Sujet Précédent Sujet Suivant

Virus recurent

Fermé
steb - 29 août 2008 à 12:01
 steb - 29 août 2008 à 12:10
Bonjour,
quelqu'un peut-il m'aider à résoudre ce probleme?
ComboFix 08-08-28.04 - seb 2008-08-29 11:35:44.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.1.1036.18.1172 [GMT 2:00]
Endroit: C:\Users\seb\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\rhccrjj0etfv
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Users\seb\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk
C:\Users\seb\AppData\Roaming\rhccrjj0etfv
C:\Windows\system32\lphc9rjj0etfv.exe
C:\Windows\system32\phc9rjj0etfv.bmp
C:\Windows\system32\pphc9rjj0etfv.exe

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-07-28 to 2008-08-29 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier cr‚‚ dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-29 08:55 --------- d-----w C:\Program Files\ljhtcsb
2008-08-29 08:48 --------- d-----w C:\Program Files\Trend Micro
2008-08-29 08:25 --------- d-----w C:\ProgramData\rglizetq
2008-08-29 04:22 --------- d-----w C:\ProgramData\GenApl
2008-08-29 04:22 --------- d-----w C:\ProgramData\aplsys
2008-08-28 16:01 --------- d-----w C:\Program Files\Sun
2008-08-28 16:01 --------- d-----w C:\Program Files\Java
2008-08-28 04:53 --------- d-----w C:\ProgramData\msgsys
2008-08-28 04:53 --------- d-----w C:\ProgramData\AdmCfg
2008-08-27 04:44 --------- d-----w C:\ProgramData\SysComCfg
2008-08-27 04:44 --------- d-----w C:\ProgramData\setsysweb
2008-08-27 04:41 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-08-26 17:11 --------- d-----w C:\ProgramData\smartcom
2008-08-26 17:11 --------- d-----w C:\ProgramData\GenShStr
2008-08-25 21:14 --------- d-----w C:\ProgramData\MsgCfg
2008-08-25 21:13 --------- d-----w C:\ProgramData\SysDsc
2008-08-17 13:01 38,472 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys
2008-08-17 13:01 17,144 ----a-w C:\Windows\system32\drivers\mbam.sys
2008-08-16 00:46 27,145 ----a-w C:\Users\seb\AppData\Roaming\nvModes.dat
2008-08-14 11:20 --------- d-----w C:\Program Files\Windows Mail
2008-07-28 12:57 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-07-25 17:50 174 --sha-w C:\Program Files\desktop.ini
2008-07-25 17:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-25 17:43 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-25 17:43 --------- d-----w C:\Program Files\Windows Journal
2008-07-25 17:43 --------- d-----w C:\Program Files\Windows Defender
2008-07-25 17:43 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-25 17:43 --------- d-----w C:\Program Files\Windows Calendar
2008-07-19 14:36 51,280 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-07-17 08:43 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-17 08:43 --------- d-----w C:\Program Files\Microsoft Works
2008-07-15 18:15 --------- d-----w C:\Users\seb\AppData\Roaming\CyberLink
2008-07-15 18:15 --------- d-----w C:\ProgramData\CyberLink
2008-07-15 16:54 --------- d-----w C:\Program Files\PhotoFiltre
2008-07-05 18:46 --------- d-----w C:\Program Files\TF1Vision
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 09:33 1233920]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-05-03 19:21 171448]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 09:33 125952]
"PMCRemote"="C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe" [2007-07-04 13:52 253000]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 09:33 202240]
"MsgCfg"="C:\ProgramData\MsgCfg\bmlybcte.exe" [2008-08-25 23:14 94208]
"smartcom"="C:\ProgramData\smartcom\debkzyte.exe" [2008-08-26 19:11 86016]
"setsysweb"="C:\ProgramData\setsysweb\tihstgje.exe" [2008-08-27 06:44 90112]
"msgsys"="C:\ProgramData\msgsys\wzkpwhyt.exe" [2008-08-28 06:53 90112]
"aplsys"="C:\ProgramData\aplsys\idinqtuz.exe" [2008-08-29 06:22 94208]
"webset"="C:\Windows\system32\zsjkfmvo.exe" [2008-08-29 10:55 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 16:33 457216]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 04:38 40048]
"PLFSetL"="C:\Windows\PLFSetL.exe" [2007-07-05 13:35 94208]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2007-06-27 11:15 752136]
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" [2007-05-24 14:38 206952]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 10:06 159744]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 15:49 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"eAudio"="C:\Acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 14:54 1286144]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AdobeVersionCue"="C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-22 16:33 1732608]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-08-17 15:01 1195640]
"e-TF1"="C:\Program Files\TF1Vision\TF1vision.exe" [2008-03-05 12:47 397312]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-25 17:39 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-25 17:39 8470528]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-25 17:39 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 05:06 4669440 C:\Windows\RtHDVCpl.exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-09 21:43:32 110592]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2007-08-10 09:29:07 535336]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"apiaplhlp"= {66C55FCA-CB16-1B7B-C123-062AF4D0FFA9} - C:\Program Files\ljhtcsb\apiaplhlp.dll [2008-08-29 10:55 135168]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1ACDC690-E812-4BF4-8277-CADB310BB196}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{975C10A6-89E7-450F-8386-9F6BEC5992B5}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{4B2A96AC-90BB-469D-96F2-1E462E2F2103}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{CB0A5015-2744-4511-8C92-B47FF3948EAF}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{849D0299-7E5F-4D16-821F-6475DF1EFD43}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{25219AE5-C395-490A-927D-5917C456B162}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{298B174B-ABFF-493B-8458-80754B150179}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{CE437F01-6272-438D-8CCA-A98B89FEFEB9}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{661DA6D0-8D2D-471C-88EF-AEC0A783C0B5}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{AD77755C-A039-4DB1-A1EB-C5EA384DF039}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2D8241BC-E05A-4240-805D-06D2E80D6B44}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{0D3AEBDC-CC79-4D35-AFBC-5FFC1C049A2D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{A654E5DE-6573-4039-8219-6E8A8D7C00CE}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2C07F591-EAC8-4200-ADE7-136CF1F8FCA4}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSfsu.exe"= C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu
"C:\\Acer\\Empowering Technology\\eDataSecurity\\encryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption
"C:\\Acer\\Empowering Technology\\eDataSecurity\\decryption.exe"= C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys [2007-03-07 10:26]
S1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 16:35]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\[u]0/u00.fcl [2006-11-02 17:51]
S2 ALaunchService;ALaunch Service;C:\Acer\ALaunch\ALaunchSvc.exe [2007-01-26 14:24]
S2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
S2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 16:36]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 10:57]
S3 Ltn_stk7070P;PCTV based TV tuner device;C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 14:41]
S3 Ltn_stkrc;PCTV Infrared Receiver;C:\Windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 19:30]

