Se connecter / S'enregistrer
Votre question

HELP pc infestè

Tags :
  • Internet Explorer
  • Sécurité
Dernière réponse : dans Sécurité et virus
4 Avril 2008 13:21:05

Logfile of HijackThis v1.99.1
Scan saved at 13:21:07, on 04/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\progra~1\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\TBONBin\tbon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\fournier\LOCALS~1\Temp\Rar$EX00.594\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [XeroxRegistation] "C:\DOCUME~1\fournier\LOCALS~1\Temp\Xerox\EReg\opbreg.exe" /Startup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LTM2] C:\WINDOWS\litmus\widrar.exe
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] /L:FRN
O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/html - (no CLSID) - (no file)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



Aider moi s'il vous plait ?

Autres pages sur : help infesta

4 Avril 2008 17:22:18

Salut,

Un bonjour et des explications seraient la bienvenue !
4 Avril 2008 18:03:35

Bonjour, j'aimerais pouvoir enlever tous ces jolies virus de mon pc :) 
Contenus similaires
4 Avril 2008 18:18:44

Re,
Télécharge Combofix (de sUBs) sur ton Bureau. (Tuto)

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista])
Tape sur la touche 1 (Yes) pour démarrer le scan.
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : C:\Combofix.txt
4 Avril 2008 19:40:21

ComboFix 08-04-03.5 - fournier 2008-04-04 19:34:29.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.713 [GMT 2:00]
Endroit: C:\Documents and Settings\fournier\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\system32\drivers\fad.sys

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.

2008-04-03 20:35 . 2008-04-03 20:35 <REP> d-------- C:\Program Files\Avira
2008-04-03 20:35 . 2008-04-03 20:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-31 19:24 . 2008-03-31 19:28 <REP> d-------- C:\Program Files\Project64 1.6
2008-03-31 00:42 . 2008-03-31 04:01 42 --a------ C:\WINDOWS\popcinfo.dat
2008-03-30 20:14 . 2008-03-30 20:14 268 --ah----- C:\sqmdata00.sqm
2008-03-30 20:14 . 2008-03-30 20:14 244 --ah----- C:\sqmnoopt00.sqm
2008-03-29 22:26 . 2008-03-29 22:26 <REP> d-------- C:\Program Files\Microsoft Games
2008-03-29 20:42 . 2008-03-29 20:43 <REP> d-------- C:\Program Files\Cossacks
2008-03-29 20:42 . 2001-03-16 20:34 4,358,144 -ra------ C:\WINDOWS\uncsetup.exe
2008-03-29 20:42 . 2008-03-29 20:42 53,248 --a------ C:\WINDOWS\SYSTEM32\unrar.dll
2008-03-16 12:07 . 2004-08-05 13:00 16,384 -r-hs---- C:\3o.exe
2008-03-09 22:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2008-03-09 22:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbprint.sys
2008-03-09 22:37 . 2008-03-09 22:39 103,516 -r-hs---- C:\b.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 14:24 --------- d-----w C:\Program Files\Steam
2008-03-02 23:37 --------- d-----w C:\Documents and Settings\fournier\Application Data\U3
2008-02-27 14:53 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-27 14:52 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-27 14:51 --------- d-----w C:\Program Files\Amphibizorus
2008-02-27 14:50 --------- d-----w C:\Program Files\Yahoo!
2008-02-27 14:50 --------- d-----w C:\Program Files\Washer
2008-02-27 14:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 14:49 --------- d-----w C:\Program Files\TBONBin
2008-02-27 14:48 --------- d-----w C:\Program Files\iPod
2008-02-27 14:47 --------- d-----w C:\Program Files\eMule
2008-02-27 14:26 --------- d-----w C:\Program Files\Zeb-Utility
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"Steam"="c:\progra~1\steam\steam.exe" [2008-03-29 19:34 1271032]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"LTM2"="C:\WINDOWS\litmus\widrar.exe" [ ]
"SB Audigy 2 Startup Menu"=" /L:FRN" []
"tbon"="C:\Program Files\TBONBin\tbon.exe" [2006-01-07 17:18 82944]
"avpa"="C:\WINDOWS\system32\avpo.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-02 00:10 4616192]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23 135168]
"CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-05 13:00 12288 C:\WINDOWS\SYSTEM32\REGSVR32.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-19 11:44 98304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]
"BO1HelperStartUp"="C:\PROGRA~1\BUTTER~1\BO1HEL~1.exe" [2004-11-01 20:31 253952]
"Tweak UI"="TWEAKUI.CPL" [2001-03-19 01:41 110640 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.lhacm"= lhacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-30 02:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 10:18 49152 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 09:04 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-05-04 18:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Amphibizorus\\mirc.exe"=
"C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\day of defeat\\hl.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\SIERRA\\Counter-Strike\\cstrike.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\quake 3 team arena demo\\taquake3.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a6b40ed-0242-11dd-aaed-001111ead834}]
\Shell\AutoRun\command - G:\mvxm.cmd
\Shell\explore\Command - G:\mvxm.cmd
\Shell\open\Command - G:\mvxm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4656efb0-896f-11dc-aaaf-001111ead834}]
\Shell\AutoRun\command - xyw9tmdj.com
\Shell\explore\Command - xyw9tmdj.com
\Shell\open\Command - xyw9tmdj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4bf42d6-e8b0-11dc-aad3-001111ead834}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce71665a-5fdf-11dc-aaa1-001111ead834}]
\Shell\AutoRun\command - F:\jiwsxh39.exe
\Shell\explore\Command - F:\jiwsxh39.exe
\Shell\open\Command - F:\jiwsxh39.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f356be-aff7-11dc-aabf-001111ead834}]
\Shell\AutoRun\command - F:\uxdeiect.com
\Shell\explore\Command - F:\uxdeiect.com
\Shell\open\Command - F:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d91583fa-e544-11dc-aad2-001111ead834}]
\Shell\AutoRun\command - F:\ylr.exe
\Shell\explore\Command - F:\ylr.exe
\Shell\open\Command - F:\ylr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd4bf3b4-cda5-11dc-aacc-001111ead834}]
\Shell\AutoRun\command - F:\ntde1ect.com
\Shell\explore\Command - F:\ntde1ect.com
\Shell\open\Command - F:\ntde1ect.com

