Files\3_11.mpg
2006-05-06 08:55 860,164 ----a-w C:\Program Files\2_16.mpg
2006-05-06 08:55 860,164 ----a-w C:\Program Files\1_15.mpg
2006-04-30 12:43 782,340 ----a-w C:\Program Files\2_15.mpg
2006-04-29 08:23 1,687,845 ----a-w C:\Program Files\[u]0/u003.mpg
2006-04-24 19:14 1,437,700 ----a-w C:\Program Files\2_14.mpg
2006-04-24 19:14 1,368,068 ----a-w C:\Program Files\3_10.mpg
2006-04-24 19:08 1,290,894 ----a-w C:\Program Files\1_14.mpg
2006-04-24 19:03 735,236 ----a-w C:\Program Files\1_13.mpg
2006-04-24 19:03 700,420 ----a-w C:\Program Files\2_13.mpg
2006-04-19 05:42 1,395,843 ----a-w C:\Program Files\3_9.mpg
2006-04-19 05:42 1,395,759 ----a-w C:\Program Files\4_1.mpg
2006-04-19 05:41 1,394,424 ----a-w C:\Program Files\1_12.mpg
2006-04-19 05:41 1,393,645 ----a-w C:\Program Files\2_12.mpg
2006-04-15 09:07 1,291,124 ----a-w C:\Program Files\3_8.mpg
2006-04-15 09:07 1,284,546 ----a-w C:\Program Files\2_11.mpg
2006-04-15 09:07 1,279,776 ----a-w C:\Program Files\1_11.mpg
2006-04-15 08:54 1,599,492 ----a-w C:\Program Files\2_10.mpg
2006-04-15 08:54 1,597,444 ----a-w C:\Program Files\1_10.mpg
2006-04-12 18:24 2,256,900 ----a-w C:\Program Files\[u]0/u3_9.mpg
2006-04-12 18:24 2,129,924 ----a-w C:\Program Files\[u]0/u1_10.mpg
2006-04-12 18:24 2,109,444 ----a-w C:\Program Files\[u]0/u2_10.mpg
2006-04-11 21:07 521,350 ----a-w C:\Program Files\2_10.wmv
2006-04-11 21:07 493,920 ----a-w C:\Program Files\3_9.wmv
2006-04-11 21:07 492,470 ----a-w C:\Program Files\1_10.wmv
2006-04-11 21:07 460,702 ----a-w C:\Program Files\4_8.wmv
2006-04-11 21:05 1,269,637 ----a-w C:\Program Files\3_7.mpg
2006-04-11 18:46 1,260,693 ----a-w C:\Program Files\1_9.mpg
2006-04-11 18:46 1,252,854 ----a-w C:\Program Files\2_9.mpg
2006-04-11 18:12 1,751,044 ----a-w C:\Program Files\2_8.mpg
2006-04-11 18:12 1,751,044 ----a-w C:\Program Files\1_8.mpg
2006-04-11 18:03 1,343,492 ----a-w C:\Program Files\[u]0/u2_9.mpg
2006-04-11 18:03 1,232,900 ----a-w C:\Program Files\[u]0/u3_8.mpg
2006-04-11 17:59 1,220,612 ----a-w C:\Program Files\[u]0/u2_8.mpg
2006-04-09 12:10 1,629,124 ----a-w C:\Program Files\[u]0/u001_2.mpg
2006-04-09 12:10 1,561,728 ----a-w C:\Program Files\[u]0/u002_2.mpg
2006-04-09 11:58 804,868 ----a-w C:\Program Files\2_7.mpg
2006-04-09 11:58 802,820 ----a-w C:\Program Files\1_7.mpg
2006-04-08 12:23 1,255,428 ----a-w C:\Program Files\[u]0/u3_6.mpg
2006-04-08 12:15 983,075 ----a-w C:\Program Files\4_7.wmv
2006-04-08 12:15 983,075 ----a-w C:\Program Files\3_8.wmv
2006-04-08 12:15 977,275 ----a-w C:\Program Files\1_9.wmv
2006-04-08 12:15 1,029,475 ----a-w C:\Program Files\2_9.wmv
2006-04-08 12:14 2,034,885 ----a-w C:\Program Files\1_8.wmv
2006-04-08 12:14 1,986,885 ----a-w C:\Program Files\2_8.wmv
2006-04-08 12:14 1,978,885 ----a-w C:\Program Files\4_6.wmv
2006-04-08 12:14 1,930,885 ----a-w C:\Program Files\3_7.wmv
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0/u3_5.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0/u2_6.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0/u1_6.mpg
2006-04-06 18:39 1,710,564 ----a-w C:\Program Files\3_6.mpg
2006-04-06 18:38 1,637,533 ----a-w C:\Program Files\2_6.mpg
2006-04-06 18:38 1,637,407 ----a-w C:\Program Files\1_6.mpg
2006-04-06 18:14 2,236,420 ----a-w C:\Program Files\[u]0/u3_4.mpg
2006-04-06 18:14 2,207,748 ----a-w C:\Program Files\[u]0/u4_2.mpg
2006-04-06 18:11 2,166,788 ----a-w C:\Program Files\3_5.mpg
2006-04-06 18:10 2,222,084 ----a-w C:\Program Files\2_5.mpg
2006-04-06 18:10 2,166,788 ----a-w C:\Program Files\1_5.mpg
2006-04-04 18:34 1,220,612 ----a-w C:\Program Files\[u]0/u3_3.mpg
2006-04-04 18:34 1,157,124 ----a-w C:\Program Files\[u]0/u2_4.mpg
2006-04-04 18:33 1,042,436 ----a-w C:\Program Files\[u]0/u1_4.mpg
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-10-14 09:55 3335944]
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 16:53 607232]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pxxkiixs.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=

