Sujet Précédent Sujet Suivant

PC infecte par cheval de troie

Fermé
TOMSNOW - 30 nov. 2007 à 13:39
 TOMSNOW - 2 déc. 2007 à 18:32
Bonjour,

Je viens de recevoir une alerte Avast concernant la présence sur mon Pc d'un Cheval de Troie. Depuis mon Pc est complétement instable! Pouvez m'aider s'il vous plaît?
Merci d'avance.
Voici le rapport Hijack This:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:06:03, on 30/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SecCenter\scprot4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\TOM\Bureau\NETTOYAGE\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {343B8228-617E-4342-840B-0057E20D3003} - C:\WINDOWS\system32\tuvurqo.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {8CE1F2D7-C980-47E8-B22B-BDBDF0DF44BB} - C:\WINDOWS\system32\pmnll.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [zsfizsji] rundll32.exe "C:\Program Files\zsfizsji\huhqlmds.dll",Init
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [Cld2000.exe] C:\Program Files\Calendrier\Cld2000.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crehcjid - C:\WINDOWS\SYSTEM32\crehcjid.dll
O20 - Winlogon Notify: tuvurqo - C:\WINDOWS\SYSTEM32\tuvurqo.dll
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\SYSTEM32\winkve32.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Droppix Service - Unknown owner - C:\Program Files\Fichiers communs\Droppix\DxService.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:

51 réponses

Précédent
Réponse 41 / 51
TOMSNOW
1 déc. 2007 à 10:16
Salut g!rly, désolé de ne reprendre contac avec toi que maintenant, mais comme un probleme ne viens jamais seul, j'ai perdu hier soir ma connexion internet!!! Les joies de NEUF! Je viens tout juste de la récupérer alors j'en profites pour te tenir au courant: j'ai bien désinstalleré avast puis installé Antivir, suf que depuis, je ne peux plus rien faire sans que l'antivirus pète les plomps, il me signale constamment la présence de virus! Je deviens fou. Que faire? Crois tu que je vais m'en sortir?
Merci encore pour ta patience et toute ton aide
0
Réponse 42 / 51
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
1 déc. 2007 à 14:57
salut tomsnow,

peux tu faire un scan complet si possible en mode sans echec avec antivir et poster le rapport ici stp

configuration :

une fois antivir ouvert click sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite puis dans la nouvelle fenetre a gauche >scanner > scan all files et en dessous >scanner priority = High
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

@+
0
Réponse 43 / 51
TOMSNOW
2 déc. 2007 à 14:06
Salut G!rly,

Décidémment je commence àdevenir fou!!!! Je viens seulement de récupérer un semblant de connexion donc j'en profites pour te faire part de l'évolution: je ne peux plus rien faire sans que antivir péte les plombs! J'ai dû le désactiver pour pouvoir accéder au net. J'ai fait le scan antivir dont tu trouveras le rapport. Sinon maintenant j'ai des tas de pubs du style "security center " qui s'affichent. J'en ai marre!!!!!!! Merci encore pour ton coup de main.

AntiVir PersonalEdition Classic
Report file date: dimanche 2 décembre 2007 12:25

Scanning for 955520 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BLUETONE-22E633

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.1.30 1575424 Bytes 30/11/2007 11:13:44
ANTIVIR3.VDF : 7.0.1.31 2048 Bytes 30/11/2007 11:13:44
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 02/12/2007 11:13:44
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 2 décembre 2007 12:25

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\explorer.exe'
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'PAStiSvc.exe' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CTSVCCDA.EXE' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'Cld2000.exe' - '1' Module(s) have been scanned
Scan process 'RcMan.exe' - '1' Module(s) have been scanned
Scan process 'lxbkbmon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ashDisp.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'lxbkbmgr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'explorer.exe' has been terminated
C:\WINDOWS\explorer.exe
[DETECTION] Is the Trojan horse TR/Patched.Explor.B
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!