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-04 19:36:30
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-04 19:36:50
ComboFix-quarantined-files.txt 2008-04-04 17:36:42
Pre-Run: 60,583,710,720 octets libres
Post-Run: 60,568,051,712 octets libres
.
2008-03-30 00:07:10 --- E O F ---


voila puis j'ai deja desinfecter un pc par tuto, donc j'ai conserver les logiciels.
5 Avril 2008 00:01:31

Re,

Télécharge Flash Disinfector (de sUBs) sur ton Bureau

Connecte tous les périphériques externes ( DD , USB , ..... )

Double clique sur Flash Disinfector et laisse toi guider.

*******

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\popcinfo.dat

Folder::
C:\Program Files\TBONBin

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTM2"="-
"SB Audigy 2 Startup Menu"=-
"tbon"=-
"avpa"=-


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
5 Avril 2008 01:28:31

ComboFix 08-04-03.5 - fournier 2008-04-05 1:23:27.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.564 [GMT 2:00]
Endroit: C:\Documents and Settings\fournier\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\fournier\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\WINDOWS\popcinfo.dat
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\TBONBin
C:\Program Files\TBONBin\tbon.exe
C:\Program Files\TBONBin\tboninst.cfg
C:\Program Files\TBONBin\TBONUnst.htm
C:\Program Files\TBONBin\TBONWnd.EXE
C:\Program Files\TBONBin\Uninstall.exe
C:\WINDOWS\popcinfo.dat

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-04 to 2008-04-04 ))))))))))))))))))))))))))))))))))))
.