*Newly Created Service* - ECACHE
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

2008-08-28 C:\Windows\Tasks\User_Feed_Synchronization-{EC1EA083-FC16-492F-B877-811D4C79591A}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 09:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-SrMN5vZqev - C:\ProgramData\rglizetq\hyvkrelk.exe
HKLM-Run-lphc9rjj0etfv - C:\Windows\system32\lphc9rjj0etfv.exe
HKLM-Run-SMrhccrjj0etfv - C:\Program Files\rhccrjj0etfv\rhccrjj0etfv.exe
HKLM-Explorer_Run-SrMN5vZqev - C:\ProgramData\rglizetq\hyvkrelk.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/webhp?rls=ig
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
R0 -: HKLM-Main,Start Page = hxxp://fr.fr.acer.yahoo.com
R1 -: HKCU-SearchURL,(Default) = hxxp://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-29 11:40:01
Windows 6.0.6001 Service Pack 1 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\HelpPane.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-08-29 11:44:03 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-29 09:43:49
ComboFix2.txt 2008-08-29 08:20:04

Pre-Run: 64,907,436,032 octets libres
Post-Run: 67,109,511,168 octets libres

188 --- E O F --- 2008-08-21 19:08:42

2 réponses

Réponse 1 / 2
valentin2105 Messages postés 578 Date d'inscription samedi 26 avril 2008 Statut Membre Dernière intervention 1 juillet 2014 30
29 août 2008 à 12:03
Quel est t-on problème avant de poser ton rapport ?
0
steb
29 août 2008 à 12:07
mon probleme est le suivant : trojan-clicker.win32.tiny.h
0
Réponse 2 / 2
valentin2105 Messages postés 578 Date d'inscription samedi 26 avril 2008 Statut Membre Dernière intervention 1 juillet 2014 30
29 août 2008 à 12:08
Installe Malware Byte Anti Malware, fais un scan complet, il va te le supprimer
0
steb
29 août 2008 à 12:10
c fait mais il revien sans cesse avec d'autres
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Comment savoir si j'ai attrapé un virus sur mon téléphone ?
Infolock -
bell -

66 réponses
Virus Altruistic
Mael03250 -
MisteryBean -

11 réponses
Supprimer notifications myavids.com sous Android.
Guy72 -
Liline -

7 réponses