High-Tech Santé Médecine Droit-Finances

Grippe A

Que dois-je faire ?

Rechercher : dans
Par :

Help-me problème antivirus XP 2008 !

Dernière réponse le 31 jui 2008 à 23:49:02 colin du11, le 28 jui 2008 à 15:25:30 
 Signaler ce message aux modérateurs

Bonjour,
j' ai été infecté par " antivirus XP 2008 " , depuis j' ai plein de problème avec mon ordinateur.
aidez-moi vite.

en vous remerciant de votre réponse.

P.S.: je ne suis pa très doué en informatique.

Configuration: Windows XP
Internet Explorer 6.0

Posez votre question Répondre

1

anthony5151, le 28 jui 2008 à 15:32:12

Bonjour,

Télécharge hijackthis sur ton bureau :
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Installe le, lance le et clique sur "Do a system scan and save a logfile".
Fais un copier-coller du rapport entier sur le forum
Si on vous aide pour désinfecter votre ordinateur, 
ne partez pas quand les symptomes disparaissent,
attendez qu'on vous dise que l'infection a été éradiquée

   
Répondre à anthony5151

2

colin du11, le 28 jui 2008 à 15:46:01

C bon merci a toi je t' envoie le rapprt hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44: VIRUS ALERT!, on 28/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\All Users\Application Data\fojoxgvs\ruhaxmnk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lphc7t8j0ej43.exe
C:\Program Files\rhc3t8j0ej43\rhc3t8j0ej43.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\fupgzmhu.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Orange\browser\browser.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = file://C:\APPS\IE\offline\fr.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {38D65FA7-2CDC-457E-9A02-CD04C66D532D} - C:\WINDOWS\system32\xxyaxYrP.dll (file missing)
O2 - BHO: (no name) - {39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - C:\WINDOWS\system32\yayxvvtT.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: {1c97166a-8e05-934b-be74-15eb5b07d65a} - {a56d70b5-be51-47eb-b439-50e8a66179c1} - C:\WINDOWS\system32\guazpd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B7FDDE19-A99B-4B39-BEC9-10F50453DEED} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FC68F04D-F97A-4BDC-83B3-C06C8B7E117C} - (no file)
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: fdkowvbp - {1BAD33A8-7CB0-4085-A968-C5CF832ECA96} - C:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lphc7t8j0ej43] C:\WINDOWS\system32\lphc7t8j0ej43.exe
O4 - HKLM\..\Run: [SMrhc3t8j0ej43] C:\Program Files\rhc3t8j0ej43\rhc3t8j0ej43.exe
O4 - HKLM\..\Run: [84398f6d] rundll32.exe "C:\WINDOWS\system32\klylsgna.dll",b
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MntMsg] C:\WINDOWS\system32\fupgzmhu.exe
O4 - HKLM\..\Policies\Explorer\Run: [kb1OJiQPMN] C:\Documents and Settings\All Users\Application Data\fojoxgvs\ruhaxmnk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: yayxvvtT - C:\WINDOWS\SYSTEM32\yayxvvtT.dll
O21 - SSODL: gendsc - {0C40E303-8DF4-42D0-C64D-0B758C9091A8} - C:\Program Files\kqhlpdd\gendsc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
End of file - 13264 bytes

   
Répondre à colin du11

3

colin du11, le 28 jui 2008 à 15:47:08

Suite es-ce que je peux fermer hijackthis

   
Répondre à colin du11

4

anthony5151, le 28 jui 2008 à 16:09:08

Ton ordinateur est très infecté !

Commence par ceci :

Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe

- Enregistre-le sur le bureau

- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée

- Un rapport sera généré, poste-le dans ta prochaine réponse stp.

Tutorial ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php

Si on vous aide pour désinfecter votre ordinateur, 
ne partez pas quand les symptomes disparaissent,
attendez qu'on vous dise que l'infection a été éradiquée

   
Répondre à anthony5151

5

colin du11, le 28 jui 2008 à 17:43:29

C bon désolé j' ai eu un petit problème sur internet, voici le rapport

SmitFraudFix v2.332

Rapport fait à 17:40:09,04, 28/07/2008
Executé à partir de C:\Documents and Settings\lionel\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\All Users\Application Data\fojoxgvs\ruhaxmnk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\WINDOWS\system32\lphc7t8j0ej43.exe
C:\Program Files\rhc3t8j0ej43\rhc3t8j0ej43.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\fupgzmhu.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Orange\browser\browser.exe
C:\Documents and Settings\lionel\Bureau\SmitfraudFix.exe
C:\WINDOWS\system32\cmd.exe
C:\Documents and Settings\lionel\Bureau\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lionel


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\lionel\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\lionel\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{C700E5B0-562E-4177-897D-81F3492CAF87}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{C700E5B0-562E-4177-897D-81F3492CAF87}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{C700E5B0-562E-4177-897D-81F3492CAF87}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

   
Répondre à colin du11

6

anthony5151, le 29 jui 2008 à 00:48:36

Télécharge et installe Malwarebyte's Anti-Malware : http://www.malwarebytes.org/mbam/program/mbam-setup.exe
- A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
- Lance Malwarebyte's Anti-Malware, laisse les Mises à jour se télécharger et referme le programme

Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle

Lance Malwarebyte's Anti-Malware
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection
- S'il t'es demandé de redémarrer, clique sur Yes


Poste le rapport de scan après la suppression ici

Si on vous aide pour désinfecter votre ordinateur, 
ne partez pas quand les symptomes disparaissent,
attendez qu'on vous dise que l'infection a été éradiquée

   
Répondre à anthony5151

7

colin du11, le 29 jui 2008 à 21:03:05

Désolé anthony5151 de ne pas t' avoir repondu plutot mais je n' était pas chez moi de toute la journée
je t' envoie donc le rapport de Malwarebytes' Antimalware

Malwarebytes' Anti-Malware 1.23
Version de la base de données: 1007
Windows 5.1.2600 Service Pack 2

20:49:11 29/07/2008
mbam-log-7-29-2008 (20-49-06).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 96023
Temps écoulé: 47 minute(s), 27 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 47
Valeur(s) du Registre infectée(s): 14
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 19
Fichier(s) infecté(s): 158