2008-04-04 21:36 . 2008-04-04 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-04-04 21:36 . 2008-04-04 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-03 20:35 . 2008-04-03 20:35 <REP> d-------- C:\Program Files\Avira
2008-04-03 20:35 . 2008-04-03 20:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-31 19:24 . 2008-03-31 19:28 <REP> d-------- C:\Program Files\Project64 1.6
2008-03-30 20:14 . 2008-03-30 20:14 268 --ah----- C:\sqmdata00.sqm
2008-03-30 20:14 . 2008-03-30 20:14 244 --ah----- C:\sqmnoopt00.sqm
2008-03-29 22:26 . 2008-03-29 22:26 <REP> d-------- C:\Program Files\Microsoft Games
2008-03-29 20:42 . 2008-03-29 20:43 <REP> d-------- C:\Program Files\Cossacks
2008-03-29 20:42 . 2001-03-16 20:34 4,358,144 -ra------ C:\WINDOWS\uncsetup.exe
2008-03-29 20:42 . 2008-03-29 20:42 53,248 --a------ C:\WINDOWS\SYSTEM32\unrar.dll
2008-03-16 12:07 . 2004-08-05 13:00 16,384 -r-hs---- C:\3o.exe
2008-03-09 22:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2008-03-09 22:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbprint.sys
2008-03-09 22:37 . 2008-03-09 22:39 103,516 -r-hs---- C:\b.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 21:26 --------- d-----w C:\Program Files\Steam
2008-04-04 19:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-02 23:37 --------- d-----w C:\Documents and Settings\fournier\Application Data\U3
2008-02-27 14:53 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-27 14:51 --------- d-----w C:\Program Files\Amphibizorus
2008-02-27 14:50 --------- d-----w C:\Program Files\Yahoo!
2008-02-27 14:50 --------- d-----w C:\Program Files\Washer
2008-02-27 14:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 14:48 --------- d-----w C:\Program Files\iPod
2008-02-27 14:47 --------- d-----w C:\Program Files\eMule
2008-02-27 14:26 --------- d-----w C:\Program Files\Zeb-Utility
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_19.36.35,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-07 10:05:19 62,016 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
+ 2008-04-04 18:39:40 61,632 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"Steam"="c:\progra~1\steam\steam.exe" [2008-03-29 19:34 1271032]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]
"LTM2"="C:\WINDOWS\litmus\widrar.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-02 00:10 4616192]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23 135168]
"CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-05 13:00 12288 C:\WINDOWS\SYSTEM32\REGSVR32.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-19 11:44 98304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]
"BO1HelperStartUp"="C:\PROGRA~1\BUTTER~1\BO1HEL~1.exe" [2004-11-01 20:31 253952]
"Tweak UI"="TWEAKUI.CPL" [2001-03-19 01:41 110640 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-04 20:39 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.lhacm"= lhacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-30 02:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 10:18 49152 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 09:04 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-05-04 18:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Amphibizorus\\mirc.exe"=
"C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\day of defeat\\hl.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\SIERRA\\Counter-Strike\\cstrike.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\quake 3 team arena demo\\taquake3.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a6b40ed-0242-11dd-aaed-001111ead834}]
\Shell\AutoRun\command - G:\mvxm.cmd
\Shell\explore\Command - G:\mvxm.cmd
\Shell\open\Command - G:\mvxm.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4656efb0-896f-11dc-aaaf-001111ead834}]
\Shell\AutoRun\command - xyw9tmdj.com
\Shell\explore\Command - xyw9tmdj.com
\Shell\open\Command - xyw9tmdj.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4bf42d6-e8b0-11dc-aad3-001111ead834}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce71665a-5fdf-11dc-aaa1-001111ead834}]
\Shell\AutoRun\command - F:\jiwsxh39.exe
\Shell\explore\Command - F:\jiwsxh39.exe
\Shell\open\Command - F:\jiwsxh39.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f356be-aff7-11dc-aabf-001111ead834}]
\Shell\AutoRun\command - F:\uxdeiect.com
\Shell\explore\Command - F:\uxdeiect.com
\Shell\open\Command - F:\uxdeiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d91583fa-e544-11dc-aad2-001111ead834}]
\Shell\AutoRun\command - F:\ylr.exe
\Shell\explore\Command - F:\ylr.exe
\Shell\open\Command - F:\ylr.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd4bf3b4-cda5-11dc-aacc-001111ead834}]
\Shell\AutoRun\command - F:\ntde1ect.com
\Shell\explore\Command - F:\ntde1ect.com
\Shell\open\Command - F:\ntde1ect.com

*Newly Created Service* - ADOBE_LM_SERVICE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 01:25:22
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-05 1:25:48
ComboFix-quarantined-files.txt 2008-04-04 23:25:39
ComboFix2.txt 2008-04-04 17:36:51
Pre-Run: 60,483,784,704 octets libres
Post-Run: 60,468,068,352 octets libres
.
2008-03-30 00:07:10 --- E O F ---






HIJACK




Logfile of HijackThis v1.99.1
Scan saved at 01:28:21, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\fournier\LOCALS~1\Temp\Rar$EX00.547\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LTM2] C:\WINDOWS\litmus\widrar.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