50 processes with 49 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\crehcjid.dll
[DETECTION] Is the Trojan horse TR/SpamBot.AD
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\crehcjid.dll
[DETECTION] Is the Trojan horse TR/SpamBot.AD
C:\WINDOWS\system32\winkve32.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\winkve32.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen

The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00001.dll
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was moved to '47bf9a9b.qua'!
C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\ibm00002.dll
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was moved to '47bf9a9d.qua'!
C:\Program Files\zsfizsji\huhqlmds.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP166\A0026603.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47829de1.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP166\A0026604.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47829de3.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP170\A0027764.dll
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was moved to '47829df1.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP170\A0027765.dll
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was moved to '47829df2.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP170\A0027766.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47829df4.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP170\A0027767.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47829df5.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP172\A0027868.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '47829dfb.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP172\A0027869.dll
[DETECTION] Is the Trojan horse TR/SpamBot.AD
[INFO] The file was moved to '47829dfd.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP186\A0039708.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47829e6f.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP186\A0039709.dll
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was moved to '47829e70.qua'!
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP186\A0039710.dll
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was moved to '47829e72.qua'!
C:\WINDOWS\avp.exe
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\explorer.exe
[DETECTION] Is the Trojan horse TR/Patched.Explor.B
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\mgrs.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\xpupdate.exe
[WARNING] 'Is the Trojan horse TR/Zlob.CA.78'. This detection is probably an error. Please send us this file immediately for further analysis.
C:\WINDOWS\system32\crehcjid.dll
[DETECTION] Is the Trojan horse TR/SpamBot.AD
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\cyzrdghf.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\dcuneykg.exe
[DETECTION] Is the Trojan horse TR/Fotomoto.F.1
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\drvtod.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47c8a0b9.qua'!
C:\WINDOWS\system32\mhcwtuqc.exe
[DETECTION] Is the Trojan horse TR/Click.MNB
[INFO] The file was moved to '47b5a0bf.qua'!
C:\WINDOWS\system32\oxdvjawy.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[INFO] The file was moved to '47b6a0df.qua'!
C:\WINDOWS\system32\pmnll.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\printer.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was moved to '47bba0e4.qua'!
C:\WINDOWS\system32\spoolvs.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was moved to '47c1a0f3.qua'!
C:\WINDOWS\system32\tpyfjvuq.dll
[DETECTION] Is the Trojan horse TR/Vundo.CA
[INFO] The file was moved to '47cba0f7.qua'!
C:\WINDOWS\system32\winkve32.dll
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\xqnddnoo.dll
[DETECTION] Is the Trojan horse TR/Vundo.AU
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\__c00D2AAA.dat
[DETECTION] Is the Trojan horse TR/Dldr.Agen.ZV.1.B
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\etc\hosts
[DETECTION] Is the Trojan horse TR/Qhost.NL
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\ѕуstem\wucrtupd.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.EJ
[INFO] The file was moved to '47b5a14f.qua'!
C:\WINDOWS\Temp\64server.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\Temp\gos2E.tmp
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '47c5a14b.qua'!
C:\WINDOWS\Temp\hostpower.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\Temp\monpower.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\Temp\powermon.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\Temp\syssv.exe
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\Temp\win20.exe
[WARNING] 'Is the Trojan horse TR/Zlob.CA.78'. This detection is probably an error. Please send us this file immediately for further analysis.
C:\WINDOWS\Temp\win26.exe
[DETECTION] Contains detection pattern of the dropper DR/Dldr.PurityScan.EG.7
[INFO] The file was moved to '47c0a14c.qua'!
C:\WINDOWS\Temp\win34.exe
[DETECTION] Is the Trojan horse TR/Dldr.Alphabet.LH1
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
Begin scan in 'D:\' <Données>
D:\Documents and Settings\Programmes\Démarrage\findfast.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.eus.19
[INFO] The file was moved to '47c0a151.qua'!


End of the scan: dimanche 2 décembre 2007 13:23
Used time: 57:59 min

The scan has been done completely.