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\yayxvvtT.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a56d70b5-be51-47eb-b439-50e8a66179c1} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a56d70b5-be51-47eb-b439-50e8a66179c1} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{39dc821c-fe03-415f-8f47-b50ada5d7d1a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39dc821c-fe03-415f-8f47-b50ada5d7d1a} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yayxvvtt (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc3t8j0ej43 (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc3t8j0ej43 (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WinCtrl32 (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{4d2f7b98-7e8b-4989-bc9a-6759ab13ce49} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c8bda00c-9b5a-44ba-94b9-b02e263f8ae5} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1bad33a8-7cb0-4085-a968-c5cf832eca96} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.belv (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\fdkowvbp.toolbar.1 (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{39dc821c-fe03-415f-8f47-b50ada5d7d1a} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{4e7bd74f-2b8d-469e-a0e8-ed6ab685fa7d} (Adware.2020Search) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc3t8j0ej43 (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{1bad33a8-7cb0-4085-a968-c5cf832eca96} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc7t8j0ej43 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\backupwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\dynamic toolbar (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2 (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache (Adware.2020search) -> No action taken.
C:\WINDOWS\mslagent (Adware.EGDAccess) -> No action taken.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\rhc3t8j0ej43 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43 (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\lionel\Application Data\rhc3t8j0ej43\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Fichier(s) infecté(s):
C:\WINDOWS\system32\guazpd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mjfokbse.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\esbkofjm.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\offoxtyr.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rytxoffo.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\yayxvvtT.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temporary Internet Files\Content.IE5\9YQO78LY\CASDSXGF (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temporary Internet Files\Content.IE5\CJTMRB7E\CAJMAX7F (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temporary Internet Files\Content.IE5\Y95ZBX5Z\CA3YCNBH (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0051725.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0051867.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{751238CC-FEB5-4605-9EA9-B441EBD3D66D}\RP31\A0051872.sys (Rootkit.Agent) -> No action taken.
C:\WINDOWS\eqwf.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\iifgFWMG.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\migspwrq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mlJArooP.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\moebckbv.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\rqRLfeCV.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wgsufe.dll (Trojan.Vundo) -> No action taken.
C:\Program Files\dynamic toolbar\batch.bat (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\unins000.dat (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\unins000.exe (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\go.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\home.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\parent_off.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\parent_on.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\popup_off.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\popup_on.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\search.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\services.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\skin.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\skin1.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\skin2.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\skin3.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\skin4.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\skin5.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\store.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\style.css (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\support.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\Cache\ticker.xml (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\go.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\home.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\logo_pb.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_off.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\parent_on.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\pbfrv2tb0200.cfg (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_off.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\popup_on.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\search.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\services.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin1.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin2.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin3.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin4.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\skin5.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\store.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\style.css (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\support.bmp (Adware.2020search) -> No action taken.
C:\Program Files\dynamic toolbar\PBFRV2\Cache\ticker.xml (Adware.2020search) -> No action taken.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> No action taken.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> No action taken.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\rhc3t8j0ej43\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3t8j0ej43\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3t8j0ej43\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3t8j0ej43\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3t8j0ej43\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3t8j0ej43\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3t8j0ej43\rhc3t8j0ej43.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3t8j0ej43\rhc3t8j0ej43.exe.local (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3t8j0ej43\Uninstall.exe (Rogue.Multiple) -> No action taken.
C:\WINDOWS\cookies.ini (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\WinCtrl32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> No action taken.
C:\WINDOWS\eqvwamkl.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\fdkowvbp.dll (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\grswptdl.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\blphc7t8j0ej43.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphc7t8j0ej43.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phc7t8j0ej43.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphc7t8j0ej43.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\lionel\Application Data\TmpRecentIcons\antivirus-2008pro.lnk (Rogue.Link) -> No action taken.
C:\Documents and Settings\lionel\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\lionel\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk (Rogue.Antivirus2008) -> No action taken.
C:\WINDOWS\Temp\BN1.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\BN2.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\lionel\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\Winfl84.sys (Rootkit.Agent) -> No action taken.

   
Répondre à colin du11

8

colin du11, le 29 jui 2008 à 21:20:48

(suite)
antivirus XP 2008 s' est calmé et dans tout les programmes c' est marqué "uninstall" ,est-ce dangereux d' essayer de le désinstaller

   
Répondre à colin du11

9

anthony5151, le 29 jui 2008 à 23:52:38

"No action taken"
==> tu as bien cliqué sur supprimer à la fin du scan de MalwareByte's ? Sinon il faut le refaire, le scan n'a servi à rien...

Sinon, poste un nouveau rapport hijackthis (tu peux essayer de désinstaller antivirus xp 2008 manuellement, mais ça ne supprimera pas l'infection...)


Si on vous aide pour désinfecter votre ordinateur, 
ne partez pas quand les symptômes disparaissent,
attendez qu'on vous dise que l'infection a été éradiquée

   
Répondre à anthony5151

10

colin du11, le 30 jui 2008 à 00:04:53

Oui j' ai "suprimmé la selection" et il m' a dit de redémarrer l' ordinateur

   
Répondre à colin du11

11

colin du11, le 30 jui 2008 à 00:06:39

Je te poste donc le rapport hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:05:52, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\All Users\Application Data\fojoxgvs\ruhaxmnk.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\fupgzmhu.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Orange\browser\browser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MntMsg] C:\WINDOWS\system32\fupgzmhu.exe
O4 - HKCU\..\Run: [InfoApi] C:\WINDOWS\system32\lmnmlwty.exe
O4 - HKCU\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKLM\..\Policies\Explorer\Run: [kb1OJiQPMN] C:\Documents and Settings\All Users\Application Data\fojoxgvs\ruhaxmnk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WinCtrl32 - C:\WINDOWS\SYSTEM32\WinCtrl32.dll
O20 - Winlogon Notify: yayxvvtT - yayxvvtT.dll (file missing)
O21 - SSODL: gendsc - {0C40E303-8DF4-42D0-C64D-0B758C9091A8} - C:\Program Files\kqhlpdd\gendsc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
End of file - 11272 bytes

   
Répondre à colin du11

12

anthony5151, le 30 jui 2008 à 00:35:29

Je vais me répéter, mais ton ordinateur est très infecté ! On va utiliser plusieurs programmes pour essayer de nettoyer tout ça... Il faudra être beaucoup plus vigilant à l'avenir (je te proposerai de l'aide pour améliorer la sécurité de ton ordinateur quand on aura terminé la désinfection)


télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.