R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
S3 PRISM_USB;Prism Mini USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2002-02-24 22:39]

.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-07-09 12:38:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{0BE5AF5D-776D-4E4D-84FC-E90658C580A1} - C:\WINDOWS\system32\rqRklIyY.dll
BHO-{487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
BHO-{eb905a0b-e591-4920-8d38-6f02f795941d} - C:\WINDOWS\system32\xqqctw.dll
HKLM-Run-PRISMSTA.EXE - PRISMSTA.EXE
Notify-awtRkLFu - (no file)

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 12:50:54
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-10 12:57:13 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-10 10:56:03

Pre-Run: 5,848,817,664 octets libres
Post-Run: 5,878,308,864 octets libres

361 --- E O F --- 2008-07-10 10:25:56

Répondre à ritchy

verni29, le 10 jui 2008 à 13:02:51

Ritchy

Il me faut un peu de temps pour préparer le script de désinfection.
Peux-tu me poster un rapport Hijackthis, STP ?

De retour dans une heure.

A+

Répondre à verni29

verni29, le 10 jui 2008 à 14:06:36

Ritchty,

Il me faut vérifier le chemin dans la base de registre de ce fichier : WinUpdating.exe
Ouvre la base de registre :
Démarrer --> Exécuter --> Regedit
dans le menu Edition --> Rechercher
Vérifie que toutes les options sont cochées ( clés, valeurs, données ) et effectue la recherche sur le nom du ficihier.

Quand il aura trouvé la clé, le fichier apparaitra en bleu dans la partie droite.
Ce qui m'intéresse c'est la clé dans laquelle se trouve ce fichier.
regarde dans la partie gauche, il y a un dossier ouvert. Tu fais un clic droit dessus --> Copier le nom de la clé.

Tu me la colles dans ton prochain message.

Tu devrais obtenir quelque chose comme ceci :
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

A+

Répondre à verni29

ritchy, le 10 jui 2008 à 18:44:07

HKEY_CLASSES_ROOT\Applications\regedit.exe

si je me suis pas trompée c ça!

Répondre à ritchy

verni29, le 10 jui 2008 à 18:56:57

Ritchy,

La recherche doit se faire sur le nom de fichier WinUpdating.exe.

Sinon, j'ai oublié de te demander. Antivir se comporte comment.

A+

Répondre à verni29

ritchy, le 10 jui 2008 à 19:03:35

Trouve pas le fichier........

antivir se calme, y'a moins de fenetres qui s'affichent, enfin pour l'instant!