5894 Scanning directories
379621 Files were scanned
45 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
23 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
379576 Files not concerned
4109 Archives were scanned
25 Warnings
0 Notes
0
Réponse 44 / 51
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2007 à 16:01
salut tomsnow,

fais ceci :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

stinger :

https://www.numerama.com/

telecharge le et click sur scan et le laisse travailler si tu as un rapport post le

puis refais un combofix et post le rapport
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 45 / 51
TOMSNOW
2 déc. 2007 à 16:36
Girly au secours! Je ne peux pas accéder à la restauration systéme! Quand je clic droit sur le poste de travail une alerte du type "restriction sur cet ordinateur" apparaît! Que faire?

Sinon en attendantj'ai fais un scan avg antispyware dont voici les résultats et un autre avec AvG antivirus (qui a trouvé plein de trucs, mais dont je ne trouve pas le rapport d'analyse; je ne sais pas comment faire pour pouvoir te montrer les résultats)

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:00:40 02/12/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP186\A0045733.dll -> Adware.BraveSentry : Nettoyé.
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP186\A0045734.dll -> Adware.BraveSentry : Nettoyé.
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP186\A0046744.dll -> Adware.BraveSentry : Nettoyé.
C:\Program Files\MalwareAlarm\MalwareAlarm0.ma -> Adware.DrAntispy : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\smgr -> Adware.Generic : Nettoyé.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo -> Adware.Generic : Nettoyé.
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP187\A0046754.exe -> Downloader.PurityScan.eg : Nettoyé.
C:\System Volume Information\_restore{129A78A4-40FF-494C-A631-0B99C3E7FC61}\RP186\A0045719.exe -> Not-A-Virus.Hoax.Win32.Renos.hx : Nettoyé.
:mozilla.109:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.167:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.429:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.115:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.116:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.125:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.14:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.15:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.16:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.17:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.145:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.41:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.663:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.664:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.665:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.24:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.219:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.220:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.221:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.222:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.223:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.267:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.119:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.120:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.121:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.65:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.786:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.787:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.788:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.789:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.790:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.791:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.792:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.314:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.315:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.58:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.437:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.474:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Qksrv : Nettoyé.
:mozilla.475:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Qksrv : Nettoyé.
:mozilla.477:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.478:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
:mozilla.488:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.489:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.490:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
:mozilla.168:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.520:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.521:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.522:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.523:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.524:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.525:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.43:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.44:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.46:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.45:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.48:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.49:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.629:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.630:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.631:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.632:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.633:C:\Documents and Settings\TOM\Application Data\Mozilla\Firefox\Profiles\iu4m8zwz.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport
0
Réponse 46 / 51
TOMSNOW
2 déc. 2007 à 16:38
Sinon Antivir ne cesse de m'alerter sur un truc bizzare : "TR/Patched.Explor.B" .....si ça peux te donner des infos!
0
Réponse 47 / 51
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2007 à 16:42
re,

pour le moment passe stinger

stinger :

https://www.numerama.com/

telecharge le et click sur scan et le laisse travailler si tu as un rapport post le

puis refais un combofix et post le rapport

@+
0
Réponse 48 / 51
TOMSNOW
2 déc. 2007 à 16:50
Ok je suis en train de le faire.
0
Réponse 49 / 51
TOMSNOW
2 déc. 2007 à 17:29
Voici les rapports:

ComboFix 07-12-02.5 - TOM 2007-12-02 17:21:19.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.444 [GMT 1:00]
Running from: C:\Documents and Settings\TOM\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Menu Démarrer\Live Safety Center.lnk
C:\Documents and Settings\All Users\Menu Démarrer\Online Security Guide.lnk
C:\Documents and Settings\TOM\Bureau\Live Safety Center.lnk
C:\Documents and Settings\TOM\Favoris\Online Security Guide.lnk
C:\Program Files\Fichiers communs\Yazzle1162OinUninstaller.exe
C:\Program Files\SecCenter
C:\Program Files\ucleaner_setup.exe
C:\Program Files\Ultimate Cleaner
C:\WINDOWS\Casino.ico
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\cyzrdghf.dllbox
C:\WINDOWS\system32\drvtodr.dll
C:\WINDOWS\system32\llnmp.ini
C:\WINDOWS\system32\skjlrsjp
C:\WINDOWS\system32\skjlrsjp\bg1.gif
C:\WINDOWS\system32\skjlrsjp\bgtop.gif
C:\WINDOWS\system32\skjlrsjp\bottom1.gif
C:\WINDOWS\system32\skjlrsjp\essentials.gif
C:\WINDOWS\system32\skjlrsjp\icon1.ico
C:\WINDOWS\system32\skjlrsjp\install1.gif
C:\WINDOWS\system32\skjlrsjp\left1.gif
C:\WINDOWS\system32\skjlrsjp\li.gif
C:\WINDOWS\system32\skjlrsjp\logo.gif
C:\WINDOWS\system32\skjlrsjp\main.htm
C:\WINDOWS\system32\skjlrsjp\mainframe.htm
C:\WINDOWS\system32\skjlrsjp\reinstall1.gif
C:\WINDOWS\system32\skjlrsjp\right1.gif
C:\WINDOWS\system32\skjlrsjp\s1.htm
C:\WINDOWS\system32\skjlrsjp\s2.htm
C:\WINDOWS\system32\skjlrsjp\s3.htm
C:\WINDOWS\system32\skjlrsjp\skjlrsjp1.exe
C:\WINDOWS\system32\skjlrsjp\skjlrsjp2.exe
C:\WINDOWS\system32\skjlrsjp\skjlrsjp3.exe
C:\WINDOWS\system32\skjlrsjp\SMTop1.gif
C:\WINDOWS\system32\skjlrsjp\SMTop2.gif
C:\WINDOWS\system32\skjlrsjp\SMTop3.gif
C:\WINDOWS\system32\skjlrsjp\SMTop4.gif
C:\WINDOWS\system32\skjlrsjp\soft1_off.gif
C:\WINDOWS\system32\skjlrsjp\soft1_off_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft1_on.gif
C:\WINDOWS\system32\skjlrsjp\soft1_on_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft2_off.gif
C:\WINDOWS\system32\skjlrsjp\soft2_off_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft2_on.gif
C:\WINDOWS\system32\skjlrsjp\soft2_on_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft3_off.gif
C:\WINDOWS\system32\skjlrsjp\soft3_off_ext.gif
C:\WINDOWS\system32\skjlrsjp\soft3_on.gif
C:\WINDOWS\system32\skjlrsjp\soft3_on_ext.gif
C:\WINDOWS\system32\skjlrsjp\softbottom_off.gif
C:\WINDOWS\system32\skjlrsjp\softbottom_on.gif
C:\WINDOWS\system32\skjlrsjp\softleft_off.gif
C:\WINDOWS\system32\skjlrsjp\softleft_on.gif
C:\WINDOWS\system32\skjlrsjp\top1.gif
C:\WINDOWS\system32\skjlrsjp\top2.gif
C:\WINDOWS\system32\skjlrsjp\turnoff1.gif
C:\WINDOWS\system32\skjlrsjp\turnon1.gif
C:\WINDOWS\system32\stem~1
C:\WINDOWS\system32\stem~1\??stem\
D:\Documents and Settings\Programmes\MalwareAlarm
D:\Documents and Settings\Programmes\MalwareAlarm\MalwareAlarm.lnk

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_NTMLSVC
-------\LEGACY_SYMAVC32
-------\DomainService
-------\NtmlSvc
-------\symavc32


((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-02 to 2007-12-02 ))))))))))))))))))))))))))))))))))))
.