• Puis, ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

• Enfin, copie/colle le contenu du fichier Report.txt ici, avec un nouveau log Hijackthis stp

Si on vous aide pour désinfecter votre ordinateur, 
ne partez pas quand les symptomes disparaissent,
attendez qu'on vous dise que l'infection a été éradiquée

   
Répondre à anthony5151

13

colin du11, le 30 jui 2008 à 12:43:48

Bonjour (encore merci de t' occuper de moi)
je t' envoie le rapport de SDFix mais pendant que SDFix travaillait une page s' affichait :
Sous-Système MS-DOS 16 bits
SDFix
C:/PROGRA~1/SYMANTEC/S32EVNT1.DLL .L' initialisation de la DLL d' un pilote de périphérique instalable a échoué.Choisissez "Fermer"pour mettre fin à l' aplication.
et donc à chaque fois que cette page apparaissait (une cinquantaine de fois) je faisait "fermer" mais tout s' est passer normalement a part ça

rapport SDFix


[b]SDFix: Version 1.209 /b
Run by lionel on 30/07/2008 at 12:18

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services /b:


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


[b]Checking Files /b:

Trojan Files Found:

C:\DOCUME~1\lionel\LOCALS~1\Temp\privacy_danger\index.htm - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\privacy_danger\images\capt.gif - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\privacy_danger\images\danger.jpg - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\privacy_danger\images\down.gif - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\privacy_danger\images\spacer.gif - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt12.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt14.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt16.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt19AA.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt1F.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt1FD9.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt26.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt3C.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt4D33.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.tt4D39.tmp - Deleted
C:\DOCUME~1\lionel\LOCALS~1\Temp\.ttA565.tmp - Deleted
C:\WINDOWS\system32\braviax.exe - Deleted
C:\WINDOWS\system32\WinCtrl32.dll - Deleted



Folder C:\DOCUME~1\lionel\LOCALS~1\Temp\privacy_danger - Removed


Removing Temp Files

[b]ADS Check /b:



[b]Final Check /b:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 12:25:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services /b:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\AOL 9.0\\aol.exe"="%ProgramFiles%\\AOL 9.0\\aol.exe:*:Enabled:AOL"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA"
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"="%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:PANDORA"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\APPS\\Inventime\\my.exe"="C:\\APPS\\Inventime\\my.exe:*:Enabled:INVENTIME"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"="C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe:*:enabled:CSS"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\TmUnitedForever\\TmForever.exe"="C:\\Program Files\\TmUnitedForever\\TmForever.exe:*:Enabled:TmForever"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMuleMorphXT"
"C:\\Program Files\\Orange\\Browser\\Browser.exe"="C:\\Program Files\\Orange\\Browser\\Browser.exe:*:Enabled:Browser"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[b]Remaining Files /b:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes /b:


[b]Finished!/b



et le rapport HIJACKTHIS


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:30:36, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Apps\Powercinema\PCMService.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\WINDOWS\system32\lmnmlwty.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ClickMe] C:\apps\ClickMe\ClickMe.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MntMsg] C:\WINDOWS\system32\fupgzmhu.exe
O4 - HKCU\..\Run: [InfoApi] C:\WINDOWS\system32\lmnmlwty.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O15 - Trusted Zone: http://www.orange.fr
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: yayxvvtT - yayxvvtT.dll (file missing)
O21 - SSODL: gendsc - {0C40E303-8DF4-42D0-C64D-0B758C9091A8} - C:\Program Files\kqhlpdd\gendsc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MysqlInventime - Unknown owner - c:\mysql\bin\mysqld-nt.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
End of file - 10696 bytes

   
Répondre à colin du11

14

anthony5151, le 30 jui 2008 à 12:48:28

Ok, maintenant on va utiliser Combofix. Attention, ce programme est puissant, il ne faut pas l'utiliser n'importe comment ! Fais exactement ce qui suit :


Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !) :
Fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " : dans la fenêtre qui s'ouvre tape C-Fix, choisis le bureau comme destination et valide : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

--------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
!! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation :
en effet , activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil ( voir planter le PC )...Tu les réactiveras donc après !!
---> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre ...
Tuto ici : http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
---------------------------------------------------------------------------------------------------------------------------------

Ensuite :
double-clique sur C-Fix.exe ( = combofix.exe ) .

Appuie sur la touche Y (Yes) pour démarrer le scan .

Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi.
---> si un message d'erreur windows apparait à un momment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

Si on vous aide pour désinfecter votre ordinateur, 
ne partez pas quand les symptomes disparaissent,
attendez qu'on vous dise que l'infection a été éradiquée

   
Répondre à anthony5151

15

colin du11, le 30 jui 2008 à 14:54:50

Oui mais comment désactiver avast!
-es-ce que les logiciels quetu m' as fais téléchargé pose problème pour combofix
-etc...

   
Répondre à colin du11

16

anthony5151, le 30 jui 2008 à 15:10:12

Pour Avast :
Clique du droit sur la boule bleu dans la barre des taches près de l'horloge, et clique sur "arrêter la protection résidente".

Les logiciels que je t'ai fait installer ne gênent pas.

Si on vous aide pour désinfecter votre ordinateur, 
ne partez pas quand les symptomes disparaissent,
attendez qu'on vous dise que l'infection a été éradiquée