Répondre à ritchy

verni29, le 10 jui 2008 à 19:13:17

Pourrais-tu me poster un rapport Hijackthis ?

Je poste le script de désinfection dans une demi-heure ?

A+

Répondre à verni29

ritchy, le 10 jui 2008 à 19:15:25

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: pxxkiixs.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
End of file - 6998 bytes

tu peux me poster le script qd tu veux!

Répondre à ritchy

verni29, le 10 jui 2008 à 19:33:22

1) fermes ton navigateur.
Lance Hijackthis et tu choisis " Do a system scan only ".
Tu sélectionnes les lignes suivantes :

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O20 - AppInit_DLLs: pxxkiixs.dll

Tu choisis l'option " Fixchecked" en bas de la page.

2) Ouvre le bloc-notes et sélectionne le texte suivant.
Copie/colle ce texte dans le bloc-notes.
Enregistre le fichier sur le bureau et nomme-le CFScript.txt.

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-

File::

C:\WINDOWS\system32\WinUpdating.exe
C:\WINDOWS\system32\pwjwqucf.tmp
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\Program Files\^^clip3_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\$$003.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$001.mpg
C:\Program Files\3.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\Program Files\dream2.mpg
C:\Program Files\dream1.mpg
C:\Program Files\2.mpg
C:\Program Files\4_9.wmv
C:\Program Files\3_10.wmv
C:\Program Files\2_11.wmv
C:\Program Files\1_11.wmv
C:\Program Files\3_12.mpg
C:\Program Files\4_2.mpg
C:\Program Files\1_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\3_11.mpg
C:\Program Files\2_16.mpg
C:\Program Files\1_15.mpg
C:\Program Files\2_15.mpg
C:\Program Files\[u]0/u003.mpg
C:\Program Files\2_14.mpg
C:\Program Files\3_10.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_13.mpg
C:\Program Files\2_13.mpg
C:\Program Files\3_9.mpg
C:\Program Files\4_1.mpg
C:\Program Files\1_12.mpg
C:\Program Files\2_12.mpg
C:\Program Files\3_8.mpg
C:\Program Files\2_11.mpg
C:\Program Files\1_11.mpg
C:\Program Files\2_10.mpg
C:\Program Files\1_10.mpg
C:\Program Files\[u]0/u3_9.mpg
C:\Program Files\[u]0/u1_10.mpg
C:\Program Files\[u]0/u2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\3_9.wmv
C:\Program Files\1_10.wmv
C:\Program Files\4_8.wmv
C:\Program Files\3_7.mpg
C:\Program Files\1_9.mpg
C:\Program Files\2_9.mpg
C:\Program Files\2_8.mpg
C:\Program Files\1_8.mpg
C:\Program Files\[u]0/u2_9.mpg
C:\Program Files\[u]0/u3_8.mpg
C:\Program Files\[u]0/u2_8.mpg
C:\Program Files\[u]0/u001_2.mpg
C:\Program Files\[u]0/u002_2.mpg
C:\Program Files\2_7.mpg
C:\Program Files\1_7.mpg
C:\Program Files\[u]0/u3_6.mpg
C:\Program Files\4_7.wmv
C:\Program Files\3_8.wmv
C:\Program Files\1_9.wmv
C:\Program Files\2_9.wmv
C:\Program Files\1_8.wmv
C:\Program Files\2_8.wmv
C:\Program Files\4_6.wmv
C:\Program Files\3_7.wmv
C:\Program Files\[u]0/u3_5.mpg
C:\Program Files\[u]0/u2_6.mpg
C:\Program Files\[u]0/u1_6.mpg
C:\Program Files\3_6.mpg
C:\Program Files\2_6.mpg
C:\Program Files\1_6.mpg
C:\Program Files\[u]0/u3_4.mpg
C:\Program Files\[u]0/u4_2.mpg
C:\Program Files\3_5.mpg
C:\Program Files\2_5.mpg
C:\Program Files\1_5.mpg
C:\Program Files\[u]0/u3_3.mpg
C:\Program Files\[u]0/u2_4.mpg
C:\Program Files\[u]0/u1_4.mpg

Vérifie que l'icone de Combofix se trouve également sur le bureau, sinon, tu relécharges combofix et tu l'enregistres aussi sur le bureau.
Glisse/dépose le script sur ComBoFix. Tu suis les invites.
Ton bureau va disparaître à plusieurs reprises. Normal.
Une fois le scan achevé, tu enregistres le rapport et tu le postes avec un rapport Hijackthis.