2007-12-02 15:04 . 2007-12-02 17:25 0 --a------ C:\$bootcln.sch
2007-12-02 14:21 . 2007-12-02 15:04 <REP> d-------- C:\Documents and Settings\TOM\Application Data\AVG7
2007-12-02 14:20 . 2007-12-02 14:20 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-02 14:20 . 2007-12-02 14:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-02 12:56 . 2007-12-02 12:56 793,664 ---hs---- C:\WINDOWS\system32\oonddnqx.ini
2007-12-02 12:55 . 2007-12-02 12:55 <REP> d-------- C:\Program Files\E404 Helper
2007-12-02 12:54 . 2007-12-02 14:18 <REP> d-------- C:\Program Files\MalwareAlarm
2007-12-02 12:54 . 2007-12-02 12:54 1,148,902 --a------ C:\Install
2007-12-02 12:17 . 2007-12-02 12:17 <REP> d-------- C:\Program Files\Oqpmgmjc
2007-12-02 11:59 . 2007-12-02 11:59 <REP> d-------- C:\Program Files\Avira
2007-12-02 11:59 . 2007-12-02 11:59 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-12-02 11:06 . 2007-10-25 17:24 815,480 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-12-02 11:06 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2007-12-02 11:06 . 2007-10-25 17:14 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2007-12-02 11:06 . 2007-10-25 18:05 94,416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-02 11:06 . 2007-10-25 18:05 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-02 11:06 . 2007-10-25 18:01 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-02 11:06 . 2007-10-25 17:58 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-02 11:06 . 2007-10-25 18:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-02 00:50 . 2007-12-02 00:50 <REP> d-------- C:\Program Files\Neuf
2007-12-01 13:48 . 2007-12-02 14:05 246,976 --ahs---- C:\WINDOWS\system32\llnmp.ini2
2007-12-01 13:46 . 2007-12-01 13:46 <REP> d-------- C:\Program Files\Sonic Foundry
2007-12-01 13:45 . 2007-12-01 13:45 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-01 13:45 . 2007-12-02 15:04 <REP> d-------- C:\Program Files\zsfizsji
2007-12-01 13:45 . 2007-12-01 13:45 <REP> d-------- C:\Program Files\Igefrkdb
2007-12-01 13:45 . 2007-12-02 11:06 <REP> d-------- C:\Program Files\Alwil Software
2007-12-01 13:45 . 2007-12-01 13:45 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Jetico Personal Firewall
2007-12-01 13:44 . 2007-12-01 13:44 <REP> d-------- C:\WINDOWS\nview
2007-12-01 13:32 . 2007-12-01 13:44 <REP> d-------- C:\WINDOWS\NV33281784.TMP
2007-12-01 13:22 . 2007-12-01 13:36 <REP> d-------- C:\WINDOWS\nview(2)
2007-12-01 13:22 . 2007-12-02 16:40 63,804 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-01 13:22 . 2006-06-01 10:22 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-01 13:15 . 2007-12-01 13:45 <REP> d-------- C:\WINDOWS\NV38363840.TMP
2007-12-01 13:02 . 2007-12-01 13:45 <REP> d-------- C:\Program Files\Neuf(2)
2007-11-30 21:47 . 2007-11-30 21:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-11-30 21:47 . 2007-11-30 21:47 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-30 18:59 . 2007-11-30 18:59 <REP> d-------- C:\WINDOWS\ERUNT
2007-11-30 14:07 . 2007-12-01 13:46 <REP> d-------- C:\Program Files\Sonic Foundry(2)
2007-11-30 13:47 . 2007-11-30 13:47 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab(2)
2007-11-30 13:47 . 2007-11-30 13:47 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-30 13:02 . 2007-11-30 13:02 324,192 --a------ C:\WINDOWS\system32\pmnll.VIR
2007-11-30 12:40 . 2007-11-30 12:40 156,768 --a------ C:\WINDOWS\system32\accece0.sys
2007-11-30 12:40 . 2007-12-02 17:24 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2007-11-30 12:39 . 2007-11-30 12:39 89,088 --a------ C:\WINDOWS\system32\crehcjid.dll
2007-11-20 23:08 . 2007-11-20 23:08 <REP> dr------- C:\Documents and Settings\Mes documents\Mes vid‚os
2007-11-17 18:00 . 2007-11-17 18:00 <REP> d-------- C:\Documents and Settings\TOM\Application Data\Media Player Classic
2007-11-17 17:34 . 2007-11-17 17:34 <REP> d-------- C:\Program Files\K-Lite Codec Pack
2007-11-17 17:12 . 2007-11-17 17:12 <REP> d-------- C:\Program Files\Okoker All Video Splitter
2007-11-17 17:12 . 2005-01-19 18:23 32,256 --a------ C:\WINDOWS\system32\AVSredirect.dll
2007-11-09 21:36 . 2007-11-09 21:36 <REP> d-------- C:\Documents and Settings\Mes documents\essai21
2007-11-09 13:02 . 2002-03-19 10:29 14,165 --------- C:\WINDOWS\system32\drivers\Pclepci.sys
2007-11-07 17:38 . 2007-11-07 17:38 <REP> d-------- C:\Program Files\Transcribe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 15:51 --------- d-----w C:\Documents and Settings\TOM\Application Data\Skype
