ordinateur infestéRésolu/Fermé

Question

Bonjour,
j'ai des messages d'alerte qui apparaissent sur mon ordi (avast détecte des virus) et un logiciel se lance de manière intempestive en indiquant "you have a problem security" , il veut se connecter sur un pseudo antivirus avec des images hard en page d'accueil ....

j'ai fait un nettoyage avec spybot, je suis en train de nettoyer avec bitdefender online et j'ai fait un log hijack que vous verrez ci après. Pouvez-vous m'aider pour la suite, merci beaucoup:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:19:06, on 05/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk\bermrsjk.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\COMAT Mouse Driver\MouseDrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\DOCUME~1\DAVIDT~1.DAV\LOCALS~1\Temp\video198.cfg.exe
C:\WINDOWS\system32\ubknwrwj.exe
C:\DOCUME~1\DAVIDT~1.DAV\LOCALS~1\Temp\c.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\BitLord\BitLord.exe
C:\WINDOWS\system32\ubknwrwj.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files
ettransport\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files	estjeuxjava\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files
ettransport\NXToolBar.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files	estjeuxjava\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\COMAT Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SecureExpertCleanerDownloader] C:\Documents and Settings\davidt.DAVID\Local Settings\Temporary Internet Files\Content.IE5\AR5MN91V\CleanerInstaller_fr[1].exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Somefox] C:\DOCUME~1\DAVIDT~1.DAV\LOCALS~1\Temp\video198.cfg.exe
O4 - HKCU\..\Run: [dscappset] C:\WINDOWS\system32\ubknwrwj.exe
O4 - HKLM\..\Policies\Explorer\Run: [WQadfoO3Sb] C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk\bermrsjk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Link to &MidpX - C:\Program Files	estjeuxjava\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files
ettransport\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files
ettransport\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} (Toontown IE Helper French) - http://idownload.fr.toontown.com/sv1.5.20.15/ttinst-french.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A31A2BC2-272D-4121-893F-BE6C73558247}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

jlpjlp · Answer

slt,

scan ton ordi avec malwarebyte et colles le rapport et vire ce qui est trouvé:


https://www.malekal.com/tutoriel-malwarebyte-anti-malware/ 
____________________

mets a jour internet explorer:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

______________________

recolle un noueau rapport hijakchtis et dis tes soucis


et

colles un rapport avec smitfraudfix avec l'option 1 : a telecharger ici:
http://siri.urz.free.fr/Fix/SmitfraudFix.php

samtris · Answer

slt merci de ton aide, ça donne :
bitdefender : 8 virus

malweyre :

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1116
Windows 5.1.2600 Service Pack 2

06/09/2008 08:20:22
mbam-log-2008-09-06 (08-20-22).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 260733
Temps écoulé: 41 minute(s), 10 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 29
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 2
Fichier(s) infecté(s): 65

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{9233c3c0-1472-4091-a505-5580a23bb4ac} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER	ypelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Servicesdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Somefox (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Libre service\utilitaire\photofiltre100%GB\eyCORE\Keymaker-CORE\CORE10k.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\SAV\sav.cpl (Rogue.SystemAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
etode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32
ewsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32egm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	aack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	emp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32	hun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Documents and Settings\davidt.DAVID\Local Settings\Temp\video198.cfg.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\davidt.DAVID\Bureau\System Antivirus 2008.lnk (Rogue.SystemAntivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\davidt.DAVIDesults.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\davidt.DAVID\Local Settings\Temp\video198.cfg (Trojan.FakeAlert) -> Quarantined and deleted successfully.




hijack :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:22:28, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Maxthon\Maxthon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files
ettransport\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files	estjeuxjava\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files
ettransport\NXToolBar.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files	estjeuxjava\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\COMAT Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SecureExpertCleanerDownloader] C:\Documents and Settings\davidt.DAVID\Local Settings\Temporary Internet Files\Content.IE5\AR5MN91V\CleanerInstaller_fr[1].exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [dscappset] C:\WINDOWS\system32\ubknwrwj.exe
O4 - HKCU\..\Run: [InfoMon] C:\WINDOWS\system32\hwfapglw.exe
O4 - HKLM\..\Policies\Explorer\Run: [WQadfoO3Sb] C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk\bermrsjk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Link to &MidpX - C:\Program Files	estjeuxjava\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files
ettransport\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files
ettransport\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} (Toontown IE Helper French) - http://idownload.fr.toontown.com/sv1.5.20.15/ttinst-french.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A31A2BC2-272D-4121-893F-BE6C73558247}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

samtris · Answer

je viens de redémarre en mode normal et un logiciel "cleaner installer" veut se lancer au démarrage, je crois que c'est le faux antivirus d'hier.

samtris · Answer

au bout de qq temps, j'ai un windows security alert , le tout en anglais qui m'indique que "trojan spy.html.bankfraud.dq" a été trouvé..... et me propose de lancer un truc pour être protégé.

samtris · Answer

re..

c'est pas ccleaner qui veut se lancer, mais bien un "cleaner installer" que je n'ai pas installé officiellement...
je fais le nv scan là.

jlpjlp · Answer

ok il en reste un paquet ! Redémarre en mode sans échec en appuyant sur f8 en général au démarrage . Relance smitfraudfix et choisi l'option 2 et colle le rapport ainsi qu'un nouvel hijackthis

samtris · Answer

nv rapport malwayre, puis je fais le nouveau test smitfraudix.

Malwarebytes' Anti-Malware 1.26
Version de la base de données: 1119
Windows 5.1.2600 Service Pack 2

06/09/2008 10:07:56
mbam-log-2008-09-06 (10-07-56).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 253269
Temps écoulé: 1 hour(s), 10 minute(s), 7 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\dscappset (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\infomon (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ubknwrwj.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hwfapglw.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\System Volume Information\_restore{33CDCBA4-834F-4441-A4D4-F1511A6159DE}\RP327\A0049659.EXE (Trojan.Agent) -> Quarantined and deleted successfully.

samtris · Answer

SmitFraudFix v2.346

Rapport fait à 10:13:41,75, 06/09/2008
Executé à partir de C:\Program Files\Maxthon\Template\StartPage\js\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1       localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\Program Files\sav\ supprimé

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix

AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 80.10.246.2
DNS Server Search Order: 80.10.246.129

HKLM\SYSTEM\CCS\Services\Tcpip\..\{A31A2BC2-272D-4121-893F-BE6C73558247}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS1\Services\Tcpip\..\{A31A2BC2-272D-4121-893F-BE6C73558247}: NameServer=80.10.246.2,80.10.246.129
HKLM\SYSTEM\CS2\Services\Tcpip\..\{A31A2BC2-272D-4121-893F-BE6C73558247}: NameServer=80.10.246.2,80.10.246.129


»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre
 
Nettoyage terminé. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

samtris · Answer

le logiciel qui veut se lancer "cleaner installer..." est bien un virus/malware , j'ai trouvé un site ou qq'un avait un prog. du même genre créé par la même pseudo entreprise : antispywaresolutionpro inc

le problème de ce logiciel est toujours présent.

samtris · Answer

c fait, je l'ai utilisé mais j'ai toujours les fausses alertes

samtris · Answer

peut on effacer sans problème les dossier temp et temporay files  ???

jlpjlp · Answer

parfait 

tu peux les virer avec le logiciel ccleaner



________________


sinon pour finir:




Télécharge Combofix de sUBs : aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: http://bibou0007.forumpro.fr/tutos-f45/tutorial-combofix-t12­1.htm

