Tom's Guide > Forum > Sécurité - Virus > pc infecté (XP)
pc infecté (XP) - Sécurité - Virus
TomsGuide.com : 800 000 inscrits répondent à toutes vos questions high-tech et informatique. Pour obtenir de l'aide, inscrivez-vous gratuitement !
Répondre
Mot :    Pseudo :           
 
lramusl   03-09-2008 à 23:46:04

bonjour à tous,
un pote a un pc qui est complètement infecté (et c'est pas peu dire...). Au démarrage il a plein de message d'erreur du type "fichier .dll manquant...". De plus à côté de l'heure il y a écrit "VIRUS ALERT" (il a avast comme antivirus, je ne crois pas que ce soit avast qui mette ça, c'est à mon avis un virus...). Aussi, il y a d'autre problème genre le wifi qui marche plus (j'ai testé sous linux en live cd, sa carte wifi marche...).
Bref, je vous post un log hijackthis, si quelqu'un a un peu de temps pour me filer un coup de main sachant qu'il n'a pas de cd de win sous la main et que j'aimerais lui remettre son xp a neuf (ou presque) pour lui faire beau dual boot ubuntu/XP.
merci d'avance

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:39: VIRUS ALERT!, on 03/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.p [...] Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

F3 - REG:win.ini: run=C:\Documents and Settings\Admin\Application Data\Adobe\Manager.exe

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: QXK Olive - {4A10BF18-AE42-4D89-8D72-0742D83AA2C6} - C:\WINDOWS\wnlmdakqqas.dll (file missing)

O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\xml2u32h.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: bgrqfetx - {E0597566-BAA7-49B5-875B-5E203D363229} - C:\WINDOWS\bgrqfetx.dll (file missing)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [{af80c20b-fa3d-4cdf-97b5-a319f57e7367}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\kecnkmoatvcrxmla.dll" DllStart

O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] p=ZKfox000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activ [...] stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: xokvrpwg - {FBF94A46-F36F-4AEF-A47D-0C37D4D44747} - C:\WINDOWS\xokvrpwg.dll (file missing)

O21 - SSODL: tfnslopk - {6B2EB1ED-5BA8-4A18-A531-200F5CAC2A2E} - C:\WINDOWS\tfnslopk.dll (file missing)

O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

O24 - Desktop Component 1: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm



--

End of file - 11647 bytes

------------------------------ R a M u S
Répondre
Liens sponsorisés
Inscrivez-vous ou connectez-vous pour masquer ceci.
Angeldark   04-09-2008 à 18:06:30
- 0 +

Bonjour,

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   04-09-2008 à 20:05:15
- 0 +

bonjour et merci de t'occuper de mon problème.
Voici le rapport que tu as demandé :