A+

Répondre à verni29

ritchy, le 10 jui 2008 à 19:54:13

ComboFix 08-07-09.5 - RYCHIE 2008-07-10 19:40:47.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.155 [GMT 2:00]
Endroit: C:\Documents and Settings\RYCHIE\Bureau\claire\ComboFix.exe
Command switches used :: C:\Documents and Settings\RYCHIE\Bureau\CFScript.txt..txt
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b /color

FILE ::
C:\Program Files\$$001.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$003.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\[u]0/u001_2.mpg
C:\Program Files\[u]0/u002_2.mpg
C:\Program Files\[u]0/u003.mpg
C:\Program Files\[u]0/u1_10.mpg
C:\Program Files\[u]0/u1_4.mpg
C:\Program Files\[u]0/u1_6.mpg
C:\Program Files\[u]0/u2_10.mpg
C:\Program Files\[u]0/u2_4.mpg
C:\Program Files\[u]0/u2_6.mpg
C:\Program Files\[u]0/u2_8.mpg
C:\Program Files\[u]0/u2_9.mpg
C:\Program Files\[u]0/u3_3.mpg
C:\Program Files\[u]0/u3_4.mpg
C:\Program Files\[u]0/u3_5.mpg
C:\Program Files\[u]0/u3_6.mpg
C:\Program Files\[u]0/u3_8.mpg
C:\Program Files\[u]0/u3_9.mpg
C:\Program Files\[u]0/u4_2.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip3_1.mpg
C:\Program Files\1_10.mpg
C:\Program Files\1_10.wmv
C:\Program Files\1_11.mpg
C:\Program Files\1_11.wmv
C:\Program Files\1_12.mpg
C:\Program Files\1_13.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_15.mpg
C:\Program Files\1_16.mpg
C:\Program Files\1_5.mpg
C:\Program Files\1_6.mpg
C:\Program Files\1_7.mpg
C:\Program Files\1_8.mpg
C:\Program Files\1_8.wmv
C:\Program Files\1_9.mpg
C:\Program Files\1_9.wmv
C:\Program Files\2.mpg
C:\Program Files\2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\2_11.mpg
C:\Program Files\2_11.wmv
C:\Program Files\2_12.mpg
C:\Program Files\2_13.mpg
C:\Program Files\2_14.mpg
C:\Program Files\2_15.mpg
C:\Program Files\2_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\2_5.mpg
C:\Program Files\2_6.mpg
C:\Program Files\2_7.mpg
C:\Program Files\2_8.mpg
C:\Program Files\2_8.wmv
C:\Program Files\2_9.mpg
C:\Program Files\2_9.wmv
C:\Program Files\3.mpg
C:\Program Files\3_10.mpg
C:\Program Files\3_10.wmv
C:\Program Files\3_11.mpg
C:\Program Files\3_12.mpg
C:\Program Files\3_5.mpg
C:\Program Files\3_6.mpg
C:\Program Files\3_7.mpg
C:\Program Files\3_7.wmv
C:\Program Files\3_8.mpg
C:\Program Files\3_8.wmv
C:\Program Files\3_9.mpg
C:\Program Files\3_9.wmv