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
_________________

recolle un nouveau hijackhtis et dis tes soucis

samtris · Answer

merci encore pour le mal que vous vous donnez pour des ""incompétents"" comme moi, car pôur moi, c'est de l'hebreu... voilà le combo : ComboFix 08-09-05.02 - davidt 2008-09-06 12:26:39.3 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1423 [GMT 2:00] Endroit: C:\Documents and Settings\davidt.DAVID\Bureau\ComboFix.exe * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\rtl60.bpl . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))))))) . 2008-09-06 11:15 . 2008-09-06 11:16 d-------- C:\Program Files\RegCleaner 2008-09-06 11:07 . 2008-09-06 11:07 d-------- C:\Program Files\CCleaner 2008-09-06 10:36 . 2008-09-06 10:36 81,920 --a------ C:\WINDOWS\system32\ixadajgf.exe 2008-09-06 08:32 . 2008-09-06 08:32 81,920 --a------ C:\WINDOWS\system32\bkpshubu.exe 2008-09-05 20:24 . 2008-09-05 20:24 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-05 20:24 . 2008-09-05 20:24 d-------- C:\Documents and Settings\davidt.DAVID\Application Data\Malwarebytes 2008-09-05 20:24 . 2008-09-05 20:24 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-09-05 20:24 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-05 20:24 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-05 19:32 . 2008-09-05 20:28 d-------- C:\WINDOWS\BDOSCAN8 2008-09-05 19:31 . 2008-09-05 19:31 d-------- C:\Documents and Settings\davidt.DAVID\.housecall6.6 2008-09-05 19:30 . 2008-09-05 19:30 40 --a------ C:\WINDOWS\TSC.INI 2008-09-05 19:29 . 2008-09-05 19:29 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-09-05 19:29 . 2008-09-05 19:29 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-09-05 19:29 . 2008-09-05 19:29 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-09-05 19:00 . 2008-09-05 19:00 d--hs---- C:\Diskeeper 2008-09-05 18:24 . 2008-09-05 18:24 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk 2008-09-05 17:56 . 2008-09-05 17:56 d-------- C:\Program Files\Diskeeper Corporation 2008-09-05 17:56 . 2008-09-05 17:56 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation 2008-08-30 11:07 . 2008-08-30 17:07 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-28 17:16 . 2008-08-28 17:16 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com 2008-08-28 15:35 . 2008-08-28 15:35 d--hs---- C:\Boot 2008-08-28 15:35 . 2008-01-21 04:22 333,203 -rahs---- C:\bootmgr 2008-08-28 15:35 . 2008-08-28 15:35 8,192 -ra-s---- C:\BOOTSECT.BAK 2008-08-28 15:06 . 2008-08-28 15:06 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-08-28 15:04 . 2008-07-04 05:48 9,490,432 --a------ C:\WINDOWS\system32\atioglx2.dll 2008-08-28 15:04 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat 2008-08-28 15:04 . 2008-03-29 05:36 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat 2008-08-28 15:04 . 2008-07-04 05:25 421,888 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2008-08-28 15:04 . 2008-07-04 05:06 253,952 --a------ C:\WINDOWS\system32\atiok3x2.dll 2008-08-28 15:04 . 2008-07-04 04:34 48,640 --a------ C:\WINDOWS\system32\amdpcom32.dll 2008-08-28 15:04 . 2008-07-04 04:29 32,768 --a------ C:\WINDOWS\system32\atiadlxx.dll 2008-08-28 15:04 . 2008-05-13 14:10 13,052 --a------ C:\WINDOWS\atiogl.xml 2008-08-28 14:44 . 2008-08-28 14:44 d--hs---- C:\$RECYCLE.BIN 2008-08-28 12:50 . 2008-08-28 12:50 d-------- C:\Program Files\Innovative Solutions 2008-08-26 18:09 . 2008-08-26 18:09 d-------- C:\WINDOWS\Performance 2008-08-26 18:09 . 2008-08-26 18:09 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-08-26 18:06 . 2008-08-26 18:06 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation 2008-08-26 17:16 . 2008-08-26 17:19 d-------- C:\Documents and Settings\davidt.DAVID\Application Data\Boomzap 2008-08-26 17:15 . 2008-08-26 17:15 d-------- C:\WINDOWS\Jewels of Cleopatra 2 Aztec Mysteries 2008-08-26 08:52 . 2008-08-26 08:52 d-------- C:\Program Files\VirtualDubMOD 2008-08-17 17:47 . 2008-08-17 17:47 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\mwas . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 09:07 --------- d-----w C:\Program Files\GetRight 2008-09-06 08:13 3,508 ----a-w C:\WINDOWS\system32\tmp.reg 2008-09-05 18:23 --------- d-----w C:\Program Files\FlashGet 2008-09-05 17:45 --------- d-----w C:\Program Files\Any to Icon 2008-09-05 10:19 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-05 10:19 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-04 16:07 --------- d-----w C:\Program Files\MSN Messenger 2008-09-02 21:58 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-09-02 14:51 86,528 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-09-01 15:11 --------- d-----w C:\Program Files\VideoGet 2008-09-01 15:11 --------- d-----w C:\Program Files\Panda Security 2008-08-28 20:36 82,432 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2008-08-28 15:16 --------- d-----w C:\Program Files\ma-config.com 2008-08-26 16:12 --------- d-----w C:\Program Files\AAPDA 2008-08-25 15:38 --------- d-----w C:\Documents and Settings\davidt.DAVID\Application Data\Canon 2008-08-22 13:54 --------- d-----w C:\Documents and Settings\davidt.DAVID\Application Data\OpenOffice.org2 2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe 2008-08-17 15:51 --------- d-----w C:\Documents and Settings\davidt.DAVID\Application Data\MatchWare 2008-08-17 15:47 --------- d-----w C:\Program Files\MatchWare 2008-08-09 08:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink 2008-08-06 15:12 4,755,968 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys 2008-08-03 09:09 --------- d-----w C:\Program Files\Avast4 2008-08-02 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-22 16:55 --------- d-----w C:\Program Files\Teamspeak2_RC2 2008-07-22 10:11 --------- d-----w C:\Program Files\testjeuxjava 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-15 11:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe 2008-07-11 11:13 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe 2008-07-11 11:13 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-06 11:36 --------- d-----w C:\Program Files\e-Carte Bleue Société Générale 2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-07-04 03:01 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 15:40 663,552 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-19 14:42 2,808,832 ----a-w C:\WINDOWS\ALCWZRD.EXE 2008-06-19 14:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.EXE 2008-06-19 14:20 57,344 ----a-w C:\WINDOWS\ALCMTR.EXE 2008-06-18 16:01 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE 2008-06-10 10:22 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-12 16:26 81,920 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\ezpinst.exe 2007-07-12 16:26 47,360 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\pcouffin.sys 2006-12-09 18:33 3,958 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\wklnhst.dat 2006-10-07 07:22 94,080 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\ezplay.sys 2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll 2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856] "Google Update"="C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "InfoCfgAct"="C:\WINDOWS\system32\bkpshubu.exe" [2008-09-06 81920] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "CmdAppEn"="C:\WINDOWS\system32\clqrktuf.exe" [2008-09-06 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2006-12-15 31552] "WireLessMouse"="C:\Program Files\COMAT Mouse Driver\StartAutorun.exe" [2005-11-30 94208] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304] "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 C:\WINDOWS\RTHDCPL.EXE] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "WQadfoO3Sb"="C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk\bermrsjk.exe" [2008-09-05 69632] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.MJPG"= Pvmjpg30.dll "VIDC.I420"= i420vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^davidt.DAVID^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk] path=C:\Documents and Settings\davidt.DAVID\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-09-25 09:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-08-21 15:52 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeFilterMerit] --a------ 2005-05-17 10:54 40960 C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] --a------ 2008-07-25 11:58 5057368 C:\Program Files\Innovative Solutions\DriverMax\devices.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] --a------ 2006-10-17 03:20 398944 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnApiCmd] --a------ 2008-09-06 10:36 81920 C:\WINDOWS\system32\ixadajgf.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-06-03 12:38 49152 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2004-10-06 20:40 81920 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Presto! PVR Monitor] --a------ 2005-12-14 15:53 49152 C:\Program Files\NewSoft\Presto! PVR\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\BitLord\BitLord.exe"= "C:\Program Files\America's Army\System\ArmyOps.exe"= "D:\pes2008\PES2008.exe"= "D:\World of Padman\wop.exe"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\FlashGet\flashget.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "D:\pinnacle11ultimate\programs\RM.exe"= "D:\pinnacle11ultimate\programs\Studio.exe"= "D:\pinnacle11ultimate\programs\PMSRegisterFile.exe"= "D:\pinnacle11ultimate\programs\umi.exe"= "C:\Program Files\Zattoo\zattood.exe"= "D:\football08\Game.exe"= "D:\Soldat\Soldat.exe"= "C:\Program Files\Maxthon\Maxthon.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336] R3 Cap7134;Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\vm7133.sys [2006-10-29 360736] R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2006-11-21 13512] S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 698368] S3 BDA7700;DiBcom DIB7700 DVB-T;C:\WINDOWS\system32\Drivers\bda7700.sys [2006-03-31 74880] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-11 306432] S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - MARKFUN_NT . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-eCarteBleue-SG-P3 - C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue\ECB-SG.exe MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.911.3380\GoogleToolbarNotifier.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\davidt.DAVID\Application Data\Mozilla\Firefox\Profiles\6q9xp647.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr FF -: plugin - C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 12:30:35 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... C:\WINDOWS\[u]0[/u].log 0 bytes Scan termin‚ avec succŠs Les fichiers cach‚s: 1 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT] "ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\COMAT Mouse Driver\MouseDrv.exe D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\GIGABYTE\ET5\GUI.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-06 12:35:48 - machine was rebooted [davidt] ComboFix-quarantined-files.txt 2008-09-06 10:35:45 ComboFix2.txt 2008-02-04 07:50:34 ComboFix3.txt 2008-01-30 08:22:32 Pre-Run: 10,688,544,768 octets libres Post-Run: 10,842,120,192 octets libres 296 --- E O F --- 2008-08-19 08:12:54 ----------------------------------------------------------------------------------------------------------------------- hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:49, on 06/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk\bermrsjk.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\COMAT Mouse Driver\MouseDrv.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Logitech\G-series Software\LGDCore.exe C:\Program Files\Logitech\G-series Software\LCDMon.exe C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe C:\Program Files\Gigabyte\ET5\GUI.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\WINDOWS\system32\bkpshubu.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\Program Files\Maxthon\Maxthon.exe C:\WINDOWS\system32\bkpshubu.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\nettransport\NXIEHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\testjeuxjava\JadInvoker\MidpInvoker.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\nettransport\NXToolBar.dll O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\testjeuxjava\JadInvoker\MidpInvoker.dll O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\COMAT Mouse Driver\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [InfoCfgAct] C:\WINDOWS\system32\bkpshubu.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CmdAppEn] C:\WINDOWS\system32\clqrktuf.exe O4 - HKLM\..\Policies\Explorer\Run: [WQadfoO3Sb] C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk\bermrsjk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ? O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Link to &MidpX - C:\Program Files\testjeuxjava\JadInvoker\Extent\jad_wrap.htm O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\nettransport\NXAddList.html O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\nettransport\NXAddLink.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} (Toontown IE Helper French) - http://idownload.fr.toontown.com/sv1.5.20.15/ttinst-french.cab O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29 O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A31A2BC2-272D-4121-893F-BE6C73558247}: NameServer = 80.10.246.2,80.10.246.129 O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