Code :
  1. SmitFraudFix v2.345
  5. Rapport fait à 20:01:26,00, 04/09/2008
  7. Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix
  9. OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
  11. Le type du système de fichiers est FAT32
  13. Fix executé en mode normal
  17. »»»»»»»»»»»»»»»»»»»»»»»» Process
  21. C:\WINDOWS\System32\smss.exe
  23. C:\WINDOWS\system32\csrss.exe
  25. C:\WINDOWS\system32\winlogon.exe
  27. C:\WINDOWS\system32\services.exe
  29. C:\WINDOWS\system32\lsass.exe
  31. C:\WINDOWS\system32\Ati2evxx.exe
  33. C:\WINDOWS\system32\svchost.exe
  35. C:\WINDOWS\system32\svchost.exe
  37. C:\WINDOWS\System32\svchost.exe
  39. C:\WINDOWS\system32\svchost.exe
  41. C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
  43. C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
  45. C:\WINDOWS\system32\svchost.exe
  47. C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
  49. C:\Program Files\Alwil Software\Avast4\ashServ.exe
  51. C:\WINDOWS\system32\spoolsv.exe
  53. C:\WINDOWS\system32\svchost.exe
  55. C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
  57. C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
  59. C:\WINDOWS\system32\svchost.exe
  61. C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
  63. C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
  65. C:\WINDOWS\System32\alg.exe
  67. C:\WINDOWS\system32\Ati2evxx.exe
  69. C:\WINDOWS\Explorer.EXE
  71. C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  73. C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  75. C:\Program Files\Arcade\PCMService.exe
  77. C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
  79. C:\acer\epm\epm-dm.exe
  81. C:\Program Files\Acer\eRecovery\Monitor.exe
  83. C:\Program Files\Launch Manager\QtZgAcer.EXE
  85. C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
  87. C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
  89. C:\Program Files\iTunes\iTunesHelper.exe
  91. C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
  93. C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
  95. C:\WINDOWS\system32\ctfmon.exe
  97. C:\Program Files\Messenger\msmsgs.exe
  99. C:\Program Files\SuperCopier2\SuperCopier2.exe
  101. C:\Program Files\iPod\bin\iPodService.exe
  103. C:\WINDOWS\system32\wuauclt.exe
  105. C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  107. C:\WINDOWS\system32\wuauclt.exe
  109. C:\WINDOWS\system32\cmd.exe
  111. C:\WINDOWS\system32\wbem\wmiprvse.exe
  115. »»»»»»»»»»»»»»»»»»»»»»»» hosts
  121. »»»»»»»»»»»»»»»»»»»»»»»» C:\
  127. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
  131. C:\WINDOWS\privacy_danger PRESENT !
  135. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
  141. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
  147. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
  153. »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
  159. »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin
  165. »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Admin\Application Data
  171. »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
  177. »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMIN\FAVORIS
  181. C:\DOCUME~1\ADMIN\FAVORIS\Error Cleaner.url PRESENT !
  183. C:\DOCUME~1\ADMIN\FAVORIS\Privacy Protector.url PRESENT !
  185. C:\DOCUME~1\ADMIN\FAVORIS\Spyware?Malware Protection.url PRESENT !
  189. »»»»»»»»»»»»»»»»»»»»»»»» Bureau
  193. C:\DOCUME~1\ADMIN\BUREAU\Privacy Protector.url PRESENT !
  197. »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
  203. »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
  209. »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
  213. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
  215. "Source"="About:Home"
  217. "SubscribedURL"="About:Home"
  219. "FriendlyName"="Ma page d'accueil"
  223. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
  225. "Source"="file:///C:\\WINDOWS\\privacy_danger\\index.htm"
  227. "SubscribedURL"=""
  229. "FriendlyName"="Privacy Protection"
  233. »»»»»»»»»»»»»»»»»»»»»»»» IEDFix
  235. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  239. IEDFix
  241. Credits: Malware Analysis & Diagnostic
  243. Code: S!Ri
  251. »»»»»»»»»»»»»»»»»»»»»»»» VACFix
  253. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  257. VACFix
  259. Credits: Malware Analysis & Diagnostic
  261. Code: S!Ri
  267. »»»»»»»»»»»»»»»»»»»»»»»» 404Fix
  269. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  273. 404Fix
  275. Credits: Malware Analysis & Diagnostic
  277. Code: S!Ri
  283. »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
  285. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  289. AntiXPVSTFix
  291. Credits: Malware Analysis & Diagnostic
  293. Code: S!Ri
  301. »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
  303. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  307. SrchSTS.exe by S!Ri
  309. Search SharedTaskScheduler's .dll
  315. »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
  317. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  321. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
  323. "AppInit_DLLs"=""
  329. »»»»»»»»»»»»»»»»»»»»»»»» Winlogon
  331. !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
  335. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
  337. "Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
  339. "System"=""
  345. »»»»»»»»»»»»»»»»»»»»»»»» RK
  353. »»»»»»»»»»»»»»»»»»»»»»»» DNS
  361. »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
  367. »»»»»»»»»»»»»»»»»»»»»»»» Fin

------------------------------ R a M u S
 Répondre à lramusl
Angeldark   04-09-2008 à 20:16:07
- 0 +

Re,

Redémarre en mode sans échec

Lance SmitfraudFix.exe et choisis cette fois l'Option 2 et réponds oui à la ou les questions.
Sauvegarde le rapport sur ton Bureau.

Redémarre normalement.