   
Répondre à anthony5151

17

colin du11, le 30 jui 2008 à 18:24:50

Rebonjour
voiçi le rapport de Combofix

ComboFix 08-07-29.1 - lionel 2008-07-30 18:13:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.260 [GMT 2:00]
Endroit: C:\Documents and Settings\lionel\Bureau\C-Fix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\angslylk.ini
C:\WINDOWS\system32\GOYcLRqr.ini
C:\WINDOWS\system32\GOYcLRqr.ini2
C:\WINDOWS\system32\LoXyJkkj.ini
C:\WINDOWS\system32\LoXyJkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\PrYxayxx.ini
C:\WINDOWS\system32\PrYxayxx.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 12:13 . 2008-07-30 12:13 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-30 12:01 . 2008-07-30 12:27 <REP> d-------- C:\SDFix
2008-07-29 22:32 . 2008-07-29 22:32 268 --ah----- C:\sqmdata00.sqm
2008-07-29 22:32 . 2008-07-29 22:32 244 --ah----- C:\sqmnoopt00.sqm
2008-07-29 22:27 . 2008-07-29 22:27 126 --a------ C:\Documents and Settings\lionel\delself.bat
2008-07-29 22:26 . 2008-07-29 22:26 42,496 --a------ C:\WINDOWS\system32\tslktktc.exe
2008-07-29 20:56 . 2008-07-29 20:56 86,016 --a------ C:\WINDOWS\system32\lmnmlwty.exe
2008-07-29 19:34 . 2008-07-29 19:34 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Malwarebytes
2008-07-29 19:34 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 19:34 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 19:33 . 2008-07-29 19:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 19:33 . 2008-07-29 19:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 19:12 . 2008-07-28 19:30 <REP> d-------- C:\Program Files\I-Fluid Demo
2008-07-28 16:39 . 2008-07-28 16:39 <REP> d-------- C:\ComboFix
2008-07-28 16:27 . 2008-07-28 17:40 3,742 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-28 15:44 . 2008-07-28 15:44 <REP> d-------- C:\Program Files\Trend Micro
2008-07-28 14:23 . 2008-07-28 14:23 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-27 15:26 . 2008-07-27 15:42 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-27 10:56 . 2008-07-27 10:56 <REP> d-------- C:\Program Files\kqhlpdd
2008-07-27 10:55 . 2008-07-27 10:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\fojoxgvs
2008-07-27 10:55 . 2008-07-27 10:55 94,208 --a------ C:\WINDOWS\system32\fupgzmhu.exe
2008-07-26 14:33 . 2008-07-30 16:19 <REP> d-------- C:\Documents and Settings\lionel\Application Data\skypePM
2008-07-26 14:33 . 2008-07-26 14:33 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-26 14:30 . 2008-07-26 14:30 <REP> d-------- C:\Program Files\Skype
2008-07-26 14:30 . 2008-07-26 14:30 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-07-26 14:30 . 2008-07-30 17:53 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Skype
2008-07-26 14:30 . 2008-07-26 14:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-25 19:22 . 2008-07-25 19:24 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Media Player Classic
2008-07-25 19:20 . 2008-07-25 19:20 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-25 19:20 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-24 23:33 . 2008-07-24 23:35 <REP> d-------- C:\Program Files\Dofus
2008-07-10 23:13 . 2008-07-10 23:13 <REP> d-------- C:\Program Files\VideoLAN
2008-07-10 23:13 . 2008-07-10 23:13 <REP> d-------- C:\Documents and Settings\lionel\Application Data\vlc
2008-07-10 15:05 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-10 15:04 . 2008-07-10 15:04 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-10 15:01 . 2008-07-10 15:02 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-07-10 15:01 . 2008-07-10 15:01 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-07-09 22:30 . 2008-07-29 21:29 <REP> d-------- C:\Program Files\eMule
2008-07-04 17:58 . 2008-07-27 10:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-04 17:58 . 2008-07-04 17:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-03 20:08 . 2008-07-03 20:08 <REP> d-------- C:\Media
2008-07-03 19:21 . 2008-07-03 19:21 24,439 --a------ C:\updatejpegprocessing.docx
2008-07-02 21:00 . 2008-07-02 21:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-02 20:21 . 2008-07-02 20:21 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-07-02 20:21 . 2008-07-02 20:21 <REP> d-------- C:\WINDOWS\Profiles
2008-07-02 20:21 . 2008-07-16 09:18 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-07-02 20:21 . 2008-07-02 20:21 <REP> d-------- C:\Documents and Settings\lionel\Application Data\InterTrust
2008-07-02 20:21 . 2000-05-22 10:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-07-02 20:21 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-07-02 20:12 . 2008-07-02 20:21 <REP> d-------- C:\Program Files\Creative
2008-07-02 19:00 . 2008-07-02 19:00 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-07-02 12:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-02 12:36 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-02 12:36 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-01 21:56 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-07-01 21:56 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-07-01 21:56 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-07-01 21:56 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-07-01 21:55 . 2008-07-01 21:55 <REP> d-------- C:\Program Files\Logitech
2008-07-01 21:55 . 2008-07-01 21:56 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-07-01 21:04 . 2008-07-01 21:04 <REP> d-------- C:\Program Files\Yahoo!
2008-07-01 21:04 . 2008-07-01 21:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-01 20:24 . 2008-07-29 22:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-01 20:10 . 2008-07-01 20:10 <REP> d---s---- C:\Documents and Settings\lionel\UserData
2008-07-01 20:04 . 2008-07-22 12:46 <REP> d-------- C:\Documents and Settings\lionel\Contacts
2008-07-01 20:00 . 2008-07-01 20:00 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-01 19:05 . 2008-07-01 19:05 <REP> d-------- C:\Program Files\Alwil Software
2008-07-01 19:04 . 2008-07-01 19:04 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-01 18:45 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2008-07-01 18:45 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-07-01 18:45 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-07-01 18:45 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2008-07-01 18:44 . 2008-07-01 18:46 <REP> d-------- C:\Program Files\Orange
2008-07-01 18:44 . 2008-07-01 18:44 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2008-07-01 18:44 . 2003-03-19 04:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-07-01 18:40 . 2008-07-01 18:40 <REP> d-------- C:\Program Files\Securitoo
2008-07-01 18:40 . 2008-07-01 18:40 <REP> d-------- C:\Program Files\SAGEM
2008-07-01 18:40 . 2008-07-01 18:40 <REP> d-------- C:\Documents and Settings\lionel\Application Data\InstallShield
2008-07-01 18:36 . 2008-07-28 16:04 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-01 18:33 . 2008-07-01 18:33 <REP> d-------- C:\WINDOWS\Sun
2008-07-01 18:07 . 2008-07-23 22:40 <REP> d-------- C:\Program Files\Windows Live
2008-07-01 18:07 . 2008-07-01 18:18 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-01 18:07 . 2008-07-10 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-01 17:55 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-01 17:55 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 17:54 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-01 17:51 . 2008-05-08 14:28 202,752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-01 17:43 . 2008-07-01 17:44 <REP> d-------- C:\Program Files\Google
2008-07-01 17:30 . 2008-07-01 17:38 <REP> d-------- C:\Program Files\TmUnitedForever
2008-07-01 17:28 . 2008-07-09 15:06 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-01 17:28 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-01 17:25 . 2008-07-01 17:25 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-01 17:25 . 2008-07-01 17:25 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-01 17:25 . 2008-07-01 17:25 73,728 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-07-01 17:25 . 2008-07-01 17:25 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d--h----- C:\Documents and Settings\lionel\Voisinage r‚seau
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d--h----- C:\Documents and Settings\lionel\Voisinage d'impression
2008-07-01 17:24 . 2008-07-02 02:10 <REP> d--h----- C:\Documents and Settings\lionel\ModŠles
2008-07-01 17:24 . 2008-07-28 14:55 <REP> dr------- C:\Documents and Settings\lionel\Mes documents
2008-07-01 17:24 . 2008-07-02 02:10 <REP> dr------- C:\Documents and Settings\lionel\Menu D‚marrer
2008-07-01 17:24 . 2008-07-28 16:41 <REP> dr------- C:\Documents and Settings\lionel\Favoris
2008-07-01 17:24 . 2008-07-30 18:17 <REP> dr------- C:\Documents and Settings\lionel\Bureau
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d-------- C:\Documents and Settings\lionel\Application Data\You've Got Pictures Screensaver
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Symantec
2008-07-01 17:24 . 2008-07-30 18:15 <REP> d-------- C:\Documents and Settings\lionel
2008-07-01 17:24 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 16:17 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-27 14:49 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-27 14:43 --------- d-----w C:\Program Files\Symantec
2008-07-02 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-02 00:11 --------- d-----w C:\Program Files\Services en ligne
2008-07-02 00:11 --------- d-----w C:\Program Files\QuickTime
2008-07-02 00:10 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-07-02 00:10 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-07-02 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-07-02 00:09 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-07-02 00:09 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-07-01 19:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-01 16:24 --------- d-----w C:\Program Files\Microsoft Works
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"MntMsg"="C:\WINDOWS\system32\fupgzmhu.exe" [2008-07-27 10:55 94208]
"InfoApi"="C:\WINDOWS\system32\lmnmlwty.exe" [2008-07-29 20:56 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-09-09 12:00 70800]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-09-15 22:17 81920]
"ClickMe"="C:\apps\ClickMe\ClickMe.exe" [2004-02-23 17:58 135168]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-18 20:22 98304]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-18 20:26 180269]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 77824 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 2557952 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gendsc"= {0C40E303-8DF4-42D0-C64D-0B758C9091A8} - C:\Program Files\kqhlpdd\gendsc.dll [2008-07-27 10:56 106496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd84.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Orange\\Browser\\Browser.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S0 Windj84;Windj84;C:\WINDOWS\system32\Drivers\Windj84.sys []
S0 Winfl84;Winfl84;C:\WINDOWS\system32\Drivers\Winfl84.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - C:\WINDOWS\system32\yayxvvtT.dll
Notify-yayxvvtT - yayxvvtT.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 18:17:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-30 18:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 16:19:29