samtris · Answer

http://imagik.fr/view/104801

jlpjlp · Answer

ok il en reste! je suis un peu occupé en ce moment mais ne t'inquiete pas je finirai


analyse ce fichier sur virus total et colles le rapport:  https://www.virustotal.com/gui/

C:\WINDOWS\system32\ixadajgf.exe


_______________


http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Télécharger sur le bureau
Navilog.zip
= Double-Clic navilog1.zip
= Extraire tout sur le bureau
= Double-Clic navilog1 qui est sur le bureau
= Appuyer sur une touche jusqu' arriver aux options
= Choisir option 1

un rapport : fixnavi.txt dans C : va se creer
le copier/coller dans ton prochain message. 

_________________

mets a jour internet explorer ici:

https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

____________________


Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\WINDOWS\system32\bkpshubu.exe
C:\WINDOWS\system32\bkpshubu.exe
C:\Program Files\Messenger\msmsgs.exe" /background
C:\WINDOWS\system32\clqrktuf.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk\bermrsjk.exe 


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InfoCfgAct"="-
"CmdAppEn"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"WQadfoO3Sb"=-

Enregistre ce fichier sous le nom CFscript


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis tes soucis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

samtris · Answer

re:
pour commencer, virustotal :

Fichier ixadajgf.exe reçu le 2008.09.06 17:56:34 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE 


Résultat: 7/36 (19.45%)
en train de charger les informations du serveur... 
Votre fichier est dans la file d'attente, en position: ___.
L'heure estimée de démarrage est entre ___ et ___ .
Ne fermez pas la fenêtre avant la fin de l'analyse. 
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. 
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération. 
 Formaté Impression des résultats  
Votre fichier a expiré ou n'existe pas. 
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. 
 Email:  
  

Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.9.6.0 2008.09.06 - 
AntiVir 7.8.1.28 2008.09.05 - 
Authentium 5.1.0.4 2008.09.06 - 
Avast 4.8.1195.0 2008.09.06 - 
AVG 8.0.0.161 2008.09.05 - 
BitDefender 7.2 2008.09.06 - 
CAT-QuickHeal 9.50 2008.09.06 - 
ClamAV 0.93.1 2008.09.06 - 
DrWeb 4.44.0.09170 2008.09.06 - 
eSafe 7.0.17.0 2008.09.03 - 
eTrust-Vet 31.6.6072 2008.09.05 - 
Ewido 4.0 2008.09.06 - 
F-Prot 4.4.4.56 2008.09.06 - 
F-Secure 8.0.14332.0 2008.09.06 Trojan.Win32.Obfuscated.gx 
Fortinet 3.112.0.0 2008.09.06 W32/PolySmall.BP!tr 
GData 19 2008.09.06 Trojan.Win32.Obfuscated.gx 
Ikarus T3.1.1.34.0 2008.09.06 - 
K7AntiVirus 7.10.443 2008.09.05 - 
Kaspersky 7.0.0.125 2008.09.06 Trojan.Win32.Obfuscated.gx 
McAfee 5378 2008.09.05 - 
Microsoft 1.3903 2008.09.06 TrojanDownloader:Win32/FakeAlert.C 
NOD32v2 3423 2008.09.06 a variant of Win32/TrojanDownloader.FakeAlert.IQ 
Norman 5.80.02 2008.09.05 - 
Panda 9.0.0.4 2008.09.06 - 
PCTools 4.4.2.0 2008.09.06 - 
Prevx1 V2 2008.09.06 Malicious Software 
Rising 20.60.52.00 2008.09.06 - 
Sophos 4.33.0 2008.09.06 - 
Sunbelt 3.1.1610.1 2008.09.05 - 
Symantec 10 2008.09.06 - 
TheHacker 6.3.0.8.072 2008.09.04 - 
TrendMicro 8.700.0.1004 2008.09.05 - 
VBA32 3.12.8.5 2008.09.06 - 
ViRobot 2008.9.5.1365 2008.09.06 - 
VirusBuster 4.5.11.0 2008.09.06 - 
Webwasher-Gateway 6.6.2 2008.09.05 - 
Information additionnelle 
File size: 81920 bytes 
MD5...: 5e29d2ff1feb25a6a070af40155dda94 
SHA1..: 807fd69b4aea24bea4930217a4fa8efdb60bc472 
SHA256: 0d3fbe6a1096ffcec92520e1f2fb1aa98f3781c05289bceb898757a1c1ebdeaf 
SHA512: e78232d86a05b837bd1aec172fd9e27a266dfa5dde79469f865eab2ef0633e61
ee5fbb301a3d76bf8cb53dce109444d7266ee0b545d2b3ec43a4bc68ddea16ae 
PEiD..: - 
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x402b60
timedatestamp.....: 0x48c21cde (Sat Sep 06 06:02:06 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.pcacoh 0x1000 0x101b0 0x11000 6.61 463cf45ced8bf2dbd992d2d6a986b595
.fggdr 0x12000 0x586 0x1000 2.40 65371c8eaa3508c09689c4c7e6fd1ae0
.hsven 0x13000 0x59bc 0x1000 0.53 d82cb6f66f12eb6befc7f1d7cc6763ec