2007-12-02 13:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-12-02 13:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-01 14:35 --------- d-----w C:\Program Files\RegClean
2007-12-01 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 22:34 --------- d-----w C:\Program Files\Creative
2007-11-30 18:58 --------- d-----w C:\Program Files\Java
2007-11-30 12:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-30 11:39 1,037,879 ----a-w C:\WINDOWS\explorer.exe
2007-11-28 20:23 304,160 ----a-w C:\StiImg.dat
2007-11-23 07:59 --------- d-----w C:\Documents and Settings\TOM\Application Data\OpenOffice.org2
2007-11-09 20:37 --------- d-----w C:\Documents and Settings\TOM\Application Data\Tracktion 3
2007-11-09 20:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Tracktion 3
2007-11-09 20:35 --------- d-----w C:\Program Files\Tracktion 3
2007-11-06 15:49 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
2007-11-05 19:12 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
2007-10-22 08:34 --------- d-----w C:\Program Files\Skype
2007-10-22 08:34 --------- d-----w C:\Program Files\Fichiers communs\Skype
2007-10-22 08:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-10-22 08:27 23,876,904 ----a-w C:\SkypeSetup.exe
2007-10-13 09:33 --------- d-----w C:\Documents and Settings\TOM\Application Data\dvdcss
2007-10-13 08:58 --------- d-----w C:\Documents and Settings\TOM\Application Data\NetMedia Providers
2007-10-13 08:56 --------- d-----w C:\Program Files\Vstplugins
2007-10-13 08:55 --------- d-----w C:\Program Files\Sony
2007-10-12 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2007-10-10 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-10 09:14 --------- d-----w C:\Program Files\Fichiers communs\Adobe Systems Shared
2007-10-09 21:33 32 ----a-w C:\Program Files\log.txt
2007-10-09 21:26 --------- d-----w C:\Program Files\Calendrier
2007-10-09 21:26 --------- d-----w C:\Documents and Settings\TOM\Application Data\Calendrier Xtra
2007-10-08 11:07 --------- d-----w C:\Program Files\Fichiers communs\Vbox
2007-10-07 11:10 --------- d-----w C:\Program Files\Google
2007-10-07 11:07 --------- d-----w C:\Program Files\WinISO
2007-10-07 11:03 2,628,296 ----a-w C:\Program Files\ccsetup201.exe
2007-10-03 09:36 --------- d-----w C:\Program Files\Sonic Foundry Setup
2007-09-22 14:11 48,237,752 ----a-w C:\SetupDroppixRecorder2(2).exe
2007-07-01 14:07 12,759,940 ----a-w C:\Program Files\cnx11_fr.exe
2007-06-30 15:26 12,413,440 ------w C:\Program Files\avgas-setup-7.5.1.43.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ac44e0f5-5561-4b1e-9dfc-4a9fd5c3bcfb}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F94F1E83-A670-488A-AB17-D14B12C684A2}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:09]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 15:58]
"RemoteCenter"="C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2004-06-25 09:21]
"Cld2000.exe"="C:\Program Files\Calendrier\Cld2000.exe" [2007-10-03 16:22]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 12:31]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-14 23:22]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-13 15:55]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 10:44 C:\WINDOWS\RTHDCPL.exe]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-03-28 14:21]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="RunDLL32.exe" [2004-08-19 15:10 C:\WINDOWS\system32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-10-25 17:20]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-02 12:13]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-02 14:20]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:09]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-02 14:20]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
"NoFind"= 0 (0x0)
"NoRun"= 0 (0x0)
"NoDesktop"= 0 (0x0)
"NoClose"= 0 (0x0)
"StartMenuLogOff"= 0 (0x0)
"HideClock"= 0 (0x0)
"DisableRegistryTools"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
crehcjid.dll 2007-11-30 12:39 89088 C:\WINDOWS\system32\crehcjid.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cyzrdghf]
cyzrdghf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywwxv]
yaywwxv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-10 19:51 39792 --a------ C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
2003-03-28 14:21 57344 --a------ C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-30 15:58 68856 --a------ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe -osboot