5 Avril 2008 10:56:32

Re,

Copie le texte se situant dans le cadre ci-dessous :
File::
C:\mvxm.cmd
D:\mvxm.cmd
E:\mvxm.cmd
F:\mvxm.cmd
G:\mvxm.cmd
C:\xyw9tmdj.com
D:\xyw9tmdj.com
E:\xyw9tmdj.com
F:\xyw9tmdj.com
G:\xyw9tmdj.com
C:\jiwsxh39.exe
D:\jiwsxh39.exe
E:\jiwsxh39.exe
F:\jiwsxh39.exe
G:\jiwsxh39.exe
C:\uxdeiect.com
D:\uxdeiect.com
E:\uxdeiect.com
F:\uxdeiect.com
G:\uxdeiect.com
C:\ylr.exe
D:\ylr.exe
E:\ylr.exe
F:\ylr.exe
G:\ylr.exe


Folder::
C:\Windows\Litmus

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LTM2"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d91583fa-e544-11dc-aad2-001111ead834}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0f356be-aff7-11dc-aabf-001111ead834}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ce71665a-5fdf-11dc-aaa1-001111ead834}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a6b40ed-0242-11dd-aaed-001111ead834}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4656efb0-896f-11dc-aaaf-001111ead834}]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
5 Avril 2008 15:02:01

ComboFix 08-04-03.5 - fournier 2008-04-05 14:56:36.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.671 [GMT 2:00]
Endroit: C:\Documents and Settings\fournier\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\fournier\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

FILE ::
C:\jiwsxh39.exe
C:\mvxm.cmd
C:\uxdeiect.com
C:\xyw9tmdj.com
C:\ylr.exe
D:\jiwsxh39.exe
D:\mvxm.cmd
D:\uxdeiect.com
D:\xyw9tmdj.com
D:\ylr.exe
E:\jiwsxh39.exe
E:\mvxm.cmd
E:\uxdeiect.com
E:\xyw9tmdj.com
E:\ylr.exe
F:\jiwsxh39.exe
F:\mvxm.cmd
F:\uxdeiect.com
F:\xyw9tmdj.com
F:\ylr.exe
G:\jiwsxh39.exe
G:\mvxm.cmd
G:\uxdeiect.com
G:\xyw9tmdj.com
G:\ylr.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\uxdeiect.com

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
.

2008-04-04 21:36 . 2008-04-04 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
2008-04-04 21:36 . 2008-04-04 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-04-03 20:35 . 2008-04-03 20:35 <REP> d-------- C:\Program Files\Avira
2008-04-03 20:35 . 2008-04-03 20:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-31 19:24 . 2008-03-31 19:28 <REP> d-------- C:\Program Files\Project64 1.6
2008-03-30 20:14 . 2008-03-30 20:14 268 --ah----- C:\sqmdata00.sqm
2008-03-30 20:14 . 2008-03-30 20:14 244 --ah----- C:\sqmnoopt00.sqm
2008-03-29 22:26 . 2008-03-29 22:26 <REP> d-------- C:\Program Files\Microsoft Games
2008-03-29 20:42 . 2008-03-29 20:43 <REP> d-------- C:\Program Files\Cossacks
2008-03-29 20:42 . 2001-03-16 20:34 4,358,144 -ra------ C:\WINDOWS\uncsetup.exe
2008-03-29 20:42 . 2008-03-29 20:42 53,248 --a------ C:\WINDOWS\SYSTEM32\unrar.dll
2008-03-16 12:07 . 2004-08-05 13:00 16,384 -r-hs---- C:\3o.exe
2008-03-09 22:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
2008-03-09 22:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbprint.sys
2008-03-09 22:37 . 2008-03-09 22:39 103,516 -r-hs---- C:\b.com

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 12:12 --------- d-----w C:\Program Files\Steam
2008-04-04 19:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-02 23:37 --------- d-----w C:\Documents and Settings\fournier\Application Data\U3
2008-02-27 14:53 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-02-27 14:51 --------- d-----w C:\Program Files\Amphibizorus
2008-02-27 14:50 --------- d-----w C:\Program Files\Yahoo!
2008-02-27 14:50 --------- d-----w C:\Program Files\Washer
2008-02-27 14:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 14:48 --------- d-----w C:\Program Files\iPod
2008-02-27 14:47 --------- d-----w C:\Program Files\eMule
2008-02-27 14:26 --------- d-----w C:\Program Files\Zeb-Utility
.