( 4 imports ) 
> KERNEL32.dll: SetFilePointer, GetDriveTypeW, CreateWaitableTimerW, FindFirstChangeNotificationW, GetLastError, ResetEvent, SetWaitableTimer, GlobalUnlock, GetFileAttributesExW, LoadLibraryA, CloseHandle, lstrcpyW, CancelWaitableTimer, GetProcAddress, GetFileAttributesW, GetTickCount, SizeofResource, GetPrivateProfileStringW, WideCharToMultiByte, VirtualAlloc, WaitForSingleObject
> USER32.dll: RegisterHotKey, RedrawWindow, SetCursorPos, GetWindowTextW, PostThreadMessageW, EndDialog, OffsetRect, LoadIconW, SetForegroundWindow, SystemParametersInfoW, GetDlgItem, FillRect, GetSysColor, IsWindow, InvalidateRect, LoadCursorW, SetWindowTextW, SetWindowPos, DestroyIcon
> GDI32.dll: CreateBitmap, CreateDCW, SelectObject, SetDIBits, SetBkMode
> ADVAPI32.dll: RegQueryValueExW, GetUserNameW, InitializeSecurityDescriptor

( 0 exports ) 
 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=F96F7A310036431840E001C0A5B86900FFC69D8C

samtris · Answer

IE7 installé, même si je m'en sers pas lol

nav rapport :
Search Navipromo version 3.6.5 commencé le 06/09/2008 à 18:22:13,15

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files
avilog1
Session actuelle : "davidt" 

Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\WINDOWS" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1\progra~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\All Users.WINDOWS\menudm~1" ***


*** Recherche dossiers dans "c:\docume~1\alluse~1.win\applic~1" ***


*** Recherche dossiers dans "C:\Documents and Settings\davidt.DAVID\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.DAV\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\DAVID-~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\davidt.DAVID\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.DAV\locals~1\applic~1" *** 


*** Recherche dossiers dans "C:\Documents and Settings\davidt.DAVID\menudm~1\progra~1" *** 


*** Recherche dossiers dans "C:\DOCUME~1\ADMINI~1.DAV\menudm~1\progra~1" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\WINDOWS\system32" *

* Recherche dans "C:\Documents and Settings\davidt.DAVID\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" * 

* Recherche dans "C:\DOCUME~1\ADMINI~1.DAV\locals~1\applic~1" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\WINDOWS\system32" :


* Dans "C:\Documents and Settings\davidt.DAVID\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1\locals~1\applic~1" : 


* Dans "C:\DOCUME~1\ADMINI~1.DAV\locals~1\applic~1" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 06/09/2008 à 18:26:35,60 ***