Pre-Run: 130,384,220,160 octets libres
Post-Run: 130,411,618,304 octets libres

274 --- E O F --- 2008-07-23 20:40:33

   
Répondre à colin du11

18

colin du11, le 30 jui 2008 à 18:27:19

Rebonjour,
je t' envoie le rapport de Combofix


ComboFix 08-07-29.1 - lionel 2008-07-30 18:13:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.260 [GMT 2:00]
Endroit: C:\Documents and Settings\lionel\Bureau\C-Fix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\angslylk.ini
C:\WINDOWS\system32\GOYcLRqr.ini
C:\WINDOWS\system32\GOYcLRqr.ini2
C:\WINDOWS\system32\LoXyJkkj.ini
C:\WINDOWS\system32\LoXyJkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\PrYxayxx.ini
C:\WINDOWS\system32\PrYxayxx.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 12:13 . 2008-07-30 12:13 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-30 12:01 . 2008-07-30 12:27 <REP> d-------- C:\SDFix
2008-07-29 22:32 . 2008-07-29 22:32 268 --ah----- C:\sqmdata00.sqm
2008-07-29 22:32 . 2008-07-29 22:32 244 --ah----- C:\sqmnoopt00.sqm
2008-07-29 22:27 . 2008-07-29 22:27 126 --a------ C:\Documents and Settings\lionel\delself.bat
2008-07-29 22:26 . 2008-07-29 22:26 42,496 --a------ C:\WINDOWS\system32\tslktktc.exe
2008-07-29 20:56 . 2008-07-29 20:56 86,016 --a------ C:\WINDOWS\system32\lmnmlwty.exe
2008-07-29 19:34 . 2008-07-29 19:34 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Malwarebytes
2008-07-29 19:34 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 19:34 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 19:33 . 2008-07-29 19:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 19:33 . 2008-07-29 19:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 19:12 . 2008-07-28 19:30 <REP> d-------- C:\Program Files\I-Fluid Demo
2008-07-28 16:39 . 2008-07-28 16:39 <REP> d-------- C:\ComboFix
2008-07-28 16:27 . 2008-07-28 17:40 3,742 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-28 15:44 . 2008-07-28 15:44 <REP> d-------- C:\Program Files\Trend Micro
2008-07-28 14:23 . 2008-07-28 14:23 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-27 15:26 . 2008-07-27 15:42 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-27 10:56 . 2008-07-27 10:56 <REP> d-------- C:\Program Files\kqhlpdd
2008-07-27 10:55 . 2008-07-27 10:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\fojoxgvs
2008-07-27 10:55 . 2008-07-27 10:55 94,208 --a------ C:\WINDOWS\system32\fupgzmhu.exe
2008-07-26 14:33 . 2008-07-30 16:19 <REP> d-------- C:\Documents and Settings\lionel\Application Data\skypePM
2008-07-26 14:33 . 2008-07-26 14:33 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-26 14:30 . 2008-07-26 14:30 <REP> d-------- C:\Program Files\Skype
2008-07-26 14:30 . 2008-07-26 14:30 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-07-26 14:30 . 2008-07-30 17:53 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Skype
2008-07-26 14:30 . 2008-07-26 14:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-25 19:22 . 2008-07-25 19:24 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Media Player Classic
2008-07-25 19:20 . 2008-07-25 19:20 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-25 19:20 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-24 23:33 . 2008-07-24 23:35 <REP> d-------- C:\Program Files\Dofus
2008-07-10 23:13 . 2008-07-10 23:13 <REP> d-------- C:\Program Files\VideoLAN
2008-07-10 23:13 . 2008-07-10 23:13 <REP> d-------- C:\Documents and Settings\lionel\Application Data\vlc
2008-07-10 15:05 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-10 15:04 . 2008-07-10 15:04 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-10 15:01 . 2008-07-10 15:02 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-07-10 15:01 . 2008-07-10 15:01 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-07-09 22:30 . 2008-07-29 21:29 <REP> d-------- C:\Program Files\eMule
2008-07-04 17:58 . 2008-07-27 10:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-04 17:58 . 2008-07-04 17:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-03 20:08 . 2008-07-03 20:08 <REP> d-------- C:\Media
2008-07-03 19:21 . 2008-07-03 19:21 24,439 --a------ C:\updatejpegprocessing.docx
2008-07-02 21:00 . 2008-07-02 21:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-02 20:21 . 2008-07-02 20:21 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-07-02 20:21 . 2008-07-02 20:21 <REP> d-------- C:\WINDOWS\Profiles
2008-07-02 20:21 . 2008-07-16 09:18 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-07-02 20:21 . 2008-07-02 20:21 <REP> d-------- C:\Documents and Settings\lionel\Application Data\InterTrust
2008-07-02 20:21 . 2000-05-22 10:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-07-02 20:21 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-07-02 20:12 . 2008-07-02 20:21 <REP> d-------- C:\Program Files\Creative
2008-07-02 19:00 . 2008-07-02 19:00 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-07-02 12:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-02 12:36 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-02 12:36 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-01 21:56 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-07-01 21:56 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-07-01 21:56 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-07-01 21:56 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-07-01 21:55 . 2008-07-01 21:55 <REP> d-------- C:\Program Files\Logitech
2008-07-01 21:55 . 2008-07-01 21:56 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-07-01 21:04 . 2008-07-01 21:04 <REP> d-------- C:\Program Files\Yahoo!
2008-07-01 21:04 . 2008-07-01 21:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-01 20:24 . 2008-07-29 22:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-01 20:10 . 2008-07-01 20:10 <REP> d---s---- C:\Documents and Settings\lionel\UserData
2008-07-01 20:04 . 2008-07-22 12:46 <REP> d-------- C:\Documents and Settings\lionel\Contacts
2008-07-01 20:00 . 2008-07-01 20:00 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-01 19:05 . 2008-07-01 19:05 <REP> d-------- C:\Program Files\Alwil Software