((((((((((((((((((((((((((((( snapshot@2008-04-04_19.36.35,87 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-09-07 10:05:19 62,016 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
+ 2008-04-04 18:39:40 61,632 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
+ 2008-04-05 12:12:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"Steam"="c:\progra~1\steam\steam.exe" [2008-03-29 19:34 1271032]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-02 00:10 4616192]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23 135168]
"CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-05 13:00 12288 C:\WINDOWS\SYSTEM32\REGSVR32.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-19 11:44 98304]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]
"BO1HelperStartUp"="C:\PROGRA~1\BUTTER~1\BO1HEL~1.exe" [2004-11-01 20:31 253952]
"Tweak UI"="TWEAKUI.CPL" [2001-03-19 01:41 110640 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-04 20:39 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.VP40"= vp4vfw.dll
"msacm.lhacm"= lhacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-09-30 02:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-10-29 10:18 49152 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-04-26 09:04 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-05-04 18:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
C:\Program Files\Kazaa\kazaa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a------ 2004-01-07 02:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\counter-strike\\hl.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Amphibizorus\\mirc.exe"=
"C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\counter-strike source\\hl2.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\day of defeat\\hl.exe"=
"C:\\Program Files\\Xfire\\Xfire.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"C:\\SIERRA\\Counter-Strike\\cstrike.exe"=
"C:\\Program Files\\Steam\\SteamApps\\common\\quake 3 team arena demo\\taquake3.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4bf42d6-e8b0-11dc-aad3-001111ead834}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd4bf3b4-cda5-11dc-aacc-001111ead834}]
\Shell\AutoRun\command - F:\ntde1ect.com
\Shell\explore\Command - F:\ntde1ect.com
\Shell\open\Command - F:\ntde1ect.com

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-05 14:59:29
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-05 15:00:13
ComboFix-quarantined-files.txt 2008-04-05 13:00:05
ComboFix2.txt 2008-04-04 23:25:49
ComboFix3.txt 2008-04-04 17:36:51
Pre-Run: 60,462,948,352 octets libres
Post-Run: 60,446,232,576 octets libres
.
2008-03-30 00:07:10 --- E O F ---







HIJACK



Logfile of HijackThis v1.99.1
Scan saved at 15:01:51, on 05/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\basfipm.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\progra~1\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\fournier\LOCALS~1\Temp\Rar$EX00.907\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

5 Avril 2008 16:26:55

Re,

Clique sur démarrer --> exécuter, tape CMD puis valide par ok.
(Si tu es sous Vista, clique seulement sur démarrer, tape CMD et valide par entrée)
Colle ligne par ligne en validant entre deux (par entrée) les lignes suivantes dans la fenêtre noire qui apparaît.
cd\
del /f /q b.com
del /f /q 3o.exe


********

Comment se comporte l'ordi?

********

Télécharge sur ton bureau : Clean (de Malekal) >Tuto<
Dézippe le sur ton bureau. Double-clic sur ce dossier clean.
Double-clic sur clean.cmd. (L’extension cmd peut ne pas apparaître) Cela va ouvrir une fenêtre noire.
Un menu va apparaître, choisis l'option 1 puis entrée. Ensuite appuies sur une touche comme il te sera demandé.
Poste le rapport se trouve ici : C:\rapport_clean.txt

Si tu obtiens un fichier C:\upload_moi.zip, merci de faire ceci.
5 Avril 2008 16:36:35

Il me dit "impossible de trouver C:\ b.com" et "impossible de trouver C:\ 3o.exe"
5 Avril 2008 16:41:54

05/04/2008 a 16:38:19,28

*** Recherche des fichiers dans C:
C:\autorun.inf FOUND

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32
"C:\WINDOWS\system32\P2P Networking v126.cpl" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Need2Find\" FOUND





j'ai un fichier texte "resultat_clean" le ve tu?
5 Avril 2008 16:46:54

Non c'est bon ;) 

Copie le texte se situant dans le cadre ci-dessous :

File::
C:\WINDOWS\system32\P2P Networking v126.cpl
C:\b.com
C:\3o.exe

Folder::
C:\Program Files\Need2Find


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.