C:\Program Files\4_1.mpg
C:\Program Files\4_2.mpg
C:\Program Files\4_6.wmv
C:\Program Files\4_7.wmv
C:\Program Files\4_8.wmv
C:\Program Files\4_9.wmv
C:\Program Files\dream1.mpg
C:\Program Files\dream2.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\pwjwqucf.tmp
C:\WINDOWS\system32\WinUpdating.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\$$001.mpg
C:\Program Files\$$002_3.mpg
C:\Program Files\$$003.mpg
C:\Program Files\((dream1_1.mpg
C:\Program Files\((dream2_1.mpg
C:\Program Files\^^clip1_1.mpg
C:\Program Files\^^clip2_1.mpg
C:\Program Files\^^clip3_1.mpg
C:\Program Files\1_10.mpg
C:\Program Files\1_10.wmv
C:\Program Files\1_11.mpg
C:\Program Files\1_11.wmv
C:\Program Files\1_12.mpg
C:\Program Files\1_13.mpg
C:\Program Files\1_14.mpg
C:\Program Files\1_15.mpg
C:\Program Files\1_16.mpg
C:\Program Files\1_5.mpg
C:\Program Files\1_6.mpg
C:\Program Files\1_7.mpg
C:\Program Files\1_8.mpg
C:\Program Files\1_8.wmv
C:\Program Files\1_9.mpg
C:\Program Files\1_9.wmv
C:\Program Files\2.mpg
C:\Program Files\2_10.mpg
C:\Program Files\2_10.wmv
C:\Program Files\2_11.mpg
C:\Program Files\2_11.wmv
C:\Program Files\2_12.mpg
C:\Program Files\2_13.mpg
C:\Program Files\2_14.mpg
C:\Program Files\2_15.mpg
C:\Program Files\2_16.mpg
C:\Program Files\2_17.mpg
C:\Program Files\2_5.mpg
C:\Program Files\2_6.mpg
C:\Program Files\2_7.mpg
C:\Program Files\2_8.mpg
C:\Program Files\2_8.wmv
C:\Program Files\2_9.mpg
C:\Program Files\2_9.wmv
C:\Program Files\3.mpg
C:\Program Files\3_10.mpg
C:\Program Files\3_10.wmv
C:\Program Files\3_11.mpg
C:\Program Files\3_12.mpg
C:\Program Files\3_5.mpg
C:\Program Files\3_6.mpg
C:\Program Files\3_7.mpg
C:\Program Files\3_7.wmv
C:\Program Files\3_8.mpg
C:\Program Files\3_8.wmv
C:\Program Files\3_9.mpg
C:\Program Files\3_9.wmv
C:\Program Files\4_1.mpg
C:\Program Files\4_2.mpg
C:\Program Files\4_6.wmv
C:\Program Files\4_7.wmv
C:\Program Files\4_8.wmv
C:\Program Files\4_9.wmv
C:\Program Files\dream1.mpg
C:\Program Files\dream2.mpg
C:\Program Files\gonzo1.mpg
C:\Program Files\gonzo2.mpg
C:\Program Files\magic1.mpg
C:\Program Files\magic2.mpg
C:\WINDOWS\BMb760cbaf.xml
C:\WINDOWS\system32\dxphvxgi.tmp
C:\WINDOWS\system32\jkfoolas.ini
C:\WINDOWS\system32\jkfoolas.tmp
C:\WINDOWS\system32\joymojbm.tmp
C:\WINDOWS\system32\pomenrob.ini
C:\WINDOWS\system32\pwjwqucf.ini
C:\WINDOWS\system32\pwjwqucf.tmp