2008-07-01 19:04 . 2008-07-01 19:04 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-01 18:45 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2008-07-01 18:45 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-07-01 18:45 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-07-01 18:45 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2008-07-01 18:44 . 2008-07-01 18:46 <REP> d-------- C:\Program Files\Orange
2008-07-01 18:44 . 2008-07-01 18:44 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2008-07-01 18:44 . 2003-03-19 04:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-07-01 18:40 . 2008-07-01 18:40 <REP> d-------- C:\Program Files\Securitoo
2008-07-01 18:40 . 2008-07-01 18:40 <REP> d-------- C:\Program Files\SAGEM
2008-07-01 18:40 . 2008-07-01 18:40 <REP> d-------- C:\Documents and Settings\lionel\Application Data\InstallShield
2008-07-01 18:36 . 2008-07-28 16:04 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-01 18:33 . 2008-07-01 18:33 <REP> d-------- C:\WINDOWS\Sun
2008-07-01 18:07 . 2008-07-23 22:40 <REP> d-------- C:\Program Files\Windows Live
2008-07-01 18:07 . 2008-07-01 18:18 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-01 18:07 . 2008-07-10 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-01 17:55 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-01 17:55 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 17:54 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-01 17:51 . 2008-05-08 14:28 202,752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-01 17:43 . 2008-07-01 17:44 <REP> d-------- C:\Program Files\Google
2008-07-01 17:30 . 2008-07-01 17:38 <REP> d-------- C:\Program Files\TmUnitedForever
2008-07-01 17:28 . 2008-07-09 15:06 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-01 17:28 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-01 17:25 . 2008-07-01 17:25 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-01 17:25 . 2008-07-01 17:25 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-01 17:25 . 2008-07-01 17:25 73,728 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-07-01 17:25 . 2008-07-01 17:25 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d--h----- C:\Documents and Settings\lionel\Voisinage r‚seau
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d--h----- C:\Documents and Settings\lionel\Voisinage d'impression
2008-07-01 17:24 . 2008-07-02 02:10 <REP> d--h----- C:\Documents and Settings\lionel\ModŠles
2008-07-01 17:24 . 2008-07-28 14:55 <REP> dr------- C:\Documents and Settings\lionel\Mes documents
2008-07-01 17:24 . 2008-07-02 02:10 <REP> dr------- C:\Documents and Settings\lionel\Menu D‚marrer
2008-07-01 17:24 . 2008-07-28 16:41 <REP> dr------- C:\Documents and Settings\lionel\Favoris
2008-07-01 17:24 . 2008-07-30 18:17 <REP> dr------- C:\Documents and Settings\lionel\Bureau
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d-------- C:\Documents and Settings\lionel\Application Data\You've Got Pictures Screensaver
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Symantec
2008-07-01 17:24 . 2008-07-30 18:15 <REP> d-------- C:\Documents and Settings\lionel
2008-07-01 17:24 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 16:17 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-27 14:49 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-27 14:43 --------- d-----w C:\Program Files\Symantec
2008-07-02 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-02 00:11 --------- d-----w C:\Program Files\Services en ligne
2008-07-02 00:11 --------- d-----w C:\Program Files\QuickTime
2008-07-02 00:10 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-07-02 00:10 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-07-02 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-07-02 00:09 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-07-02 00:09 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-07-01 19:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-01 16:24 --------- d-----w C:\Program Files\Microsoft Works
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"MntMsg"="C:\WINDOWS\system32\fupgzmhu.exe" [2008-07-27 10:55 94208]
"InfoApi"="C:\WINDOWS\system32\lmnmlwty.exe" [2008-07-29 20:56 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-09-09 12:00 70800]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-09-15 22:17 81920]
"ClickMe"="C:\apps\ClickMe\ClickMe.exe" [2004-02-23 17:58 135168]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-18 20:22 98304]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-18 20:26 180269]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 77824 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 2557952 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gendsc"= {0C40E303-8DF4-42D0-C64D-0B758C9091A8} - C:\Program Files\kqhlpdd\gendsc.dll [2008-07-27 10:56 106496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd84.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Orange\\Browser\\Browser.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S0 Windj84;Windj84;C:\WINDOWS\system32\Drivers\Windj84.sys []
S0 Winfl84;Winfl84;C:\WINDOWS\system32\Drivers\Winfl84.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - C:\WINDOWS\system32\yayxvvtT.dll
Notify-yayxvvtT - yayxvvtT.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 18:17:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-30 18:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 16:19:29

Pre-Run: 130,384,220,160 octets libres
Post-Run: 130,411,618,304 octets libres

274 --- E O F --- 2008-07-23 20:40:33

   
Répondre à colin du11

19

colin du11, le 30 jui 2008 à 18:29:45

Rebonjour,
voiçi le rapport de Combofix

ComboFix 08-07-29.1 - lionel 2008-07-30 18:13:28.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.260 [GMT 2:00]
Endroit: C:\Documents and Settings\lionel\Bureau\C-Fix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\angslylk.ini
C:\WINDOWS\system32\GOYcLRqr.ini
C:\WINDOWS\system32\GOYcLRqr.ini2
C:\WINDOWS\system32\LoXyJkkj.ini
C:\WINDOWS\system32\LoXyJkkj.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\PrYxayxx.ini
C:\WINDOWS\system32\PrYxayxx.ini2