Poste les rapports Hijackthis et SmitfraudFix.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   04-09-2008 à 20:27:10
- 0 +

et voilà :

SmitFraudFix v2.345



Rapport fait à 20:23:34,40, 04/09/2008

Executé à partir de C:\Documents and Settings\Admin\Bureau\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Le type du système de fichiers est FAT32

Fix executé en mode sans echec



»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus





»»»»»»»»»»»»»»»»»»»»»»»» hosts





127.0.0.1 localhost



»»»»»»»»»»»»»»»»»»»»»»»» VACFix



VACFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri





»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix



S!Ri's WS2Fix: LSP not Found.




»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix



GenericRenosFix by S!Ri





»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés



C:\WINDOWS\privacy_danger\ supprimé

C:\DOCUME~1\ADMIN\BUREAU\Privacy Protector.url supprimé

C:\DOCUME~1\ADMIN\FAVORIS\Error Cleaner.url supprimé

C:\DOCUME~1\ADMIN\FAVORIS\Privacy Protector.url supprimé

C:\DOCUME~1\ADMIN\FAVORIS\Spyware?Malware Protection.url supprimé



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix



IEDFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri







»»»»»»»»»»»»»»»»»»»»»»»» 404Fix



404Fix

Credits: Malware Analysis & Diagnostic

Code: S!Ri





»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix



AntiXPVSTFix

Credits: Malware Analysis & Diagnostic

Code: S!Ri







»»»»»»»»»»»»»»»»»»»»»»»» RK





»»»»»»»»»»»»»»»»»»»»»»»» DNS







»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires





»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""





»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre



Nettoyage terminé.



»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!



SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll





»»»»»»»»»»»»»»»»»»»»»»»» Fin


Répondre à lramusl
lramusl   04-09-2008 à 20:27:46
- 0 +

oups j'ai oublié le rapport hijack, je fais ça tout de suite

Répondre à lramusl
lramusl   04-09-2008 à 20:29:35
- 0 +

le voici :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:28:20, on 04/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MyWebSearch\bar\2.bin\m3SkPlay.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wuauclt.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: QXK Olive - {4A10BF18-AE42-4D89-8D72-0742D83AA2C6} - C:\WINDOWS\wnlmdakqqas.dll (file missing)

O2 - BHO: XMLDP Class - {72A128E0-2240-40c8-9E92-5387D64F839E} - C:\WINDOWS\xml2u32h.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: bgrqfetx - {E0597566-BAA7-49B5-875B-5E203D363229} - C:\WINDOWS\bgrqfetx.dll (file missing)

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [{af80c20b-fa3d-4cdf-97b5-a319f57e7367}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\kecnkmoatvcrxmla.dll" DllStart

O4 - HKLM\..\Run: [PCPrivacyCleaner] C:\Program Files\PCPrivacyCleaner\pcpc.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=2 /w

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolb [...] p=ZKfox000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activ [...] stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O21 - SSODL: xokvrpwg - {FBF94A46-F36F-4AEF-A47D-0C37D4D44747} - C:\WINDOWS\xokvrpwg.dll (file missing)

O21 - SSODL: tfnslopk - {6B2EB1ED-5BA8-4A18-A531-200F5CAC2A2E} - C:\WINDOWS\tfnslopk.dll (file missing)

O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe



--

End of file - 10750 bytes

Répondre à lramusl
Angeldark   04-09-2008 à 20:33:20
- 0 +

Re,

Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !

  • Télécharge ComboFix (sUBs) sur ton Bureau.
  • Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
  • Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.


AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   04-09-2008 à 20:45:44
- 0 +

voila :

ComboFix 08-09-03.06 - Admin 2008-09-04 20:37:24.1 - [color=red]FAT32[/color]x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.678 [GMT 2:00]

Endroit: C:\Documents and Settings\Admin\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration



[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]

.



(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.



C:\Documents and Settings\Admin\Application Data\FunWebProducts

C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus-2008pro.lnk

C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\PCPrivacyCleaner.lnk

C:\Documents and Settings\Admin\Cookies\admin@ad.yieldmanager[1].txt

C:\Documents and Settings\Admin\Cookies\admin@clickintext[1].txt

C:\Documents and Settings\Admin\Menu Démarrer\NOCREDITCARD.lnk

C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Antivirus 2008 PRO

C:\Documents and Settings\Admin\Menu Démarrer\Programmes\Antivirus 2008 PRO\antivirus-2008pro.lnk