R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys
R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
S1 bcbus;BestCrypt bus driver;C:\WINDOWS\system32\DRIVERS\bcbus.sys
S3 DPFilter;USB Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\DPFilter.sys
S3 Droppix Service;Droppix Service;"C:\Program Files\Fichiers communs\Droppix\DxService.exe"
S3 KBNTXP;Standard PS/2 Multi-Keyboard Filter Driver for WinXp;C:\WINDOWS\system32\DRIVERS\KBNTXP.sys
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 17:25:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpip_patcher]
"ImagePath"="\??\C:\WINDOWS\system32\tcpip_patcher.sys"
.
Completion time: 2007-12-02 17:27:00 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-30 18:20
C:\ComboFix3.txt ... 2007-11-30 18:05
.
--- E O F ---
McAfee® Stinger Version 3.8.0 built on Sep 10 2007

Copyright © 2007 McAfee, Inc. All Rights Reserved.

Virus data file v1000 created on Sep 10 2007.

Ready to scan for 191 viruses, trojans and variants.



Scan initiated on Sun Dec 02 16:50:29 2007

Number of clean files: 411135



McAfee® Stinger Version 3.8.0 built on Sep 10 2007

Copyright © 2007 McAfee, Inc. All Rights Reserved.

Virus data file v1000 created on Sep 10 2007.

Ready to scan for 191 viruses, trojans and variants.



Scan initiated on Sun Dec 02 16:50:29 2007

Number of clean files: 411135
0
Réponse 50 / 51
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
2 déc. 2007 à 18:20
re,

desinstal completement avast et avg.

Désinstalleur Avast:
https://www.avast.com/fr-fr/uninstall-utility

instal un par feu :

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

ou zone alarm plus facil a configurer mais moins performant

http://www.kachouri.com/tuto/tuto-143-zonealarm-installation-du-firewall--pare-feu.html

Copie le texte ci-dessous :

File::
C:\$bootcln.sch
C:\WINDOWS\system32\oonddnqx.ini
C:\Install
C:\WINDOWS\system32\pmnll.VIR
C:\WINDOWS\system32\crehcjid.dll
C:\WINDOWS\system32\tcpip_patcher.sys
C:\WINDOWS\system32\accece0.sys
C:\WINDOWS\system32\cyzrdghf.dll
C:\WINDOWS\system32\yaywwxv.dll
C:\WINDOWS\system32\winkve32.dll
C:\Program Files\zsfizsji\huhqlmds.dll
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\xpupdate.exe
C:\WINDOWS\system32\cyzrdghf.dll
C:\WINDOWS\system32\dcuneykg.exe
C:\WINDOWS\system32\drvtod.dll
C:\WINDOWS\system32\dcuneykg.exe
C:\WINDOWS\system32\pmnll.dll
C:\WINDOWS\system32\xqnddnoo.dll
C:\WINDOWS\system32\__c00D2AAA.dat
C:\WINDOWS\Temp\64server.exe
C:\WINDOWS\Temp\hostpower.exe
C:\WINDOWS\Temp\monpower.exe
C:\WINDOWS\Temp\powermon.exe
C:\WINDOWS\Temp\syssv.exe
C:\WINDOWS\Temp\win20.exe
C:\WINDOWS\Temp\win34.exe