********

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    [#ff0000]REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]


    AIDE : Tuto en images sur MBAM
    5 Avril 2008 16:52:38

    ComboFix 08-04-03.5 - fournier 2008-04-05 16:49:28.4 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.559 [GMT 2:00]
    Endroit: C:\Documents and Settings\fournier\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\fournier\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

    FILE ::
    C:\3o.exe
    C:\b.com
    C:\WINDOWS\system32\P2P Networking v126.cpl
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\3o.exe
    C:\b.com
    C:\Program Files\Need2Find
    C:\Program Files\Need2Find\bar\History\search
    C:\WINDOWS\system32\P2P Networking v126.cpl

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-03-05 to 2008-04-05 ))))))))))))))))))))))))))))))))))))
    .

    2008-04-05 16:38 . 2008-04-05 16:38 12,229,164 --a------ C:\upload_moi_JULIEN.tar.gz
    2008-04-04 21:36 . 2008-04-04 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe Systems Shared
    2008-04-04 21:36 . 2008-04-04 21:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
    2008-04-03 20:35 . 2008-04-03 20:35 <REP> d-------- C:\Program Files\Avira
    2008-04-03 20:35 . 2008-04-03 20:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-31 19:24 . 2008-03-31 19:28 <REP> d-------- C:\Program Files\Project64 1.6
    2008-03-30 20:14 . 2008-03-30 20:14 268 --ah----- C:\sqmdata00.sqm
    2008-03-30 20:14 . 2008-03-30 20:14 244 --ah----- C:\sqmnoopt00.sqm
    2008-03-29 22:26 . 2008-03-29 22:26 <REP> d-------- C:\Program Files\Microsoft Games
    2008-03-29 20:42 . 2008-03-29 20:43 <REP> d-------- C:\Program Files\Cossacks
    2008-03-29 20:42 . 2001-03-16 20:34 4,358,144 -ra------ C:\WINDOWS\uncsetup.exe
    2008-03-29 20:42 . 2008-03-29 20:42 53,248 --a------ C:\WINDOWS\SYSTEM32\unrar.dll
    2008-03-09 22:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\usbprint.sys
    2008-03-09 22:49 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\SYSTEM32\DLLCACHE\usbprint.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-04-05 13:45 --------- d-----w C:\Program Files\Steam
    2008-04-04 19:36 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-03-02 23:37 --------- d-----w C:\Documents and Settings\fournier\Application Data\U3
    2008-02-27 14:53 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
    2008-02-27 14:51 --------- d-----w C:\Program Files\Amphibizorus
    2008-02-27 14:50 --------- d-----w C:\Program Files\Yahoo!
    2008-02-27 14:50 --------- d-----w C:\Program Files\Washer
    2008-02-27 14:49 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-27 14:48 --------- d-----w C:\Program Files\iPod
    2008-02-27 14:47 --------- d-----w C:\Program Files\eMule
    2008-02-27 14:26 --------- d-----w C:\Program Files\Zeb-Utility
    .

    ((((((((((((((((((((((((((((( snapshot@2008-04-04_19.36.35,87 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2007-09-07 10:05:19 62,016 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
    + 2008-04-04 18:39:40 61,632 ----a-w C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys
    + 2008-04-05 12:12:31 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_7a0.dat
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "Steam"="c:\progra~1\steam\steam.exe" [2008-03-29 19:34 1271032]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-11-02 00:10 4616192]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 14:03 36975]
    "IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-06-29 12:23 135168]
    "CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 28672 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
    "AsioReg"="REGSVR32.exe" [2004-08-05 13:00 12288 C:\WINDOWS\SYSTEM32\REGSVR32.EXE]
    "UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
    "dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-12-06 02:05 127035]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-05-19 11:44 98304]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 13:00 110592 C:\WINDOWS\SYSTEM32\BTHPROPS.CPL]
    "BO1HelperStartUp"="C:\PROGRA~1\BUTTER~1\BO1HEL~1.exe" [2004-11-01 20:31 253952]
    "Tweak UI"="TWEAKUI.CPL" [2001-03-19 01:41 110640 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-04 20:39 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.VP40"= vp4vfw.dll
    "msacm.lhacm"= lhacm.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
    --a------ 2002-09-30 02:00 45056 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
    --a------ 2002-10-29 10:18 49152 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    --------- 2004-04-26 09:04 53248 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    --a------ 2005-05-04 18:21 278528 C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]
    C:\Program Files\Kazaa\kazaa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
    --a------ 2004-01-07 02:01 110592 C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Steam\\Steam.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\counter-strike\\hl.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Amphibizorus\\mirc.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\counter-strike source\\hl2.exe"=
    "C:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
    "C:\\WINDOWS\\SYSTEM32\\RUNDLL32.EXE"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\julesetpol212@hotmail.com\\day of defeat\\hl.exe"=
    "C:\\Program Files\\Xfire\\Xfire.exe"=
    "C:\\Program Files\\LimeWire\\LimeWire.exe"=
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\MSN Messenger\\livecall.exe"=
    "C:\\WINDOWS\\SYSTEM32\\DPLAYSVR.EXE"=
    "C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
    "C:\\SIERRA\\Counter-Strike\\cstrike.exe"=
    "C:\\Program Files\\Steam\\SteamApps\\common\\quake 3 team arena demo\\taquake3.exe"=