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-30 12:13 . 2008-07-30 12:13 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-30 12:01 . 2008-07-30 12:27 <REP> d-------- C:\SDFix
2008-07-29 22:32 . 2008-07-29 22:32 268 --ah----- C:\sqmdata00.sqm
2008-07-29 22:32 . 2008-07-29 22:32 244 --ah----- C:\sqmnoopt00.sqm
2008-07-29 22:27 . 2008-07-29 22:27 126 --a------ C:\Documents and Settings\lionel\delself.bat
2008-07-29 22:26 . 2008-07-29 22:26 42,496 --a------ C:\WINDOWS\system32\tslktktc.exe
2008-07-29 20:56 . 2008-07-29 20:56 86,016 --a------ C:\WINDOWS\system32\lmnmlwty.exe
2008-07-29 19:34 . 2008-07-29 19:34 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Malwarebytes
2008-07-29 19:34 . 2008-07-23 20:09 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-29 19:34 . 2008-07-23 20:09 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-29 19:33 . 2008-07-29 19:34 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-29 19:33 . 2008-07-29 19:33 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-28 19:12 . 2008-07-28 19:30 <REP> d-------- C:\Program Files\I-Fluid Demo
2008-07-28 16:39 . 2008-07-28 16:39 <REP> d-------- C:\ComboFix
2008-07-28 16:27 . 2008-07-28 17:40 3,742 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-28 15:44 . 2008-07-28 15:44 <REP> d-------- C:\Program Files\Trend Micro
2008-07-28 14:23 . 2008-07-28 14:23 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-07-27 15:26 . 2008-07-27 15:42 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-07-27 10:56 . 2008-07-27 10:56 <REP> d-------- C:\Program Files\kqhlpdd
2008-07-27 10:55 . 2008-07-27 10:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\fojoxgvs
2008-07-27 10:55 . 2008-07-27 10:55 94,208 --a------ C:\WINDOWS\system32\fupgzmhu.exe
2008-07-26 14:33 . 2008-07-30 16:19 <REP> d-------- C:\Documents and Settings\lionel\Application Data\skypePM
2008-07-26 14:33 . 2008-07-26 14:33 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-07-26 14:30 . 2008-07-26 14:30 <REP> d-------- C:\Program Files\Skype
2008-07-26 14:30 . 2008-07-26 14:30 <REP> d-------- C:\Program Files\Fichiers communs\Skype
2008-07-26 14:30 . 2008-07-30 17:53 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Skype
2008-07-26 14:30 . 2008-07-26 14:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-25 19:22 . 2008-07-25 19:24 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Media Player Classic
2008-07-25 19:20 . 2008-07-25 19:20 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2008-07-25 19:20 . 2007-09-04 18:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-07-24 23:33 . 2008-07-24 23:35 <REP> d-------- C:\Program Files\Dofus
2008-07-10 23:13 . 2008-07-10 23:13 <REP> d-------- C:\Program Files\VideoLAN
2008-07-10 23:13 . 2008-07-10 23:13 <REP> d-------- C:\Documents and Settings\lionel\Application Data\vlc
2008-07-10 15:05 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-07-10 15:04 . 2008-07-10 15:04 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-10 15:01 . 2008-07-10 15:02 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-07-10 15:01 . 2008-07-10 15:01 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-07-09 22:30 . 2008-07-29 21:29 <REP> d-------- C:\Program Files\eMule
2008-07-04 17:58 . 2008-07-27 10:55 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-04 17:58 . 2008-07-04 17:58 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-03 20:08 . 2008-07-03 20:08 <REP> d-------- C:\Media
2008-07-03 19:21 . 2008-07-03 19:21 24,439 --a------ C:\updatejpegprocessing.docx
2008-07-02 21:00 . 2008-07-02 21:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-02 20:21 . 2008-07-02 20:21 <REP> d-------- C:\WINDOWS\system32\Adobe
2008-07-02 20:21 . 2008-07-02 20:21 <REP> d-------- C:\WINDOWS\Profiles
2008-07-02 20:21 . 2008-07-16 09:18 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2008-07-02 20:21 . 2008-07-02 20:21 <REP> d-------- C:\Documents and Settings\lionel\Application Data\InterTrust
2008-07-02 20:21 . 2000-05-22 10:58 647,872 --------- C:\WINDOWS\system32\Mscomct2.ocx
2008-07-02 20:21 . 1999-10-11 03:00 41,984 --------- C:\WINDOWS\Ctregrun.exe
2008-07-02 20:12 . 2008-07-02 20:21 <REP> d-------- C:\Program Files\Creative
2008-07-02 19:00 . 2008-07-02 19:00 <REP> d-------- C:\WINDOWS\system32\NtmsData
2008-07-02 12:36 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-02 12:36 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-02 12:36 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-01 21:56 . 2004-04-14 11:08 44,064 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2008-07-01 21:56 . 2004-04-14 11:08 21,280 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2008-07-01 21:56 . 2004-04-14 11:08 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2008-07-01 21:56 . 2004-04-14 11:08 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2008-07-01 21:55 . 2008-07-01 21:55 <REP> d-------- C:\Program Files\Logitech
2008-07-01 21:55 . 2008-07-01 21:56 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2008-07-01 21:04 . 2008-07-01 21:04 <REP> d-------- C:\Program Files\Yahoo!
2008-07-01 21:04 . 2008-07-01 21:04 <REP> d-------- C:\Program Files\CCleaner
2008-07-01 20:24 . 2008-07-29 22:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-01 20:10 . 2008-07-01 20:10 <REP> d---s---- C:\Documents and Settings\lionel\UserData
2008-07-01 20:04 . 2008-07-22 12:46 <REP> d-------- C:\Documents and Settings\lionel\Contacts
2008-07-01 20:00 . 2008-07-01 20:00 <REP> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-01 19:05 . 2008-07-01 19:05 <REP> d-------- C:\Program Files\Alwil Software
2008-07-01 19:04 . 2008-07-01 19:04 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-01 18:45 . 2006-03-01 19:53 94,208 --a------ C:\WINDOWS\system32\w32n50.dll
2008-07-01 18:45 . 2007-09-25 19:31 65,536 --a------ C:\WINDOWS\system32\Autodial2000.dll
2008-07-01 18:45 . 2003-09-23 11:38 34,688 --a------ C:\WINDOWS\system32\pcampr5.sys
2008-07-01 18:45 . 2006-03-01 19:53 32,128 --a------ C:\WINDOWS\system32\pcandis5.sys
2008-07-01 18:44 . 2008-07-01 18:46 <REP> d-------- C:\Program Files\Orange
2008-07-01 18:44 . 2008-07-01 18:44 <REP> d-------- C:\Program Files\Fichiers communs\France Telecom
2008-07-01 18:44 . 2003-03-19 04:05 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-07-01 18:40 . 2008-07-01 18:40 <REP> d-------- C:\Program Files\Securitoo
2008-07-01 18:40 . 2008-07-01 18:40 <REP> d-------- C:\Program Files\SAGEM
2008-07-01 18:40 . 2008-07-01 18:40 <REP> d-------- C:\Documents and Settings\lionel\Application Data\InstallShield