C:\Documents and Settings\Admin\ravmonlog

C:\Documents and Settings\All Users\Application Data\Secure Solutions

C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806110857937.log

C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806113946765.log

C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806115039156.log

C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806120309328.log

C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806150943109.log

C:\Documents and Settings\All Users\Application Data\Secure Solutions\Antispyware 2008 XP\LOG\20080806153216000.log

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PCPrivacyCleaner

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PCPrivacyCleaner\PCPrivacyCleaner.lnk

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PCPrivacyCleaner\Uninstall PCPrivacyCleaner.lnk

C:\Program Files\Antivirus 2008 PRO

C:\Program Files\Antivirus 2008 PRO\vscan.tsi

C:\Program Files\Antivirus 2008 PRO\zlib.dll

C:\Program Files\FunWebProducts

C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html

C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html

C:\Program Files\Instant Access

C:\Program Files\instant access\Center\NoCreditCard.lnk

C:\Program Files\instant access\DesktopIcons\NoCreditCard.lnk

C:\Program Files\instant access\Multi\20070621140642\Common\module.php

C:\Program Files\instant access\Multi\20070621140642\dialerexe.ini

C:\Program Files\instant access\Multi\20070621140642\js\js_api_dialer.php

C:\Program Files\instant access\Multi\20070621140642\medias\button1.jpg

C:\Program Files\instant access\Multi\20070621140642\medias\button2.jpg

C:\Program Files\instant access\Multi\20070621140642\medias\button3.jpg

C:\Program Files\instant access\Multi\20070621140642\medias\button4.jpg

C:\Program Files\instant access\Multi\20070621140642\medias\dialer.ico

C:\Program Files\internet explorer\msimg32.dll

C:\Program Files\MyWebSearch

C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL

C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL

C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3BKGERR.JPG

C:\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR

C:\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE

C:\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\F3SPACER.WMV

C:\Program Files\MyWebSearch\bar\2.bin\F3WALLPP.DAT

C:\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL

C:\Program Files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG

C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR

C:\Program Files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3MEDINT.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3MSG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR

C:\Program Files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST

C:\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL

C:\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE

C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL

C:\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL

C:\Program Files\MyWebSearch\bar\2.bin\MWSSVC.EXE

C:\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL

C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Cache\000179BF

C:\Program Files\MyWebSearch\bar\Cache\000B7365

C:\Program Files\MyWebSearch\bar\Cache\000B74EC.bin

C:\Program Files\MyWebSearch\bar\Cache\000B9A17.bin

C:\Program Files\MyWebSearch\bar\Cache\000B9B50.bin

C:\Program Files\MyWebSearch\bar\Cache\000B9D05.bin

C:\Program Files\MyWebSearch\bar\Cache\00197882.bin

C:\Program Files\MyWebSearch\bar\Cache\00197A27.bin

C:\Program Files\MyWebSearch\bar\Cache\00197C6A.bin

C:\Program Files\MyWebSearch\bar\Cache\00197DC1.bin

C:\Program Files\MyWebSearch\bar\Cache\00197F48.bin

C:\Program Files\MyWebSearch\bar\Cache\029819D3.bin

C:\Program Files\MyWebSearch\bar\Cache\02981B69.bin

C:\Program Files\MyWebSearch\bar\Cache\02981CD1.bin

C:\Program Files\MyWebSearch\bar\Cache\02981F51

C:\Program Files\MyWebSearch\bar\Cache\0395F0CC.bin

C:\Program Files\MyWebSearch\bar\Cache\files.ini

C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S

C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S

C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S

C:\Program Files\MyWebSearch\bar\History\search2

C:\Program Files\MyWebSearch\bar\History\search3

C:\Program Files\MyWebSearch\bar\icons\CM.ICO

C:\Program Files\MyWebSearch\bar\icons\MFC.ICO

C:\Program Files\MyWebSearch\bar\icons\PSS.ICO

C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO

C:\Program Files\MyWebSearch\bar\icons\WB.ICO

C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO

C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm

C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif

C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif

C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S

C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S

C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S

C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S

C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S

C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S

C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S

C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S

C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S

C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm

C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat

C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

C:\Program Files\PCPrivacyCleaner

C:\WINDOWS\dialerexe.ini

C:\WINDOWS\system32\drivers\npf.sys

C:\WINDOWS\system32\f3PSSavr.scr

C:\WINDOWS\system32\packet.dll

C:\WINDOWS\system32\pthreadVC.dll

C:\WINDOWS\system32\wpcap.dll

C:\WINDOWS\system32\wxmmin.dll

C:\WINDOWS\xml2u32h.dll



.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.