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-10 to 2008-07-10 ))))))))))))))))))))))))))))))))))))
.

2008-07-10 12:30 . 2008-07-10 12:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-10 12:30 . 2008-07-10 12:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\RYCHIE\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-09 17:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-09 17:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-09 17:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-09 17:00 . 2008-06-14 19:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-09 16:58 . 2008-07-09 17:02 <REP> d-------- C:\Toolbar SD
2008-07-09 16:22 . 2008-07-09 16:22 149 --a------ C:\WINDOWS\wininit.ini
2008-07-09 14:03 . 2008-06-21 04:54 269,736 -ra------ C:\WINDOWS\system32\drivers\SbFw.sys
2008-07-09 14:03 . 2008-06-21 04:54 65,576 --a------ C:\WINDOWS\system32\drivers\SbFwIm.sys
2008-07-09 14:02 . 2008-07-09 14:02 <REP> d-------- C:\Program Files\Sunbelt Software
2008-07-09 14:00 . 2008-07-09 14:00 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 14:00 . 2008-07-09 16:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Program Files\Avira
2008-07-09 13:19 . 2008-07-09 13:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-09 10:36 . 2008-07-09 10:45 <REP> d-------- C:\fixwareout
2008-07-09 10:22 . 2008-07-09 10:22 <REP> d-------- C:\Program Files\Trend Micro
2008-06-21 04:54 . 2008-06-21 04:54 66,600 -ra------ C:\WINDOWS\system32\drivers\sbhips.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 14:24 --------- d-----w C:\Program Files\Safari
2008-07-09 12:29 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-18 07:42 --------- d-----w C:\Program Files\Apple Software Update
2008-05-17 17:29 6,712 ----a-w C:\Documents and Settings\RYCHIE\Application Data\wklnhst.dat
2008-05-17 09:14 --------- d-----w C:\Program Files\iTunes
2008-05-17 09:14 --------- d-----w C:\Program Files\iPod
2008-05-17 09:12 --------- d-----w C:\Program Files\QuickTime
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-15 18:09 81,920 ----a-w C:\Documents and Settings\RYCHIE\Application Data\ezpinst.exe
2007-12-15 18:09 47,360 ----a-w C:\Documents and Settings\RYCHIE\Application Data\pcouffin.sys
2006-04-29 08:23 1,687,845 ----a-w C:\Program Files\[u]0/u003.mpg
2006-04-12 18:24 2,256,900 ----a-w C:\Program Files\[u]0/u3_9.mpg
2006-04-12 18:24 2,129,924 ----a-w C:\Program Files\[u]0/u1_10.mpg
2006-04-12 18:24 2,109,444 ----a-w C:\Program Files\[u]0/u2_10.mpg
2006-04-11 18:03 1,343,492 ----a-w C:\Program Files\[u]0/u2_9.mpg
2006-04-11 18:03 1,232,900 ----a-w C:\Program Files\[u]0/u3_8.mpg
2006-04-11 17:59 1,220,612 ----a-w C:\Program Files\[u]0/u2_8.mpg
2006-04-09 12:10 1,629,124 ----a-w C:\Program Files\[u]0/u001_2.mpg
2006-04-09 12:10 1,561,728 ----a-w C:\Program Files\[u]0/u002_2.mpg
2006-04-08 12:23 1,255,428 ----a-w C:\Program Files\[u]0/u3_6.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0/u3_5.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0/u2_6.mpg
2006-04-06 18:41 1,583,108 ----a-w C:\Program Files\[u]0/u1_6.mpg
2006-04-06 18:14 2,236,420 ----a-w C:\Program Files\[u]0/u3_4.mpg
2006-04-06 18:14 2,207,748 ----a-w C:\Program Files\[u]0/u4_2.mpg
2006-04-04 18:34 1,220,612 ----a-w C:\Program Files\[u]0/u3_3.mpg
2006-04-04 18:34 1,157,124 ----a-w C:\Program Files\[u]0/u2_4.mpg
2006-04-04 18:33 1,042,436 ----a-w C:\Program Files\[u]0/u1_4.mpg
2006-04-04 18:27 1,719,391 ----a-w C:\Program Files\[u]0/u03_1.mpg
2006-04-04 18:27 1,699,359 ----a-w C:\Program Files\[u]0/u02_2.mpg
2006-04-04 18:26 1,699,924 ----a-w C:\Program Files\[u]0/u01_2.mpg
2006-04-02 16:16 950,858 ----a-w C:\Program Files\[u]0/u1_3.wmv
2006-04-02 16:16 921,864 ----a-w C:\Program Files\[u]0/u2_3.wmv
2006-04-02 16:16 829,058 ----a-w C:\Program Files\[u]0/u3_3.wmv
2006-04-02 16:16 782,652 ----a-w C:\Program Files\[u]0/u4_3.wmv
2006-04-02 16:13 921,953 ----a-w C:\Program Files\2_4.mpg
2006-04-02 16:13 921,937 ----a-w C:\Program Files\1_4.mpg