samtris · Answer

le dernier combo ComboFix 08-09-05.02 - davidt 2008-09-06 18:40:28.5 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1505 [GMT 2:00] Endroit: C:\Documents and Settings\davidt.DAVID\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\davidt.DAVID\Bureau\CFscript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk\bermrsjk.exe C:\WINDOWS\system32\bkpshubu.exe C:\WINDOWS\system32\clqrktuf.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))))))) . 2008-09-06 18:08 . 2008-09-06 18:08 d--h----- C:\WINDOWS\msdownld.tmp 2008-09-06 18:04 . 2008-09-06 18:26 d-------- C:\Program Files\Navilog1 2008-09-06 18:04 . 2008-09-06 18:07 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-09-06 18:03 . 2008-06-23 18:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-06 18:03 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-09-06 18:03 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-09-06 18:03 . 2008-06-23 18:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-09-06 18:03 . 2008-06-23 18:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-09-06 18:03 . 2008-06-23 18:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-09-06 18:03 . 2008-06-23 18:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-09-06 18:03 . 2008-06-23 18:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-09-06 18:03 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-09-06 17:38 . 2008-09-06 17:38 98,304 --a------ C:\WINDOWS\system32\kpmxazmx.exe 2008-09-06 11:15 . 2008-09-06 11:16 d-------- C:\Program Files\RegCleaner 2008-09-06 11:07 . 2008-09-06 11:07 d-------- C:\Program Files\CCleaner 2008-09-06 10:36 . 2008-09-06 10:36 81,920 --a------ C:\WINDOWS\system32\ixadajgf.exe 2008-09-06 08:23 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-09-06 08:23 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-09-06 08:23 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-09-06 08:23 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-09-06 08:23 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-09-06 08:23 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-09-06 08:23 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-09-06 08:23 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-09-06 08:23 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-09-06 08:23 . 2008-09-06 10:13 3,508 --a------ C:\WINDOWS\system32 mp.reg 2008-09-05 20:24 . 2008-09-05 20:24 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-05 20:24 . 2008-09-05 20:24 d-------- C:\Documents and Settings\davidt.DAVID\Application Data\Malwarebytes 2008-09-05 20:24 . 2008-09-05 20:24 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-09-05 20:24 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-05 20:24 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-05 19:32 . 2008-09-05 20:28 d-------- C:\WINDOWS\BDOSCAN8 2008-09-05 19:31 . 2008-09-05 19:31 d-------- C:\Documents and Settings\davidt.DAVID\.housecall6.6 2008-09-05 19:30 . 2008-09-05 19:30 40 --a------ C:\WINDOWS\TSC.INI 2008-09-05 19:29 . 2008-09-05 19:29 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-09-05 19:29 . 2008-09-05 19:29 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-09-05 19:29 . 2008-09-05 19:29 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-09-05 19:00 . 2008-09-05 19:00 d--hs---- C:\Diskeeper 2008-09-05 18:24 . 2008-09-06 18:30 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk 2008-09-05 17:56 . 2008-09-05 17:56 d-------- C:\Program Files\Diskeeper Corporation 2008-09-05 17:56 . 2008-09-05 17:56 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation 2008-08-30 11:07 . 2008-08-30 17:07 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-28 17:16 . 2008-08-28 17:16 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com 2008-08-28 15:35 . 2008-08-28 15:35 d--hs---- C:\Boot 2008-08-28 15:35 . 2008-01-21 04:22 333,203 -rahs---- C:\bootmgr 2008-08-28 15:35 . 2008-08-28 15:35 8,192 -ra-s---- C:\BOOTSECT.BAK 2008-08-28 15:06 . 2008-08-28 15:06 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-08-28 15:04 . 2008-07-04 05:48 9,490,432 --a------ C:\WINDOWS\system32\atioglx2.dll 2008-08-28 15:04 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat 2008-08-28 15:04 . 2008-03-29 05:36 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat 2008-08-28 15:04 . 2008-07-04 05:25 421,888 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2008-08-28 15:04 . 2008-07-04 05:06 253,952 --a------ C:\WINDOWS\system32\atiok3x2.dll 2008-08-28 15:04 . 2008-07-04 04:34 48,640 --a------ C:\WINDOWS\system32\amdpcom32.dll 2008-08-28 15:04 . 2008-07-04 04:29 32,768 --a------ C:\WINDOWS\system32\atiadlxx.dll 2008-08-28 15:04 . 2008-05-13 14:10 13,052 --a------ C:\WINDOWS\atiogl.xml 2008-08-28 14:44 . 2008-08-28 14:44 d--hs---- C:\$RECYCLE.BIN 2008-08-28 12:50 . 2008-08-28 12:50 d-------- C:\Program Files\Innovative Solutions 2008-08-26 18:09 . 2008-08-26 18:09 d-------- C:\WINDOWS\Performance 2008-08-26 18:09 . 2008-08-26 18:09 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-08-26 18:06 . 2008-08-26 18:06 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation 2008-08-26 17:16 . 2008-08-26 17:19 d-------- C:\Documents and Settings\davidt.DAVID\Application Data\Boomzap 2008-08-26 17:15 . 2008-08-26 17:15 d-------- C:\WINDOWS\Jewels of Cleopatra 2 Aztec Mysteries 2008-08-26 08:52 . 2008-08-26 08:52 d-------- C:\Program Files\VirtualDubMOD 2008-08-17 17:47 . 2008-08-17 17:47 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\mwas . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-06 16:04 --------- d-----w C:\Documents and Settings\davidt.DAVID\Application Data\OpenOffice.org2 2008-09-06 10:53 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-06 09:07 --------- d-----w C:\Program Files\GetRight 2008-09-05 18:23 --------- d-----w C:\Program Files\FlashGet 2008-09-05 17:45 --------- d-----w C:\Program Files\Any to Icon 2008-09-04 16:07 --------- d-----w C:\Program Files\MSN Messenger 2008-09-01 15:11 --------- d-----w C:\Program Files\VideoGet 2008-09-01 15:11 --------- d-----w C:\Program Files\Panda Security 2008-08-28 15:16 --------- d-----w C:\Program Files\ma-config.com 2008-08-26 16:12 --------- d-----w C:\Program Files\AAPDA 2008-08-25 15:38 --------- d-----w C:\Documents and Settings\davidt.DAVID\Application Data\Canon 2008-08-17 15:51 --------- d-----w C:\Documents and Settings\davidt.DAVID\Application Data\MatchWare 2008-08-17 15:47 --------- d-----w C:\Program Files\MatchWare 2008-08-09 08:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink 2008-08-06 15:12 4,755,968 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys 2008-08-03 09:09 --------- d-----w C:\Program Files\Avast4 2008-08-02 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-22 16:55 --------- d-----w C:\Program Files\Teamspeak2_RC2 2008-07-22 10:11 --------- d-----w C:\Program Files estjeuxjava 2008-07-15 11:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe 2008-07-11 11:13 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-07-06 11:36 --------- d-----w C:\Program Files\e-Carte Bleue Société Générale 2008-06-19 14:42 2,808,832 ----a-w C:\WINDOWS\ALCWZRD.EXE 2008-06-19 14:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.EXE 2008-06-19 14:20 57,344 ----a-w C:\WINDOWS\ALCMTR.EXE 2008-06-18 16:01 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE 2007-07-12 16:26 81,920 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\ezpinst.exe 2007-07-12 16:26 47,360 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\pcouffin.sys 2006-12-09 18:33 3,958 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\wklnhst.dat 2006-10-07 07:22 94,080 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\ezplay.sys 2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll 2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856] "Google Update"="C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "SmartCmdWeb"="C:\WINDOWS\system32\kpmxazmx.exe" [2008-09-06 98304] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2006-12-15 31552] "WireLessMouse"="C:\Program Files\COMAT Mouse Driver\StartAutorun.exe" [2005-11-30 94208] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304] "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 C:\WINDOWS\RTHDCPL.EXE] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.MJPG"= Pvmjpg30.dll "VIDC.I420"= i420vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^davidt.DAVID^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk] path=C:\Documents and Settings\davidt.DAVID\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-09-25 09:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-08-21 15:52 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeFilterMerit] --a------ 2005-05-17 10:54 40960 C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] --a------ 2008-07-25 11:58 5057368 C:\Program Files\Innovative Solutions\DriverMax\devices.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] --a------ 2006-10-17 03:20 398944 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnApiCmd] --a------ 2008-09-06 10:36 81920 C:\WINDOWS\system32\ixadajgf.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-06-03 12:38 49152 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2004-10-06 20:40 81920 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Presto! PVR Monitor] --a------ 2005-12-14 15:53 49152 C:\Program Files\NewSoft\Presto! PVR\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\BitLord\BitLord.exe"= "C:\Program Files\America's Army\System\ArmyOps.exe"= "D:\pes2008\PES2008.exe"= "D:\World of Padman\wop.exe"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\FlashGet\flashget.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "D:\pinnacle11ultimate\programs\RM.exe"= "D:\pinnacle11ultimate\programs\Studio.exe"= "D:\pinnacle11ultimate\programs\PMSRegisterFile.exe"= "D:\pinnacle11ultimate\programs\umi.exe"= "C:\Program Files\Zattoo\zattood.exe"= "D:\football08\Game.exe"= "D:\Soldat\Soldat.exe"= "C:\Program Files\Maxthon\Maxthon.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336] R3 Cap7134;Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\vm7133.sys [2006-10-29 360736] R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2006-11-21 13512] S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 698368] S3 BDA7700;DiBcom DIB7700 DVB-T;C:\WINDOWS\system32\Drivers\bda7700.sys [2006-03-31 74880] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-11 306432] S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - MARKFUN_NT . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - HKCU-Run-InfoCfgAct - C:\WINDOWS\system32\bkpshubu.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-06 18:43:56 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT] "ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\GIGABYTE\ET5\GUI.exe C:\Program Files\COMAT Mouse Driver\MouseDrv.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-06 18:48:15 - machine was rebooted [davidt] ComboFix-quarantined-files.txt 2008-09-06 16:48:11 ComboFix2.txt 2008-09-06 10:35:49 ComboFix3.txt 2008-02-04 07:50:34 ComboFix4.txt 2008-01-30 08:22:32 Pre-Run: 10,423,009,280 octets libres Post-Run: 10,409,132,032 octets libres 277 --- E O F --- 2008-08-19 08:12:54

samtris · Answer

le dernier hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:36, on 06/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\kpmxazmx.exe
D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Gigabyte\ET5\GUI.exe
C:\Program Files\COMAT Mouse Driver\MouseDrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Maxthon\Maxthon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.01net.com/telecharger/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files
ettransport\NXIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files	estjeuxjava\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files
ettransport\NXToolBar.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files	estjeuxjava\JadInvoker\MidpInvoker.dll
O4 - HKLM\..\Run: [EasyTuneV] C:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\COMAT Mouse Driver\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmartCmdWeb] C:\WINDOWS\system32\kpmxazmx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Link to &MidpX - C:\Program Files	estjeuxjava\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files
ettransport\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files
ettransport\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {63308B48-F435-42FD-AB0A-3564C7BEF9D7} (Toontown IE Helper French) - http://idownload.fr.toontown.com/sv1.5.20.15/ttinst-french.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {D3A7982E-915D-4589-8ECE-249F70D0C941} (Launch Control) - http://aaotracker.com/LaunchGame.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A31A2BC2-272D-4121-893F-BE6C73558247}: NameServer = 80.10.246.2,80.10.246.129
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast4\ashWebSv.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

jlpjlp · Answer

ok pas évident depuis mon tel... Tu as bien fais de mettre internet explorer à jour car windows n'utilise que lui pour se mettre à jour. Pour avancer analyse dans le dossier c:\windows\system32\  les fichiers : yv12vfw.dll et kpmxazmx  et colles les rapports

samtris · Answer

mere, j'ai pas vu ton post hier... bizarre je fais ça ce soir car je suis au taff, je vous tiens au courant.

samtris · Answer

premier fichier :

Fichier kpmxazmx.exe reçu le 2008.09.08 18:23:22 (CET)
Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE 


Résultat: 9/36 (25%)
en train de charger les informations du serveur... 
Votre fichier est dans la file d'attente, en position: 3.
L'heure estimée de démarrage est entre 46 et 66 secondes.
Ne fermez pas la fenêtre avant la fin de l'analyse. 
L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier. 
Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
les résultats seront affichés au fur et à mesure de leur génération. 
 Formaté Impression des résultats  
Votre fichier a expiré ou n'existe pas. 
Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée. 
 Email:  
  

Antivirus Version Dernière mise à jour Résultat 
AhnLab-V3 2008.9.6.0 2008.09.08 - 
AntiVir 7.8.1.28 2008.09.08 - 
Authentium 5.1.0.4 2008.09.07 - 
Avast 4.8.1195.0 2008.09.07 - 
AVG 8.0.0.161 2008.09.08 - 
BitDefender 7.2 2008.09.08 - 
CAT-QuickHeal 9.50 2008.09.06 - 
ClamAV 0.93.1 2008.09.08 - 
DrWeb 4.44.0.09170 2008.09.08 - 
eSafe 7.0.17.0 2008.09.07 - 
eTrust-Vet 31.6.6077 2008.09.08 - 
Ewido 4.0 2008.09.08 - 
F-Prot 4.4.4.56 2008.09.07 - 
F-Secure 8.0.14332.0 2008.09.08 Trojan.Win32.Obfuscated.gx 
Fortinet 3.112.0.0 2008.09.08 W32/PolySmall.BP!tr 
GData 19 2008.09.08 Trojan.Win32.Obfuscated.gx 
Ikarus T3.1.1.34.0 2008.09.08 - 
K7AntiVirus 7.10.446 2008.09.08 - 
Kaspersky 7.0.0.125 2008.09.08 Trojan.Win32.Obfuscated.gx 
McAfee 5378 2008.09.05 - 
Microsoft 1.3903 2008.09.08 TrojanDownloader:Win32/FakeAlert.C 
NOD32v2 3426 2008.09.08 a variant of Win32/TrojanDownloader.FakeAlert.IQ 
Norman 5.80.02 2008.09.08 - 
Panda 9.0.0.4 2008.09.07 - 
PCTools 4.4.2.0 2008.09.08 - 
Prevx1 V2 2008.09.08 Malicious Software 
Rising 20.61.02.00 2008.09.08 - 
Sophos 4.33.0 2008.09.08 Mal/EncPk-DG 
Sunbelt 3.1.1616.1 2008.09.07 - 
Symantec 10 2008.09.08 - 
TheHacker 6.3.0.8.075 2008.09.06 - 
TrendMicro 8.700.0.1004 2008.09.08 - 
VBA32 3.12.8.5 2008.09.08 - 
ViRobot 2008.9.8.1367 2008.09.08 Trojan.Win32.Amvo.Gen 
VirusBuster 4.5.11.0 2008.09.08 - 
Webwasher-Gateway 6.6.2 2008.09.08 - 
Information additionnelle 
File size: 98304 bytes 
MD5...: c3e20722ea9ceb1598ac8c760365cf33 
SHA1..: f17965715e30783a1a34d8ada8233e8c40309f66 
SHA256: 630277f78277aba87a8f5e05d57f4eb87ba133ac9a1806b637dab2045e2a5cbb 
SHA512: c0894d406f86bd6dbbbc404efd31d30530d8b3394e5a692739ab6f765014de77
32b56b8ef3c789f56437ee297f3c3abe27c83f48b8779d281f605a8141daf9ec 
PEiD..: - 
TrID..: File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x414f50
timedatestamp.....: 0x48c29b6c (Sat Sep 06 15:02:04 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.sigwzr 0x1000 0x14504 0x15000 6.78 3d1d24e629564bc13ee902495fc68dc7
.fehrah 0x16000 0x65a 0x1000 2.67 5b650db571c3853b68282e0d70a7c81b
.gbrlik 0x17000 0x59cc 0x1000 0.56 cfa77f7c4c59dfdd58ff0c5670d226a8

( 4 imports ) 
> KERNEL32.dll: SuspendThread, GetTickCount, GetLogicalDrives, FindNextFileW, LoadLibraryA, SetThreadPriority, VirtualFree, ResumeThread, MoveFileW, VirtualAlloc, ReadProcessMemory, ReadFile, SetCurrentDirectoryW, GlobalAddAtomW, DuplicateHandle, FreeLibrary, GetUserDefaultLangID, GetCurrentProcessId, WideCharToMultiByte, SetWaitableTimer, GlobalLock, GetProcAddress, QueryDosDeviceW, SetEndOfFile, GetModuleHandleW, GetFileSize, CancelWaitableTimer, GetSystemTime, InterlockedDecrement, CreateFileW
> USER32.dll: AppendMenuW, IsDlgButtonChecked, FillRect, RegisterWindowMessageW, RedrawWindow, GetParent, GetSystemMetrics, GetWindowTextW, LoadIconW, SetForegroundWindow, DestroyIcon, EndDialog, MessageBoxW, WindowFromPoint, DrawTextW
> GDI32.dll: GetObjectW, StretchBlt, SetTextColor, GetClipBox, GetDeviceCaps, CreateFontIndirectW, CreateBitmap
> ADVAPI32.dll: RegSetValueExW, RegNotifyChangeKeyValue, RegDeleteValueW, RegCreateKeyExW, RegQueryValueExW

( 0 exports ) 
 
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=FCCE7319008C5AF680A301ADF6F7910000377E9E

samtris · Answer

le fichier yv12vfw.dll  a disparu... j'ai fait une recherche, je ne le trouve pas...

jlpjlp · Answer

Ferme tout tes navigateurs (donc copie ou imprime les instructions avant)

Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :


File::
C:\WINDOWS\system32\bkpshubu.exe
C:\WINDOWS\system32\bkpshubu.exe
C:\WINDOWS\system32\clqrktuf.exe
C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk\bermrsjk.exe
C:\WINDOWS\system32\kpmxazmx.exe
C:\WINDOWS\system32\ixadajgf.exe


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"InfoCfgAct"="-
"CmdAppEn"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"WQadfoO3Sb"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartCmdWeb"=-
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EnApiCmd]



Enregistre ce fichier sous le nom CFscript        (attention aux majuscules )


Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe

Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Remets aussi un rapport Hijackthis et dis tes soucis


Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

samtris · Answer

voilà le nouveau scan ComboFix 08-09-05.10 - davidt 2008-09-09 12:03:54.6 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1510 [GMT 2:00] Endroit: C:\Documents and Settings\davidt.DAVID\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\davidt.DAVID\Bureau\CFscript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\ixadajgf.exe C:\WINDOWS\system32\kpmxazmx.exe . ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))))))) . 2008-09-06 18:08 . 2008-09-06 18:08 d--h----- C:\WINDOWS\msdownld.tmp 2008-09-06 18:04 . 2008-09-06 18:26 d-------- C:\Program Files\Navilog1 2008-09-06 18:04 . 2008-09-06 18:07 1,355 --a------ C:\WINDOWS\imsins.BAK 2008-09-06 18:03 . 2008-06-23 18:28 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll 2008-09-06 18:03 . 2007-04-17 11:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat 2008-09-06 18:03 . 2007-03-08 07:10 1,048,576 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui 2008-09-06 18:03 . 2008-06-23 18:28 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll 2008-09-06 18:03 . 2008-06-23 18:28 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll 2008-09-06 18:03 . 2008-06-23 18:28 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll 2008-09-06 18:03 . 2008-06-23 18:28 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll 2008-09-06 18:03 . 2008-06-23 18:28 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2008-09-06 18:03 . 2008-06-23 11:20 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe 2008-09-06 11:15 . 2008-09-06 11:16 d-------- C:\Program Files\RegCleaner 2008-09-06 11:07 . 2008-09-06 11:07 d-------- C:\Program Files\CCleaner 2008-09-06 08:23 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-09-06 08:23 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-09-06 08:23 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-09-06 08:23 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe 2008-09-06 08:23 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-09-06 08:23 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe 2008-09-06 08:23 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe 2008-09-06 08:23 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-09-06 08:23 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-09-06 08:23 . 2008-09-06 10:13 3,508 --a------ C:\WINDOWS\system32 mp.reg 2008-09-05 20:24 . 2008-09-05 20:24 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-05 20:24 . 2008-09-05 20:24 d-------- C:\Documents and Settings\davidt.DAVID\Application Data\Malwarebytes 2008-09-05 20:24 . 2008-09-05 20:24 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes 2008-09-05 20:24 . 2008-09-02 00:16 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-09-05 20:24 . 2008-09-02 00:16 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-09-05 19:32 . 2008-09-05 20:28 d-------- C:\WINDOWS\BDOSCAN8 2008-09-05 19:31 . 2008-09-05 19:31 d-------- C:\Documents and Settings\davidt.DAVID\.housecall6.6 2008-09-05 19:30 . 2008-09-05 19:30 40 --a------ C:\WINDOWS\TSC.INI 2008-09-05 19:29 . 2008-09-05 19:29 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL 2008-09-05 19:29 . 2008-09-05 19:29 286,720 --a------ C:\WINDOWS\PATCH.EXE 2008-09-05 19:29 . 2008-09-05 19:29 69,689 --a------ C:\WINDOWS\UNZIP.DLL 2008-09-05 19:00 . 2008-09-05 19:00 d--hs---- C:\Diskeeper 2008-09-05 18:24 . 2008-09-06 18:30 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\fifczkfk 2008-09-05 17:56 . 2008-09-05 17:56 d-------- C:\Program Files\Diskeeper Corporation 2008-09-05 17:56 . 2008-09-05 17:56 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Diskeeper Corporation 2008-08-30 11:07 . 2008-08-30 17:07 d-------- C:\WINDOWS\system32\CatRoot_bak 2008-08-28 17:16 . 2008-08-28 17:16 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\ma-config.com 2008-08-28 15:35 . 2008-08-28 15:35 d--hs---- C:\Boot 2008-08-28 15:35 . 2008-01-21 04:22 333,203 -rahs---- C:\bootmgr 2008-08-28 15:35 . 2008-08-28 15:35 8,192 -ra-s---- C:\BOOTSECT.BAK 2008-08-28 15:06 . 2008-08-28 15:06 0 --a------ C:\WINDOWS\ativpsrm.bin 2008-08-28 15:04 . 2008-07-04 05:48 9,490,432 --a------ C:\WINDOWS\system32\atioglx2.dll 2008-08-28 15:04 . 2008-03-29 05:36 3,107,788 --a------ C:\WINDOWS\system32\ativva5x.dat 2008-08-28 15:04 . 2008-03-29 05:36 887,724 --a------ C:\WINDOWS\system32\ativva6x.dat 2008-08-28 15:04 . 2008-07-04 05:25 421,888 --a------ C:\WINDOWS\system32\ATIDEMGX.dll 2008-08-28 15:04 . 2008-07-04 05:06 253,952 --a------ C:\WINDOWS\system32\atiok3x2.dll 2008-08-28 15:04 . 2008-07-04 04:34 48,640 --a------ C:\WINDOWS\system32\amdpcom32.dll 2008-08-28 15:04 . 2008-07-04 04:29 32,768 --a------ C:\WINDOWS\system32\atiadlxx.dll 2008-08-28 15:04 . 2008-05-13 14:10 13,052 --a------ C:\WINDOWS\atiogl.xml 2008-08-28 14:44 . 2008-08-28 14:44 d--hs---- C:\$RECYCLE.BIN 2008-08-28 12:50 . 2008-08-28 12:50 d-------- C:\Program Files\Innovative Solutions 2008-08-26 18:09 . 2008-08-26 18:09 d-------- C:\WINDOWS\Performance 2008-08-26 18:09 . 2008-08-26 18:09 d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor 2008-08-26 18:06 . 2008-08-26 18:06 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Corporation 2008-08-26 17:16 . 2008-08-26 17:19 d-------- C:\Documents and Settings\davidt.DAVID\Application Data\Boomzap 2008-08-26 17:15 . 2008-08-26 17:15 d-------- C:\WINDOWS\Jewels of Cleopatra 2 Aztec Mysteries 2008-08-26 08:52 . 2008-08-26 08:52 d-------- C:\Program Files\VirtualDubMOD 2008-08-17 17:47 . 2008-08-17 17:47 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\mwas . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-08 17:51 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-09-08 17:51 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-09-08 16:17 --------- d-----w C:\Documents and Settings\davidt.DAVID\Application Data\OpenOffice.org2 2008-09-06 09:07 --------- d-----w C:\Program Files\GetRight 2008-09-05 18:23 --------- d-----w C:\Program Files\FlashGet 2008-09-05 17:45 --------- d-----w C:\Program Files\Any to Icon 2008-09-04 16:07 --------- d-----w C:\Program Files\MSN Messenger 2008-09-01 15:11 --------- d-----w C:\Program Files\VideoGet 2008-09-01 15:11 --------- d-----w C:\Program Files\Panda Security 2008-08-28 15:16 --------- d-----w C:\Program Files\ma-config.com 2008-08-26 16:12 --------- d-----w C:\Program Files\AAPDA 2008-08-25 15:38 --------- d-----w C:\Documents and Settings\davidt.DAVID\Application Data\Canon 2008-08-17 15:51 --------- d-----w C:\Documents and Settings\davidt.DAVID\Application Data\MatchWare 2008-08-17 15:47 --------- d-----w C:\Program Files\MatchWare 2008-08-09 08:45 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\DVD Shrink 2008-08-06 15:12 4,755,968 ----a-w C:\WINDOWS\system32\drivers\RtkHDAud.sys 2008-08-03 09:09 --------- d-----w C:\Program Files\Avast4 2008-08-02 14:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-22 16:55 --------- d-----w C:\Program Files\Teamspeak2_RC2 2008-07-22 10:11 --------- d-----w C:\Program Files estjeuxjava 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-15 11:47 1,196,032 ----a-w C:\WINDOWS\RtlUpd.exe 2008-07-11 11:13 306,432 ----a-w C:\WINDOWS\system32\TuneUpDefragService.exe 2008-07-11 11:13 --------- d-----w C:\Program Files\TuneUp Utilities 2008 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-04 03:23 309,248 ----a-w C:\WINDOWS\system32\ati2dvag.dll 2008-07-04 03:14 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe 2008-07-04 03:14 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll 2008-07-04 03:14 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll 2008-07-04 03:13 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll 2008-07-04 03:13 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll 2008-07-04 03:12 561,152 ----a-w C:\WINDOWS\system32\ati2evxx.exe 2008-07-04 03:10 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL 2008-07-04 03:01 3,786,144 ----a-w C:\WINDOWS\system32\ati3duag.dll 2008-07-04 02:55 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll 2008-07-04 02:49 2,140,672 ----a-w C:\WINDOWS\system32\ativvaxx.dll 2008-07-04 02:30 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll 2008-07-04 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll 2008-07-04 02:25 5,439,488 ----a-w C:\WINDOWS\system32\atioglxx.dll 2008-07-04 02:22 565,248 ----a-w C:\WINDOWS\system32\ati2cqag.dll 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-19 14:42 2,808,832 ----a-w C:\WINDOWS\ALCWZRD.EXE 2008-06-19 14:27 9,715,200 ----a-w C:\WINDOWS\RTLCPL.EXE 2008-06-19 14:20 57,344 ----a-w C:\WINDOWS\ALCMTR.EXE 2008-06-18 16:01 77,824 ----a-w C:\WINDOWS\SOUNDMAN.EXE 2008-06-10 10:22 10,856 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys 2007-07-12 16:26 81,920 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\ezpinst.exe 2007-07-12 16:26 47,360 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\pcouffin.sys 2006-12-09 18:33 3,958 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\wklnhst.dat 2006-10-07 07:22 94,080 ----a-w C:\Documents and Settings\davidt.DAVID\Application Data\ezplay.sys 2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe 2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll 2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll 2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll 2006-05-03 10:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll 2007-02-21 11:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll 2007-12-17 13:43 27,648 --sh--w C:\WINDOWS\system32\Smab0.dll 2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe 2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-31 68856] "Google Update"="C:\Documents and Settings\davidt.DAVID\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EasyTuneV"="C:\Program Files\Gigabyte\ET5\ETcall.exe" [2006-12-15 31552] "WireLessMouse"="C:\Program Files\COMAT Mouse Driver\StartAutorun.exe" [2005-11-30 94208] "TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-18 1185264] "AcronisTimounterMonitor"="C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-18 1961576] "Acronis Scheduler2 Service"="C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "Launch LGDCore"="C:\Program Files\Logitech\G-series Software\LGDCore.exe" [2006-03-06 1122304] "Launch LCDMon"="C:\Program Files\Logitech\G-series Software\LCDMon.exe" [2006-03-06 497152] "ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184] "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-17 81920] "RTHDCPL"="RTHDCPL.EXE" [2007-04-12 C:\WINDOWS\RTHDCPL.EXE] "SoundMan"="SOUNDMAN.EXE" [2008-06-18 C:\WINDOWS\SOUNDMAN.EXE] "AlcWzrd"="ALCWZRD.EXE" [2008-06-19 C:\WINDOWS\ALCWZRD.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll "msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.MJPG"= Pvmjpg30.dll "VIDC.I420"= i420vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk] path=C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage\Adobe Reader Synchronizer.lnk backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^davidt.DAVID^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk] path=C:\Documents and Settings\davidt.DAVID\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2006-10-22 23:24 620152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC] --a------ 2006-09-25 09:12 90112 C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-08-21 15:52 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeFilterMerit] --a------ 2005-05-17 10:54 40960 C:\Program Files\NewSoft\Presto! PVR\ChangeFilterMerit.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMax] --a------ 2008-07-25 11:58 5057368 C:\Program Files\Innovative Solutions\DriverMax\devices.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] --a------ 2006-10-17 03:20 398944 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] --a------ 2002-06-03 12:38 49152 C:\Program Files\ScanSoft\OmniPageSE\opware32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService] --------- 2004-10-06 20:40 81920 C:\Program Files\Home Cinema\PowerCinema\PCMService.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Presto! PVR Monitor] --a------ 2005-12-14 15:53 49152 C:\Program Files\NewSoft\Presto! PVR\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --a------ 2007-03-03 14:12 341488 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\Program Files\BitLord\BitLord.exe"= "C:\Program Files\America's Army\System\ArmyOps.exe"= "D:\pes2008\PES2008.exe"= "D:\World of Padman\wop.exe"= "C:\Program Files\VideoLAN\VLC\vlc.exe"= "C:\Program Files\FlashGet\flashget.exe"= "C:\WINDOWS\system32\dpvsetup.exe"= "D:\pinnacle11ultimate\programs\RM.exe"= "D:\pinnacle11ultimate\programs\Studio.exe"= "D:\pinnacle11ultimate\programs\PMSRegisterFile.exe"= "D:\pinnacle11ultimate\programs\umi.exe"= "C:\Program Files\Zattoo\zattood.exe"= "D:\football08\Game.exe"= "D:\Soldat\Soldat.exe"= "C:\Program Files\Maxthon\Maxthon.exe"= "C:\Program Files\MSN Messenger\msnmsgr.exe"= "C:\Program Files\MSN Messenger\livecall.exe"= "%windir%\Network Diagnostic\xpnetdiag.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 IJPLMSVC;PIXMA Extended Survey Program;C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2006-11-10 99936] R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 14336] R3 Cap7134;Cap7134 Capture;C:\WINDOWS\system32\DRIVERS\vm7133.sys [2006-10-29 360736] R3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2006-11-21 13512] S3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2004-09-03 698368] S3 BDA7700;DiBcom DIB7700 DVB-T;C:\WINDOWS\system32\Drivers\bda7700.sys [2006-03-31 74880] S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-11 306432] S3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 11672] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - MARKFUN_NT . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-EnApiCmd - C:\WINDOWS\system32\ixadajgf.exe ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-09 12:08:13 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cach‚s ... Balayage cach‚ autostart entries ... Balayage des fichiers cach‚s ... Scan termin‚ avec succŠs Les fichiers cach‚s: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT] "ImagePath"="\??\C:\Program Files\Gigabyte\ET5\markfun.w32" . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\Avast4\aswUpdSv.exe C:\Program Files\Avast4\ashServ.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\GIGABYTE\ET5\GUI.exe C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe C:\Program Files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\COMAT Mouse Driver\MouseDrv.exe D:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Avast4\ashMaiSv.exe C:\Program Files\Avast4\ashWebSv.exe . ************************************************************************** . Temps d'accomplissement: 2008-09-09 12:13:26 - machine was rebooted ComboFix-quarantined-files.txt 2008-09-09 10:13:23 ComboFix2.txt 2008-09-06 16:48:16 ComboFix3.txt 2008-09-06 10:35:49 ComboFix4.txt 2008-02-04 07:50:34 ComboFix5.txt 2008-09-09 10:03:26 Pre-Run: 24,989,491,200 octets libres Post-Run: 24,979,222,528 octets libres 296 --- E O F --- 2008-08-19 08:12:54