-------\Legacy_MYWEBSEARCHSERVICE

-------\Service_MyWebSearchService

-------\Service_NPF





((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-08-04 to 2008-09-04 ))))))))))))))))))))))))))))))))))))

.



2008-09-04 20:01 . 2008-09-04 20:23 4,962 --a------ C:\WINDOWS\system32\tmp.reg

2008-09-04 20:00 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe

2008-09-04 20:00 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe

2008-09-04 20:00 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe

2008-09-04 20:00 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe

2008-09-04 20:00 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe

2008-09-04 20:00 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe

2008-09-04 20:00 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe

2008-09-04 20:00 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe

2008-09-04 20:00 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe

2008-09-04 20:00 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

2008-09-03 23:39 . 2008-09-03 23:39 <REP> d-------- C:\Program Files\Trend Micro

2008-08-19 15:47 . 2008-08-19 15:47 <REP> d-------- C:\WINDOWS\system32\CatRoot_bak

2008-08-15 13:16 . 2008-08-15 13:16 <REP> d-------- C:\Program Files\Music Mixer 4

2008-08-07 12:36 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS

2008-08-07 12:36 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys

2008-08-06 15:26 . 2004-08-05 05:00 634,880 --a------ C:\WINDOWS\system32\getuname.dll

2008-08-06 12:03 . 2008-08-06 12:03 <REP> d-------- C:\WINDOWS\CAVTemp

2008-08-06 11:23 . 2008-08-06 11:23 <REP> d-------- C:\Documents and Settings\Admin\Application Data\TuneUp Software

2008-08-06 11:09 . 2008-08-06 11:09 64,362 --a------ C:\WINDOWS\system32\taqwewqeml.exe

2008-08-06 11:08 . 2008-08-06 11:09 <REP> d-------- C:\Documents and Settings\All Users\Application Data\services

2008-08-05 12:36 . 2008-08-05 12:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Azureus

2008-08-05 12:36 . 2008-08-05 12:36 <REP> d-------- C:\Documents and Settings\Admin\Application Data\Azureus

2008-08-05 12:35 . 2008-08-05 12:35 <REP> d-------- C:\Program Files\Azureus

2008-08-05 12:35 . 2008-08-05 12:35 <REP> d-------- C:\Program Files\AskSBar

2008-08-04 18:55 . 2008-08-04 18:55 <REP> d-------- C:\Program Files\Sonic Foundry

2008-08-04 18:55 . 2001-10-19 14:40 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll

2008-08-04 18:55 . 2001-10-19 14:40 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll

2008-08-04 18:55 . 2001-10-19 14:39 572,752 --a------ C:\WINDOWS\system32\wmvdmoe.dll

2008-08-04 18:55 . 2001-10-19 14:40 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll

2008-08-04 18:55 . 2001-10-19 02:05 285,184 --a------ C:\WINDOWS\system32\wmidx2.ocx

2008-08-04 18:55 . 2008-08-04 18:55 156,910 --a------ C:\WINDOWS\WMSysPr8.prx



.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll

2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\dllcache\es.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll

2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\dllcache\mscms.dll

2008-06-24 08:28 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-06-23 09:21 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-06-23 09:21 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-06-21 05:23 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll

2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll

2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll

2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys

2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys

2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys

2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys

2007-11-22 15:53 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat

2007-08-20 10:21 56,688 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT

2007-08-13 14:55 8 ----a-w C:\Documents and Settings\Admin\Application Data\usb.dat.bin

.



((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

REGEDIT4



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-08-05 66912]



[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]

2008-08-05 12:36 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 15360]

"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208]

"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" [X]

"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X]

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 98394]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 688218]

"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]

"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-04-28 344064]

"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]

"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]

"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]

"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]

"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 286720]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-10 270648]



[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 15360]



[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\Azureus\\Azureus.exe"=

"C:\\Program Files\\eMule\\eMule.exe"=



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"13254:TCP"= 13254:TCP:NortonAV



R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]

R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{018b4900-2e36-11dd-8352-0013ce9035db}]

\Shell\AutoRun\command - G:\LaunchU3.exe -a



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ede6d330-1d7c-11dc-8246-0013ce9035db}]

\Shell\AutoRun\command - F:\ReadMe.exe

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

.