2006-04-02 16:13 857,128 ----a-w C:\Program Files\4.mpg
2006-04-02 16:13 857,007 ----a-w C:\Program Files\3_4.mpg
2006-03-31 20:48 1,507,072 ----a-w C:\Program Files\1_7.wmv
2006-03-31 20:48 1,491,072 ----a-w C:\Program Files\2_7.wmv
2006-03-31 18:56 1,783,209 ----a-w C:\Program Files\[u]0/u3_2.mpg
2006-03-31 18:55 1,895,578 ----a-w C:\Program Files\[u]0/u2_3.mpg
2006-03-31 18:55 1,820,407 ----a-w C:\Program Files\[u]0/u1_3.mpg
2006-03-31 18:55 1,769,544 ----a-w C:\Program Files\[u]0/u4_1.mpg
2006-03-31 18:46 564,676 ----a-w C:\Program Files\2_6.wmv
2006-03-31 18:46 545,904 ----a-w C:\Program Files\3_6.wmv
2006-03-31 18:46 525,682 ----a-w C:\Program Files\1_6.wmv
2006-03-31 18:46 514,136 ----a-w C:\Program Files\4_5.wmv
2006-03-31 18:44 2,381,564 ----a-w C:\Program Files\4_4.wmv
2006-03-31 18:44 2,373,564 ----a-w C:\Program Files\3_5.wmv
2006-03-31 18:43 2,389,564 ----a-w C:\Program Files\2_5.wmv
2006-03-31 18:43 2,373,564 ----a-w C:\Program Files\1_5.wmv
2006-03-31 18:41 1,564,254 ----a-w C:\Program Files\2_3.mpg
2006-03-31 18:41 1,557,429 ----a-w C:\Program Files\3_3.mpg
2006-03-31 18:39 1,563,655 ----a-w C:\Program Files\1_3.mpg
2006-03-31 18:27 1,669,124 ----a-w C:\Program Files\[u]0/u3_1.mpg
2006-03-31 18:27 1,626,116 ----a-w C:\Program Files\[u]0/u4.mpg
2006-03-31 18:27 1,601,540 ----a-w C:\Program Files\[u]0/u2_2.mpg
2006-03-31 18:27 1,568,772 ----a-w C:\Program Files\[u]0/u1_2.mpg
2006-03-30 19:37 1,378,374 ----a-w C:\Program Files\2_4.wmv
2006-03-30 19:37 1,072,274 ----a-w C:\Program Files\4_3.wmv
2006-03-30 19:37 1,057,792 ----a-w C:\Program Files\3_4.wmv
2006-03-30 19:37 1,052,072 ----a-w C:\Program Files\1_4.wmv
2006-03-30 19:06 884,463 ----a-w C:\Program Files\1_3.wmv
2006-03-30 19:05 872,863 ----a-w C:\Program Files\4_2.wmv
2006-03-30 19:05 872,863 ----a-w C:\Program Files\3_3.wmv
2006-03-30 19:05 1,035,263 ----a-w C:\Program Files\2_3.wmv
2006-03-30 18:46 939,270 ----a-w C:\Program Files\[u]0/u3_2.wmv
2006-03-30 18:46 921,864 ----a-w C:\Program Files\[u]0/u4_2.wmv
2006-03-30 18:46 916,064 ----a-w C:\Program Files\[u]0/u1_2.wmv
2006-03-30 18:46 852,264 ----a-w C:\Program Files\[u]0/u2_2.wmv
2006-03-30 18:21 1,552,388 ----a-w C:\Program Files\1_2.mpg
2006-03-30 18:20 1,546,244 ----a-w C:\Program Files\2_2.mpg
2006-03-30 18:20 1,333,252 ----a-w C:\Program Files\3_2.mpg
2006-03-30 18:01 1,081,685 ----a-w C:\Program Files\1_2.wmv
2006-03-30 18:01 1,075,885 ----a-w C:\Program Files\4_1.wmv
2006-03-30 18:01 1,064,285 ----a-w C:\Program Files\3_2.wmv
2006-03-30 18:00 1,035,285 ----a-w C:\Program Files\2_2.wmv
2006-03-30 17:47 884,740 ----a-w C:\Program Files\3_1.mpg
2006-03-30 17:41 1,099,075 ----a-w C:\Program Files\4.wmv
2006-03-30 17:40 1,000,475 ----a-w C:\Program Files\3_1.wmv
2006-03-30 17:39 988,875 ----a-w C:\Program Files\1_1.wmv
2006-03-30 17:39 2,241,075 ----a-w C:\Program Files\[u]0/u02_1.mpg
2006-03-30 17:39 1,000,475 ----a-w C:\Program Files\2_1.wmv
2006-03-30 17:29 1,841,156 ----a-w C:\Program Files\[u]0/u02.mpg
2006-03-28 18:57 962,470 ----a-w C:\Program Files\[u]0/u4_1.wmv
2006-03-24 19:33 2,054,148 ----a-w C:\Program Files\1.mpg
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 17:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 13:55 5674352]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [2008-01-01 18:49 4739072]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE" [2007-03-01 08:01 180736]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe" [2007-08-03 13:51 202024]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 22:10 344064]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" [2006-10-14 09:55 3335944]
"SpeedOptimizer"="C:\PROGRA~1\SPEEDO~1\SPO.EXE" [2003-09-29 16:53 607232]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 12:20 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DIVXc32.dll
"vidc.DIV4"= DIVXc32f.dll
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Shareaza\\Shareaza.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=