2008-07-01 18:36 . 2008-07-28 16:04 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-01 18:33 . 2008-07-01 18:33 <REP> d-------- C:\WINDOWS\Sun
2008-07-01 18:07 . 2008-07-23 22:40 <REP> d-------- C:\Program Files\Windows Live
2008-07-01 18:07 . 2008-07-01 18:18 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-01 18:07 . 2008-07-10 15:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-01 17:55 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-01 17:55 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-01 17:54 . 2007-07-09 15:11 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-07-01 17:51 . 2008-05-08 14:28 202,752 --------- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-01 17:43 . 2008-07-01 17:44 <REP> d-------- C:\Program Files\Google
2008-07-01 17:30 . 2008-07-01 17:38 <REP> d-------- C:\Program Files\TmUnitedForever
2008-07-01 17:28 . 2008-07-09 15:06 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-01 17:28 . 2006-10-16 16:10 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-01 17:25 . 2008-07-01 17:25 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-07-01 17:25 . 2008-07-01 17:25 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-07-01 17:25 . 2008-07-01 17:25 73,728 --a------ C:\WINDOWS\ALCFDRTM.VER
2008-07-01 17:25 . 2008-07-01 17:25 73,728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d--h----- C:\Documents and Settings\lionel\Voisinage r‚seau
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d--h----- C:\Documents and Settings\lionel\Voisinage d'impression
2008-07-01 17:24 . 2008-07-02 02:10 <REP> d--h----- C:\Documents and Settings\lionel\ModŠles
2008-07-01 17:24 . 2008-07-28 14:55 <REP> dr------- C:\Documents and Settings\lionel\Mes documents
2008-07-01 17:24 . 2008-07-02 02:10 <REP> dr------- C:\Documents and Settings\lionel\Menu D‚marrer
2008-07-01 17:24 . 2008-07-28 16:41 <REP> dr------- C:\Documents and Settings\lionel\Favoris
2008-07-01 17:24 . 2008-07-30 18:17 <REP> dr------- C:\Documents and Settings\lionel\Bureau
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d-------- C:\Documents and Settings\lionel\Application Data\You've Got Pictures Screensaver
2008-07-01 17:24 . 2008-07-02 02:08 <REP> d-------- C:\Documents and Settings\lionel\Application Data\Symantec
2008-07-01 17:24 . 2008-07-30 18:15 <REP> d-------- C:\Documents and Settings\lionel
2008-07-01 17:24 . 2004-08-05 14:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-20 19:41 . 2008-06-20 19:41 247,808 --------- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 12:44 . 2008-06-20 12:44 138,368 --------- C:\WINDOWS\system32\dllcache\afd.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 16:17 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-07-27 14:49 --------- d-----w C:\Program Files\Norton Internet Security
2008-07-27 14:43 --------- d-----w C:\Program Files\Symantec
2008-07-02 18:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-02 00:11 --------- d-----w C:\Program Files\Services en ligne
2008-07-02 00:11 --------- d-----w C:\Program Files\QuickTime
2008-07-02 00:10 --------- d-----w C:\Program Files\Fichiers communs\SureThing Shared
2008-07-02 00:10 --------- d-----w C:\Program Files\Fichiers communs\Sonic Shared
2008-07-02 00:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-07-02 00:09 --------- d-----w C:\Program Files\Fichiers communs\aolshare
2008-07-02 00:09 --------- d-----w C:\Program Files\Fichiers communs\AOL
2008-07-01 19:54 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-01 16:24 --------- d-----w C:\Program Files\Microsoft Works
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 15:54 21718312]
"MntMsg"="C:\WINDOWS\system32\fupgzmhu.exe" [2008-07-27 10:55 94208]
"InfoApi"="C:\WINDOWS\system32\lmnmlwty.exe" [2008-07-29 20:56 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 14:00 455168]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe" [2004-06-03 22:05 32881]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2003-09-09 12:00 70800]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2004-09-15 22:17 81920]
"ClickMe"="C:\apps\ClickMe\ClickMe.exe" [2004-02-23 17:58 135168]
"SystrayORAHSS"="C:\Program Files\Orange\Systray\SystrayApp.exe" [2007-09-25 20:08 94208]
"ORAHSSSessionManager"="C:\Program Files\Orange\SessionManager\SessionManager.exe" [2007-09-25 19:10 102400]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-18 20:22 98304]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2004-10-18 20:26 180269]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 15:10 61952 C:\WINDOWS\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-09-10 18:29 77824 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2004-09-15 11:20 2557952 C:\WINDOWS\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"gendsc"= {0C40E303-8DF4-42D0-C64D-0B758C9091A8} - C:\Program Files\kqhlpdd\gendsc.dll [2008-07-27 10:56 106496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winci40.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windj84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl84.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winfl85.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx41.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta16.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winta38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winwd84.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Orange\\Browser\\Browser.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S0 Windj84;Windj84;C:\WINDOWS\system32\Drivers\Windj84.sys []
S0 Winfl84;Winfl84;C:\WINDOWS\system32\Drivers\Winfl84.sys []
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{39DC821C-FE03-415F-8F47-B50ADA5D7D1A} - C:\WINDOWS\system32\yayxvvtT.dll
Notify-yayxvvtT - yayxvvtT.dll


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 18:17:17
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\mysql\bin\mysqld-nt MysqlInventime"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\[u]0/u\FTRTSVC.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jucheck.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\AlertModule\[u]0/u\AlertModule.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-30 18:19:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-30 16:19:29

Pre-Run: 130,384,220,160 octets libres
Post-Run: 130,411,618,304 octets libres

274 --- E O F --- 2008-07-23 20:40:33

   
Répondre à colin du11
39 réponses 12 Suivant
Posez votre question Répondre
Ils ont besoin de votre aide
Collection CommentÇaMarche.net