- - - - ORPHANS REMOVED - - - -



HKLM-Run-{af80c20b-fa3d-4cdf-97b5-a319f57e7367} - C:\WINDOWS\system32\kecnkmoatvcrxmla.dll

HKLM-Run-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

HKLM-Run-My Web Search Bar Search Scope Monitor - C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

HKU-Default-Run-msnmsgr - C:\Program Files\MSN Messenger\msnmsgr.exe





.

------- Supplementary Scan -------

.

FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\e3pk1zoz.default\

FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://fr.search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=

FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://fr.yahoo.com/

FF -: plugin - C:\Program Files\Adobe\Acrobat 6.0\Reader\browser\nppdf32.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npitunes.dll

FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

.



**************************************************************************



catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-09-04 20:40:58

Windows 5.1.2600 Service Pack 2 FAT NTAPI



Balayage processus cach‚s ...



Balayage cach‚ autostart entries ...



Balayage des fichiers cach‚s ...



Scan termin‚ avec succŠs

Les fichiers cach‚s: 0



**************************************************************************



[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]

"ImagePath"="\??\C:\DOCUME~1\Admin\LOCALS~1\Temp\mc22.tmp"

.

------------------------ Other Running Processes ------------------------

.

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\EVTENG.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\S24EVMON.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE

C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE

C:\PROGRAM FILES\FICHIERS COMMUNS\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE

C:\PROGRAM FILES\INTEL\WIRELESS\BIN\REGSRVC.EXE

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\WINDOWS\SYSTEM32\RUNDLL32.EXE

C:\WINDOWS\system32\wscntfy.exe

C:\PROGRAM FILES\IPOD\BIN\IPODSERVICE.EXE

.

**************************************************************************

.

Temps d'accomplissement: 2008-09-04 20:43:17 - machine was rebooted

ComboFix-quarantined-files.txt 2008-09-04 18:43:14



Pre-Run: 27,761,803,264 octets libres

Post-Run: 27,799,781,376 octets libres



341 --- E O F --- 2008-09-02 16:18:17

Répondre à lramusl
lramusl   04-09-2008 à 20:56:07
- 0 +

petite question en passant, tu conseilles quel antivirus ?

Répondre à lramusl
Angeldark   04-09-2008 à 21:05:56
- 0 +

On verra ces questions à la fin.

Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

AIDE : Tuto en images sur MBAM

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   04-09-2008 à 21:09:17
- 0 +

je peux pas connecté le pc à internet donc pour la mise à jour ça va pas être possible...
je fais quoi ?

Répondre à lramusl
lramusl   05-09-2008 à 09:49:21
- 0 +

voici le rapport MBAM :

Malwarebytes' Anti-Malware 1.26

Version de la base de données: 1103

Windows 5.1.2600 Service Pack 2



05/09/2008 09:47:09

mbam-log-2008-09-05 (09-47-09).txt



Type de recherche: Examen complet (C:\|D:\|)

Eléments examinés: 99063

Temps écoulé: 4 hour(s), 29 minute(s), 51 second(s)



Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 110

Valeur(s) du Registre infectée(s): 2

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 0

Fichier(s) infecté(s): 65



Processus mémoire infecté(s):

(Aucun élément nuisible détecté)



Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)



Clé(s) du Registre infectée(s):

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlaybarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.browseroverlayembed.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{d778513b-1c40-4819-b0c5-49e40b39afd0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mxlivemedia (Malware.Trace) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\bgrqfetx.bbae (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\MIME\Database\Content Type\application/x-f3embed (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.



Valeur(s) du Registre infectée(s):

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.



Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)



Dossier(s) infecté(s):

(Aucun élément nuisible détecté)



Fichier(s) infecté(s):

C:\WINDOWS\system32\taqwewqeml.exe (Malware.Trace) -> Quarantined and deleted successfully.