R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 18:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-20 21:03]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [2008-06-21 04:54]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [2008-06-21 04:54]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [2008-07-01 10:51]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [2008-07-01 10:51]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\DRIVERS\sbfwim.sys [2008-06-21 04:54]
S3 PRISM_USB;Prism Mini USB Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\PRISMUSB.sys [2002-02-24 22:39]

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-09 12:38:21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 19:46:54
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

**************************************************************************
.
Temps d'accomplissement: 2008-07-10 19:50:14
ComboFix-quarantined-files.txt 2008-07-10 17:49:07
ComboFix2.txt 2008-07-10 10:57:17

Pre-Run: 5,727,092,736 octets libres
Post-Run: 5,736,017,920 octets libres

368 --- E O F --- 2008-07-10 10:25:56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:54, on 10/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [SpeedOptimizer] C:\PROGRA~1\SPEEDO~1\SPO.EXE -s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S145.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
End of file - 6909 bytes

Répondre à ritchy

verni29, le 10 jui 2008 à 20:48:05

Ritchy,

Tous les fichiers n'ont pas été supprimés.
Je vais te demander, provisoirement ( après tu fais ce que tu veux ) de ne surtout pas télécharger via le P2P.
Tu désactives Shareaza le temps qu'on termine le travail.

J'ai une autre analyse à faire.

Pendant ce temps, on va s'occuper des barres d'outils.

Télécharge Toolbar-S&D sur ton Bureau :
http://eric.71.mespages.googlepages.com/ToolBarSD.exe

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique sur le raccourci de Toolbar-S&D.
* Sélectionne la langue puis valide.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Copie/colle le contenu du rapport situé dans C:\TB.txt .

A+

Répondre à verni29

ritchy, le 10 jui 2008 à 21:24:02

-----------\\ ToolBar S&D 1.0.3 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : RYCHIE ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 10/07/2008 | 21:21:23,79 ] [ PC : RWIFI ]
[ MAJ : 08-07-2008 | 22:24 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskTBar
C:\Program Files\AskTBar\bar
C:\Program Files\AskTBar\PopSwatr
C:\Program Files\AskTBar\SrchAstt
C:\DOCUME~1\RYCHIE\LOCALS~1\TEMPOR~1\content.IE5\MYQGPFTT\B2884847[1].htm

-----------\\ [HKCU\..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

-----------\\ Fin du rapport a 21:22:53,45

Répondre à ritchy

verni29, le 10 jui 2008 à 21:26:02

Relance Toolbar-S&D en double-cliquant sur le raccourci.
Tape sur "2" puis valide en appuyant sur "Entrée".
Ne ferme pas la fenêtre lors de la suppression.
Un nouveau rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Répondre à verni29

91 réponses 12 3 Suivant

Posez votre question Répondre