jlpjlp · Answer

encore des problèmes? Colle un nouveau hijackthis

samtris · Answer

ce midi, l'ordi a tourné normalement, je verrais ce soir, je te tiens au courant demain. merci encore.

samtris · Answer

pour l'instant, cela semble réglé, je confirme demain.

jlpjlp · Answer

pour protéger gratos ton ordi

http://www.commentcamarche.net/telecharger/logiciel 4 securite

mettre un antivirus

AVAST en français   ou ANTIVIR (en anglais mais très efficace)
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
-------------
des anti-espions :
MalwareByte's Anti-Malware + SPYBOT +/-    si tea timer non active de spybot: 
 WINDOWS    DEFENDER 

+
SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation  : il suffit de faire "update" pour mettre à jour tous les mois  et ensuite" enable all protection" pour immuniser)...

Rq : spybot et ad-aware ont sorti de nouvelles versions cette année vérifiez que vous avez la dernière version 
--------
un pare feu :
celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) 

http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

 https://forum.pcastuces.com/sujet.asp?f=25&s=35606 
https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
https://manuelsdaide.com/contact/
http://www.open-files.com/forum/index.php?showtopic=29277
http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

-----------
CCLEANER pour effacer les traces de surf
---------
naviguer avec firefox ou safari ou opera et non internet explorer plus  touché par les virus
http://www.mozilla-europe.org/fr/products/firefox/

samtris · Answer

bon, voilà, aucun signe du virus depuis hier, merci pour vos conseils, la machine est propre.

comme antivirus, j'ai avast, j'utilise le parefeu xp. je pense que je vais mettre online armor.

MalwareByte's Anti-Malware + SPYBOT +WINDOWS DEFENDER + SPYWAREBLASTER : ce sont des logiciels à utiliser périodiquement pour n ettoyer ou ils tournent en tâche de fond comme avast pour filtrer au fur et à mesure ???


Sympa de prendre votre temps pour lire tous ces rapports fastidieux et éclairer nos lanternes.

jlpjlp · Answer

windows defender scan tout seul , les autres il faut les lancer tous les 15 jours a 1 mois en gros pour mettre a jour et scanner l'ordi (sauf spywareblaster qui ne fait que immuniser l'ordi contre certaines infections et ne fais pas de scan)

samtris · Answer

merci beaucoup.

Ordinateur infesté

32 réponses

Discussions similaires

Newsletters