C:\Program Files\MSN Messenger\riched20.dll (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\Program Files\MSN Messenger\msimg32.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032880.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032881.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032882.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032883.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032884.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032885.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032886.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032887.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032888.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032889.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032890.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032891.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032892.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032894.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032895.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032896.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032898.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032899.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032900.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP260\A0032901.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033116.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033117.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033118.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033119.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033121.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033123.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033125.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033128.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033130.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033131.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033133.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033136.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033137.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033138.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033144.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033145.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033149.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033151.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033162.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP262\A0033164.dll (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\xml2u32h.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\Documents and Settings\Admin\Bureau\PCPrivacyCleaner.lnk (Rogue.PCPrivacyCleaner) -> Quarantined and deleted successfully.

Répondre à lramusl
Angeldark   05-09-2008 à 18:09:30
- 0 +

Pas grave pour la MaJ. Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   05-09-2008 à 18:55:53
- 0 +

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:54:40, on 05/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activ [...] stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe



--

End of file - 8510 bytes

Répondre à lramusl
Angeldark   05-09-2008 à 19:03:21
- 0 +

Re,

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   05-09-2008 à 19:05:41
- 0 +

ok, donc j'imagine que tout ça touche à sa fin. En tout cas merci beaucoup !
A plus tard pour le rapport antivir.

Répondre à lramusl
lramusl   05-09-2008 à 19:55:27
- 0 +

rapport antivir :





Avira AntiVir Personal

Report file date: vendredi 5 septembre 2008 19:27



Scanning for 1369550 virus strains and unwanted programs.



Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: ACER-19B694409A



Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54

AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42

LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20

LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16

ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:54

ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:48

Engineversion : 8.1.1.19

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22

AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:48

AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:50

AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:50

AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:36

AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:22

AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:48

AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:50

AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:48

AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:22

AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:22

AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:50

AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06

AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02

AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:22

AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08

RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38



Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium



Start of the scan: vendredi 5 septembre 2008 19:27



The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'SuperCopier2.exe' - '1' Module(s) have been scanned

Scan process 'MSMSGS.EXE' - '1' Module(s) have been scanned

Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'Monitor.exe' - '1' Module(s) have been scanned

Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned

Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned

Scan process 'ATIPTAXX.EXE' - '1' Module(s) have been scanned

Scan process 'PCMService.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned

Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned

Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned

Scan process 'ALG.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'EvtEng.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

42 processes with 42 modules were scanned



Starting master boot sector scan:

Master boot sector HD0

[INFO] No virus was found!

Master boot sector HD1

[INFO] No virus was found!



Start scanning boot sectors:

Boot sector 'C:\'

[INFO] No virus was found!

Boot sector 'D:\'

[INFO] No virus was found!



Starting to scan the registry.

The registry was scanned ( '69' files ).





Starting the file scan:



Begin scan in 'C:\' <ACER>

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\hiberfil.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\' <ACERDATA>





End of the scan: vendredi 5 septembre 2008 19:53

Used time: 26:18 Minute(s)



The scan has been done completely.



5922 Scanning directories

296598 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

296596 Files not concerned

7059 Archives were scanned

2 Warnings

0 Notes


Répondre à lramusl
Angeldark   05-09-2008 à 21:03:51
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   05-09-2008 à 21:55:51
- 0 +

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:55:11, on 05/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activ [...] stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe



--

End of file - 8442 bytes

Répondre à lramusl
Angeldark   06-09-2008 à 12:21:19
- 0 +

Re,

Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   06-09-2008 à 13:36:02
- 0 +

Re,
voici :


-----------\\ ToolBar S&D 1.1.7 XP/Vista



Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 2.00GHz )

BIOS : Phoenix NoteBIOS 4.0 Release 6.1

USER : Admin ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)



"C:\ToolBar SD" ( MAJ : 04-09-2008|15:03 )

Option : [1] ( 06/09/2008|13:32 )



-----------\\ Recherche de Fichiers / Dossiers ...



C:\Program Files\AskSBar

C:\Program Files\AskSBar\bar

C:\Program Files\AskSBar\SrchAstt

C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[1].txt

C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[2].txt

C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[4].txt

C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll



-----------\\ Extensions



(Admin) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar





-----------\\ [..\Internet Explorer\Main]



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\windows\\system32\\blank.htm"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"



[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\windows\\system32\\blank.htm"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"





--------------------\\ Recherche d'autres infections





Aucune autre infection trouvée !





1 - "C:\ToolBar SD\TB_1.txt" - 06/09/2008|13:35 - Option : [1]



-----------\\ Fin du rapport a 13:35:08,32


Répondre à lramusl
Angeldark   06-09-2008 à 13:38:44
- 0 +

Re,

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   06-09-2008 à 13:50:11
- 0 +



-----------\\ ToolBar S&D 1.1.7 XP/Vista



Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 2

X86-based PC ( Uniprocessor Free : Intel(R) Pentium(R) M processor 2.00GHz )

BIOS : Phoenix NoteBIOS 4.0 Release 6.1

USER : Admin ( Administrator )

BOOT : Normal boot

Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated)



"C:\ToolBar SD" ( MAJ : 04-09-2008|15:03 )

Option : [2] ( 06/09/2008|13:43 )



-----------\\ SUPPRESSION



Supprime! - C:\Program Files\AskSBar\bar

Supprime! - C:\Program Files\AskSBar\SrchAstt

Supprime! - C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[1].txt

Supprime! - C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[2].txt

Supprime! - C:\DOCUME~1\Admin\Cookies\admin@mywebsearch[4].txt

Supprime! - C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

Supprime! - C:\Program Files\AskSBar



-----------\\ Recherche de Fichiers / Dossiers ...





-----------\\ Extensions



(Admin) - {635abd67-4fe9-1b23-4f01-e679fa7484c1} => ytoolbar





-----------\\ [..\Internet Explorer\Main]



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\windows\\system32\\blank.htm"

"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"



[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"

"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

"Local Page"="C:\\windows\\system32\\blank.htm"

"Start Page"="http://www.msn.com/"





--------------------\\ Recherche d'autres infections





Aucune autre infection trouvée !





1 - "C:\ToolBar SD\TB_1.txt" - 06/09/2008|13:35 - Option : [1]

2 - "C:\ToolBar SD\TB_2.txt" - 06/09/2008|13:44 - Option : [2]



-----------\\ Fin du rapport a 13:44:47,04


Répondre à lramusl
Angeldark   06-09-2008 à 14:08:55
- 0 +

Reposte un rapport Hijackthis.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   06-09-2008 à 14:18:11
- 0 +

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:17:30, on 06/09/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Acer\eRecovery\Monitor.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe



R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activ [...] stubie.cab

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe



--

End of file - 7949 bytes

Répondre à lramusl
Angeldark   06-09-2008 à 14:39:45
- 0 +

Tu as encore des soucis ?

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   06-09-2008 à 14:51:46
- 0 +

J'arrive toujours pas à connecté le pc a internet en wifi : il me dit qu'il capte des réseaux mais quand je fais actualiser la liste des réseaux il n'en voit aucun alors que c'est sur qu'il y en a. Je sais pas si ça peut venir d'un virus, je vais peut-être poster ailleurs.
En tout cas merci beaucoup de t'être occupé de mon problème.

Répondre à lramusl
Angeldark   06-09-2008 à 15:03:04
- 0 +

Tu devrais poster ça dans la section Internet & Réseaux.

------------------------------ Prévention & Protection||Vous m'aimez ? Cliquez :o
 Répondre à Angeldark
lramusl   06-09-2008 à 15:06:37
- 0 +

En effet, merci beaucoup et bonne continuation...

Répondre à lramusl
lramusl   06-09-2008 à 16:53:53
- 0 +

La chance n'a rien n'a voir la dedans (quoique avec microsoft...) ;)

Répondre à lramusl
lramusl   06-09-2008 à 17:38:02
- 0 +

héhé, de temps en temps ça fait pas de mal..

Répondre à lramusl
Créer un nouveau sujet Répondre
Tom's Guide > Forum > Sécurité - Virus > pc infecté (XP)
Aller à :

Il y a 1867 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.

Plan du forum
Forum Bestofmedia ©
2000-2009 Bestofmedia Group
Page générée en 0,397 secondes
Attention

Vous allez répondre sur un sujet resté inactif pendant plus de 6 mois.
Assurez-vous d'apporter des éléments nouveaux à la discussion avant de poursuivre.

Répondre Annuler
Liens