Folder::
C:\Program Files\E404 Helper
C:\Program Files\MalwareAlarm
C:\Program Files\Oqpmgmjc
C:\Program Files\zsfizsji
C:\Program Files\Igefrkdb

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ac44e0f5-5561-4b1e-9dfc-4a9fd5c3bcfb}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F94F1E83-A670-488A-AB17-D14B12C684A2}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crehcjid]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cyzrdghf]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\yaywwxv]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\tcpip_patcher]

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage,

S'il n'y a pas de rédémarrage continue

Télécharge Zeb-Restore http://telechargement.zebulon.fr/zeb-restore.html enregistre ce fichier sur le bureau.

-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
- Coche la case devant :

Sites de confiance et sensibles
Réinitialiser Fichier Hosts
Préfixes et Protocoles Internet

- Ne coche aucune autre case
-Clique sur Restaurer
-Redémarre ton PC

(donc apres redemarrage tu reredemarre en mode sans echec avec prise en service du résau)

1) Redémarre le PC, impérativement en Mode sans échec avec prise en charge du réseau.
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement > Tapote par alternance les touches [F8] et [F5] jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionne "Mode sans échec avec prise en charge du réseau" et appuie sur la touche [Entrée].
Choisis ton compte usuel, et non Administrateur. En image ici (il s'agit du second choix) > http://cybersecurite.xooit.com/t88-Demarre...-sans-echec.htm

2) Télécharge Dr.Web CureIt sur ton Bureau:
Rend toi sur cette page afin de télécharger le fichier CureIt.exe> ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
# Double clique sur le fichier drweb-cureit.exe et ensuite clique sur commencer le scan.
# Clique Ok à l'invite de l'analyse rapide. Ce scan permet l'analyse des processus chargés en mémoire ; s'il trouve des processus infectés, clique le bouton Oui pour tout à l'invite.
**Note : une fenêtre s'ouvrira avec options pour "Commander" ou "50% de réduction" ; clique sur le "X" pour fermer la fenêtre
# Lorsque le scan rapide est terminé, Clique sur le menu Options >> Changer la configuration;
# Choisis l'onglet "Scanner", et décoche "Analyse heuristique". Clique sur "Ok"
# De retour à la fenêtre principale : clique sur le bouton radio "Analyse complète".
# Clique sur la flèche verte sur la droite, et le scan débutera.
# Clique Oui pour tout à l'invite "Désinfecter ?" lorsqu'un fichier est détecté, et ensuite clique sur "Désinfecter".
# Lorsque le scan sera complété, regarde si tu peux cliquer sur cette icône, adjacente aux fichiers détectés : < inclued picture >
# Si oui, alors clique dessus et ensuite clique sur l'icône "Suivant", au dessous, et choisis Déplacer en quarantaine l'objet indésirable
# Du menu principal de l'outil, au haut à gauche, clique sur le menu Fichier et choisis Enregistrer le rapport
# Sauvegarde le rapport sur ton Bureau. Ce dernier se nommera DrWeb.csv
# Ferme Dr.Web Cureit
# Redémarre ton ordi (*très important*), car certains fichiers peuvent être déplacés/réparés au redémarrage.
# Suite au redémarrage, poste (Copie/Colle) le contenu du rapport de l'outil Dr.Web dans ta prochaine réponse.

poste aussi le contenu du rapport Combofix.txt4

bon courrage

@+
0
Réponse 51 / 51
TOMSNOW
2 déc. 2007 à 18:32
Ok chef a tout de suite merci
0