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4bf42d6-e8b0-11dc-aad3-001111ead834}]
    \Shell\AutoRun\command - F:\LaunchU3.exe -a

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd4bf3b4-cda5-11dc-aacc-001111ead834}]
    \Shell\AutoRun\command - F:\ntde1ect.com
    \Shell\explore\Command - F:\ntde1ect.com
    \Shell\open\Command - F:\ntde1ect.com

    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-04-05 16:51:05
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-04-05 16:51:28
    ComboFix-quarantined-files.txt 2008-04-05 14:51:20
    ComboFix2.txt 2008-04-05 13:00:13
    ComboFix3.txt 2008-04-04 23:25:49
    ComboFix4.txt 2008-04-04 17:36:51
    Pre-Run: 60,393,123,840 octets libres
    Post-Run: 60,377,346,048 octets libres
    .
    2008-03-30 00:07:10 --- E O F ---









    HIJACK




    Logfile of HijackThis v1.99.1
    Scan saved at 16:52:32, on 05/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\progra~1\steam\steam.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\fournier\LOCALS~1\Temp\Rar$EX00.969\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    5 Avril 2008 18:22:56

    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 593

    Type de recherche: Examen complet (A:\|C:\|)
    Eléments examinés: 108373
    Temps écoulé: 25 minute(s), 34 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 15

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP434\A0135507.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP435\A0135528.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP436\A0135533.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP437\A0135538.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP438\A0135545.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP439\A0136532.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP439\A0137531.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP440\A0137535.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP440\A0138640.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP440\A0138675.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP440\A0138718.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP441\A0138723.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP442\A0138727.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP442\A0139700.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP452\A0144226.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
    5 Avril 2008 18:27:08

    LE RAPPORT AUSSI SA PE PE ETRE TE SERVIR . . .






    Malwarebytes' Anti-Malware 1.10
    Version de la base de données: 593

    Type de recherche: Examen complet (A:\|C:\|)
    Eléments examinés: 108373
    Temps écoulé: 25 minute(s), 34 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 15

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP434\A0135507.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP435\A0135528.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP436\A0135533.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP437\A0135538.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP438\A0135545.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP439\A0136532.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP439\A0137531.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP440\A0137535.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP440\A0138640.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP440\A0138675.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP440\A0138718.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP441\A0138723.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP442\A0138727.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP442\A0139700.exe (Spyware.OnlineGames) -> No action taken.
    C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP452\A0144226.exe (Spyware.OnlineGames) -> No action taken.
    5 Avril 2008 20:18:14

    Oh Au faite quand j'ai redemarer pour passer en mode sans echec, il ma dit un truc du genre strike F1 Drive5 . . . et j'avai le choix entre deux obtion bizar enfin bon j'ai pas rencontrer d'autre prob.
    5 Avril 2008 23:46:32

    Et finalelment, comment es-tu passé en mode sans échec ? (cela dépend des pc pour les touches, à quel moment)

    Reposte un HijackThis.
    6 Avril 2008 00:50:56

    jai fait F5 et F8 toute les secondes en meme temp, puis pour quitter ces obtions, j'ai fait F1.

    Logfile of HijackThis v1.99.1
    Scan saved at 00:50:50, on 06/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\basfipm.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\DOCUME~1\fournier\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Steam] "c:\progra~1\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} -
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    6 Avril 2008 11:09:03

    Re,

    Relance HiJackThis, do a system scan only, coche ces lignes (si toujours présentes) :
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked!


    ********

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer. (Tuto)
    Autorise les active x.
    Clique sur Démarrer Online Scanner.
    Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
    Colle son rapport ici.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS