Bonjour et par avance merci !
Je suis depuis hier infecté par je ne sais trop quoi qui m'empêche l'accès aux site parlant de sécurité informatique, qui me redirige vers des sites commerciaux et qui plus est empêche avast de ce mettre à jour...
En parcourant le forum, j'ai pu constater qu'une première chose à faire était de lancer hijack this et de poster le log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:44:53, on 21/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6215199071
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 3561321093
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.ado [...] nos/gp.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)
--
End of file - 10176 bytes
Comme pour la plupart des non initié, c'est du chinois pour moi. Si une âme charitable sait décrypter le mandarin 
Medyaye.
Bonjour,
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
- Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
- Afin de lancer la recherche, clic sur"Rechercher".
- Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
AIDE : Tuto en images sur MBAM
Répondre à Angeldark
Premièrement, merci pour la rapidité de l'aide !
J'ai tenté le téléchargement de Malwaresbytes via le lien proposé, cependant, le "virus" semble bloqué l'accès à tout ce qui touche à la sécurité informatique. J'ai donc téléchargé via mon nas sur le site de clubic.
Après l'avoir installé, je n'ai pus le mettre à jour : impossible de se connecter à tout site qui parle de sécurité informatique...
J'ai tout de même lancer le scan en mode sans échec, ci dessous, le log
Malwarebytes' Anti-Malware 1.27
Database version: 1127
Windows 5.1.2600 Service Pack 3
21/10/2008 22:52:20
mbam-log-2008-10-21 (22-52-12).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 123827
Time elapsed: 2 hour(s), 0 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\delself.bat (Malware.Trace) -> No action taken.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> No action taken.
J'ai effacer les fichiers, cependant, au redémarrage, les symptômes sont toujours là
Juste un petit mot pour préciser qu'avant de passer hijack this pour la première fois, j'ai procédé à plusieurs scan avast qui chaque fois a trouvé plusieurs "joyeusetés". Je les ai bien entendu effacés.
Message édité par medyaye le 22-10-2008 à 08:19:48
Bonjour ,
Télécharge le logiciel spybot et installe le .
Ensuite fais une analyse et supprime toutes les merdes , redémarre ton pc et sa devrait remarcher .
Cordialement ,
Bonjour idris821,
j'ai réalisé un scan avec spybot. Il a trouvé un paquet de saletés que je me suis empressé de supprimer. J'ai redémarré et là, problème : windows xp reste bloqué sur la page Bienvenu. Je procède à un reboot en mode sans échec. Je refais un scan avec spybot qui ne trouve rien... Je redémarre normalement: tout fonctionne. J'ai réussi à mettre à jour Avast!, Spybot, Malwarebytes et je peux de nouveau visiter les sites traitant de sécurité informatique.
Une question tout de même : comment être sur que mon pc est sain à 100% ? J'utilise mon pc pour tout un tas de choses sensibles (compte en banque, facture edf, eau, mobile...etc).
En tout cas, merci pour l'aide.
Message édité par medyaye le 22-10-2008 à 12:58:20
Merci de ne pas intervenir dans les désinfections idris, surtout pour dire ça.
Tu es certain d'avoir supprimer les infections ?
! Désactive tes protections résidentes (antivirus, Spybot-S&D, etc.) !
- Télécharge ComboFix (sUBs) sur ton Bureau.
- Double clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
- Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\combofix.txt*) dans ta prochaine réponse.
AIDE : Un guide et un tutoriel sur l'utilisation de ComboFix
* le nom de la partition peut changer
Répondre à Angeldark
Bonjour Angeldark.
Vu les doutes que j'exprime dans mon post précédent, non, je ne suis pas sur d'avoir procédé à une désinfection totale. Toujours est-il que les symptômes les plus génants ont été éradiqués. Malgré cela, comme j'ai pu mettre à jour Mlawarebytes, j'ai redémarré en mode sans échec et procédé à un nouveau scan... 5 infections détectées...
Ci-dessous, le log :
Malwarebytes' Anti-Malware 1.29
Database version: 1305
Windows 5.1.2600 Service Pack 3
22/10/2008 17:10:24
mbam-log-2008-10-22 (17-10-16).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 124436
Time elapsed: 2 hour(s), 1 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows\system32\ -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ (Trojan.Agent) -> No action taken.
Je continue néanmoins de suivre ton conseil avec Combofix.
Je posterais le résultats.
ComboFix 08-10-21.05 - Mehdi 2008-10-22 17:37:46.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.654 [GMT 2:00]
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\dao350.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drivers\TDSSpqxt.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 17:12 . 2008-10-22 17:12 77,824 --a------ C:\WINDOWS\system32\TDSSnrsr.dll
2008-10-22 17:12 . 2008-10-22 17:12 31,232 --a------ C:\WINDOWS\system32\TDSSosvd.dll
2008-10-22 17:12 . 2008-10-22 17:12 30,720 --a------ C:\WINDOWS\system32\TDSSsbhc.dll
2008-10-22 17:12 . 2008-10-22 17:12 29,696 --a------ C:\WINDOWS\system32\TDSSofxh.dll
2008-10-22 17:12 . 2008-10-22 17:12 2,748 --a------ C:\WINDOWS\system32\TDSScfum.dll
2008-10-22 17:12 . 2008-10-22 17:12 164 --a------ C:\WINDOWS\system32\TDSSpaxt.dat
2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-10-22 11:26 . 2008-10-22 17:12 36,864 --a------ C:\WINDOWS\system32\TDSSosvn.dll
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-10-20 20:27 . 2008-10-21 22:55 77,824 --a------ C:\WINDOWS\system32\TDSSxfum.dll
2008-10-20 20:27 . 2008-10-21 22:55 31,232 --a------ C:\WINDOWS\system32\TDSSriqp.dll
2008-10-20 20:27 . 2008-10-21 22:55 30,720 --a------ C:\WINDOWS\system32\TDSSrhym.dll
2008-10-20 20:27 . 2008-10-21 22:55 29,696 --a------ C:\WINDOWS\system32\TDSSbrsr.dll
2008-10-20 20:27 . 2008-10-21 22:55 3,530 --a------ C:\WINDOWS\system32\TDSSlxwp.dll
2008-10-20 20:26 . 2008-10-21 22:55 60,416 --a------ C:\WINDOWS\system32\drivers\TDSSmhlt.sys
2008-10-20 20:26 . 2008-10-21 22:55 36,864 --a------ C:\WINDOWS\system32\TDSSoiqh.dll
2008-10-20 20:26 . 2008-10-21 22:55 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
2008-10-17 18:27 --------- d-----w C:\Program Files\PokerStars
2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
2008-09-08 18:02 --------- d-----w C:\Program Files\Google
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-24 09:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-08-22 19:38 --------- d-----w C:\Program Files\Fichiers communs\Remote Control Software Common
2008-08-22 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 19:37 --------- d-----w C:\Program Files\Logitech
2008-08-22 19:37 --------- d-----w C:\Program Files\Fichiers communs\Remote Control USB Driver
2008-08-22 19:36 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\InstallShield
2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmhlt.sys]
@="driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\DOCUME~1\Mehdi\APPLIC~1\Mozilla\Firefox\Profiles\8x5myw7c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?source=fhig
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Fichiers communs\ParallelGraphics\Cortona\npCortona.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 17:41:44
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDSSserv.sys)]
"imagepath"="\systemroot\system32\drivers\TDSSpqxt.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
.
**************************************************************************
.
Heure de fin: 2008-10-22 17:45:17 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-10-22 15:45:12
Avant-CF: 10,575,695,872 octets libres
Après-CF: 10,576,814,080 octets libres
254 --- E O F --- 2008-10-16 18:13:59
| Citation : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\ -> No action taken. |
Tu es certain de bien supprimé ?
Répondre à Angeldark
J'ai relanc malwarebytes qui a retrouvé des infections. La suppression a cette fois ci bien fonctionné.
Dois-je faire autre chose maintenant ?
Malwarebytes' Anti-Malware 1.29
Database version: 1305
Windows 5.1.2600 Service Pack 3
22/10/2008 20:00:26
mbam-log-2008-10-22 (20-00-26).txt
Scan type: Full Scan (C:\|D:\|)
Objects scanned: 124571
Time elapsed: 2 hour(s), 1 minute(s), 23 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 17
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\TDSSlxwp.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSbrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSScfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSfxmp.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnmxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSnrsr.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSofxh.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSoiqh.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSosvd.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSosvn.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSrhym.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSriqp.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSsbhc.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSStkdv.log (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSxfum.dll (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\TDSSmhlt.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
Message édité par medyaye le 22-10-2008 à 20:11:37
Refais un scan Combofix 
Répondre à Angeldark
Combifix lancé en mode sans échec :
ComboFix 08-10-21.05 - Administrateur 2008-10-22 21:18:24.2 - NTFSx86 MINIMAL
Lancé depuis: C:\Documents and Settings\All Users\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mehdi\Local Settings\Temporary Internet Files\
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 17:12 . 2008-10-22 17:12 164 --a------ C:\WINDOWS\system32\TDSSpaxt.dat
2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-10-20 20:26 . 2008-10-21 22:55 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
2008-10-17 18:27 --------- d-----w C:\Program Files\PokerStars
2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-09-11 21:14 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
2008-09-08 18:02 --------- d-----w C:\Program Files\Google
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-24 09:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-22 19:38 --------- d-----w C:\Program Files\Fichiers communs\Remote Control Software Common
2008-08-22 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 19:37 --------- d-----w C:\Program Files\Logitech
2008-08-22 19:37 --------- d-----w C:\Program Files\Fichiers communs\Remote Control USB Driver
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-07-26 10:01 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmhlt.sys]
@="driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
S2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
S2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
S2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
S2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
S2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
.
Contenu du dossier 'Tâches planifiées'
2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = hxxp://global.acer.com
R0 -: HKLM-Main,Start Page = hxxp://www.google.com
O18 -: WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
O18 -: WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - C:\Program Files\Microsoft ActiveSync\cenetflt.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 21:20:53
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys)]
"imagepath"="\systemroot\system32\drivers\TDSSpqxt.sys"
.
Heure de fin: 2008-10-22 21:22:25
ComboFix-quarantined-files.txt 2008-10-22 19:22:19
ComboFix2.txt 2008-10-22 15:45:18
Avant-CF: 11 667 566 592 octets libres
Après-CF: 11,651,588,096 octets libres
212 --- E O F --- 2008-10-16 18:13:59
Message édité par medyaye le 22-10-2008 à 21:26:53
Combifix lancé en mode normal
ComboFix 08-10-21.05 - Mehdi 2008-10-22 21:29:07.3 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.564 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\All Users\Bureau\ComboFix.exe
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-22 au 2008-10-22 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 17:12 . 2008-10-22 17:12 164 --a------ C:\WINDOWS\system32\TDSSpaxt.dat
2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-10-20 20:26 . 2008-10-21 22:55 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
2008-10-17 18:27 --------- d-----w C:\Program Files\PokerStars
2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-09-11 21:14 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
2008-09-08 18:02 --------- d-----w C:\Program Files\Google
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-24 09:30 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-22 19:38 --------- d-----w C:\Program Files\Fichiers communs\Remote Control Software Common
2008-08-22 19:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-22 19:37 --------- d-----w C:\Program Files\Logitech
2008-08-22 19:37 --------- d-----w C:\Program Files\Fichiers communs\Remote Control USB Driver
2008-08-22 19:36 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\InstallShield
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-07-26 10:01 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-22_17.44.49.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-22 19:24:00 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_f0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSmhlt.sys]
@="driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
.
Contenu du dossier 'Tâches planifiées'
2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?source=fhig
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Fichiers communs\ParallelGraphics\Cortona\npCortona.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-22 21:30:33
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv.sys)]
"imagepath"="\systemroot\system32\drivers\TDSSpqxt.sys"
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
Heure de fin: 2008-10-22 21:31:54
ComboFix-quarantined-files.txt 2008-10-22 19:31:50
ComboFix2.txt 2008-10-22 19:22:26
ComboFix3.txt 2008-10-22 15:45:18
Avant-CF: 10 578 812 928 octets libres
Après-CF: 10,568,232,960 octets libres
232 --- E O F --- 2008-10-16 18:13:59
Par contre, Avast ne se lance plus au démarrage...
Supprime ta version de Combofix, retélécharge-la puis refais un scan.
Répondre à Angeldark
ComboFix 08-10-22.05 - Mehdi 2008-10-23 18:37:55.4 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.599 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Mehdi\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_TDSSserv.sys)
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 17:12 . 2008-10-22 17:12 164 --a------ C:\WINDOWS\system32\TDSSpaxt.dat
2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-10-20 20:26 . 2008-10-21 22:55 164 --a------ C:\WINDOWS\system32\TDSSosvd.dat
2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 19:44 --------- d-----w C:\Program Files\PokerStars
2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
2008-09-08 18:02 --------- d-----w C:\Program Files\Google
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-24 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-22_17.44.49.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 16:41:06 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_f0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
.
Contenu du dossier 'Tâches planifiées'
2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHELINS SUPPRIMES - - - -
SafeBoot-TDSSmhlt.sys
.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ig?source=fhig
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Fichiers communs\ParallelGraphics\Cortona\npCortona.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
FF -: plugin - C:\Program Files\Picasa2\npPicasa2.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 18:41:45
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: C:\WINDOWS\explorer.exe
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Heure de fin: 2008-10-23 18:45:11 - La machine a redémarré [Mehdi]
ComboFix-quarantined-files.txt 2008-10-23 16:45:06
ComboFix2.txt 2008-10-22 19:31:55
ComboFix3.txt 2008-10-22 19:22:26
ComboFix4.txt 2008-10-22 15:45:18
Avant-CF: 10 541 330 432 octets libres
Après-CF: 10,568,691,712 octets libres
241 --- E O F --- 2008-10-16 18:13:59
Re,
Sélectionne l'intégralité du cadre ci-dessous :
http://www.infos-du-net.com/forum/283030-11-avast-impossible-redirection-internet-aleatoire-hijack Collect::[4] |
- Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
- Enregistre le sous sur ton bureau sous le nom de CFScript.txt
- Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :
- Cela va relancer Combofix.
- ComboFix créera ces fichiers sur ton Bureau :
- Un fichier zippé nommé Submit [Date Time].zip
- Un second fichier nommé - CF-Submit.htm
- ComboFix peut exiger un redémarrage pour compléter son travail. Accepte.
- Lorsque l'outil aura terminé, un rapport ComboFix.log apparaîtra à l'écran.
- Une nouvelle fenêtre avec invite "Submit Files for further analysis" s'ouvrira. Clique "OK"
- Ton navigateur se lancera automatiquement avec le fichier CF-Submit.htm et une fenêtre s'ouvrira :
- Clique sur le bouton "Browse"("Parcourir" ) et navigue vers le fichier
Submit [Date Time].zip qui est sur ton Bureau.
- Clique sur le fichier afin de le sélectionner.
- Soumets le fichier en cliquant "OK"
- Lorsque cette opération sera complétée, tu peux supprimer ces deux fichiers qui se trouvent sur ton Bureau.
Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
Message édité par Angeldark le 23-10-2008 à 18:57:05
Répondre à Angeldark
ComboFix 08-10-23.01 - Mehdi 2008-10-23 19:17:13.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.611 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Mehdi\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Mehdi\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\TDSSosvd.dat
C:\WINDOWS\system32\TDSSpaxt.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 19:44 --------- d-----w C:\Program Files\PokerStars
2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-09-11 21:14 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
2008-09-08 18:02 --------- d-----w C:\Program Files\Google
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-24 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-07-26 10:01 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-22_17.44.49.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 16:41:06 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_f0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 405583]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 2880512]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 319488]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 352256]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 78208]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 69632]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 4010]
S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 18432]
S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 18560]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 70272]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 33752]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 37248]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 30464]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 12672]
S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 217216]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 17792]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 19677]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'
2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 19:18:58
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-23 19:20:01
ComboFix-quarantined-files.txt 2008-10-23 17:19:51
ComboFix2.txt 2008-10-23 16:45:12
ComboFix3.txt 2008-10-22 19:31:55
ComboFix4.txt 2008-10-22 19:22:26
ComboFix5.txt 2008-10-23 17:11:51
Avant-CF: 10 496 995 328 octets libres
Après-CF: 10,483,220,480 octets libres
211 --- E O F --- 2008-10-16 18:13:59
Le fichier Submit(date du jour) a été envoyé avec succès
le log que je viens de poster est celui que j'ai sauvegardé manuellement après le scan de combofix. Dans le rep du Submit(date).zip (C:\Qoobox\) j'ai trouvé le combofix suivant.
ComboFix 08-10-23.01 - Mehdi 2008-10-23 19:17:13.5 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.611 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\Mehdi\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\Mehdi\Bureau\CFScript.txt
* Un nouveau point de restauration a été créé
[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\TDSSosvd.dat
C:\WINDOWS\system32\TDSSpaxt.dat
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-23 au 2008-10-23 ))))))))))))))))))))))))))))))))))))
.
2008-10-22 11:28 . 2008-10-22 12:42 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-22 11:28 . 2008-10-22 17:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-10-21 20:50 . 2005-03-31 00:29 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-10-21 20:50 . 2005-03-31 00:29 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-10-21 20:50 . 2005-03-31 00:44 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-10-21 20:50 . 2008-10-22 17:10 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-10-21 20:50 . 2008-10-21 20:50 <REP> d-------- C:\Documents and Settings\Administrateur
2008-10-21 20:44 . 2008-10-22 12:49 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\Mehdi\Application Data\Malwarebytes
2008-10-21 20:44 . 2008-10-21 20:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-21 20:44 . 2008-10-16 20:25 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-21 20:44 . 2008-10-16 20:25 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-21 17:44 . 2008-10-21 17:44 <REP> d-------- C:\Program Files\Trend Micro
2008-10-17 19:27 . 2008-10-17 19:27 <REP> d-------- C:\Program Files\Apple Software Update
2008-10-17 19:26 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iPod
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Program Files\iTunes
2008-10-17 19:25 . 2008-10-17 19:26 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-17 19:24 . 2008-10-17 19:24 <REP> d-------- C:\Program Files\Bonjour
2008-10-16 16:12 . 2008-08-14 15:23 2,191,232 --------- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,147,328 --------- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,068,096 --------- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:12 . 2008-08-14 15:23 2,025,984 --------- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-16 13:55 . 2008-09-15 17:26 1,846,528 --------- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 09:54 . 2008-09-08 12:41 333,824 --------- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Program Files\NOS
2008-10-15 19:00 . 2008-10-15 19:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-09-26 06:38 . 2008-09-26 06:38 8,840 --a------ C:\WINDOWS\SEC1175.PNF
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\fr
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\system32\bits
2008-09-26 06:34 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\l2schemas
2008-09-26 06:31 . 2008-09-26 06:34 <REP> d-------- C:\WINDOWS\ServicePackFiles
2008-09-26 06:27 . 2008-09-26 06:27 2,948 --a------ C:\WINDOWS\SEC23.PNF
2008-09-26 06:21 . 2008-09-26 06:21 <REP> d-------- C:\WINDOWS\EHome
2008-09-25 09:29 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-09-25 09:29 . 2004-08-03 22:41 685,056 --------- C:\WINDOWS\system32\drivers\hsfcxts2.sys
2008-09-25 09:29 . 2004-08-03 22:41 220,032 --------- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
2008-09-25 09:29 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-22 19:44 --------- d-----w C:\Program Files\PokerStars
2008-10-22 11:03 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\FileZilla
2008-10-20 22:16 --------- d-----w C:\Program Files\DAEMON Tools
2008-10-17 17:23 --------- d-----w C:\Program Files\Fichiers communs\Apple
2008-10-14 16:24 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\AdobeUM
2008-10-14 11:58 --------- d-----w C:\Documents and Settings\Mehdi\Application Data\Azureus
2008-10-03 17:12 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2008-10-03 17:12 --------- d-----w C:\Program Files\FileZilla Client
2008-09-19 14:00 --------- d-----w C:\Program Files\KC Softwares
2008-09-19 13:54 --------- d-----w C:\Program Files\Gspot
2008-09-17 04:40 --------- d-----w C:\Program Files\Micro Application
2008-09-17 04:38 --------- d-----w C:\Program Files\Room Arranger
2008-09-15 15:26 1,846,528 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-13 07:45 --------- d-----w C:\Program Files\QuickSFV
2008-09-12 05:34 --------- d-----w C:\Program Files\Synology Download Redirector
2008-09-11 21:14 94,272 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-09-11 21:14 37,888 ----a-w C:\WINDOWS\system32\setupnt.dll
2008-09-09 11:10 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-09-08 22:18 --------- d-----w C:\Program Files\Picasa2
2008-09-08 18:02 --------- d-----w C:\Program Files\Google
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-09-04 11:14 --------- d-----w C:\Program Files\ParallelGraphics
2008-09-04 11:14 --------- d-----w C:\Program Files\Fichiers communs\ParallelGraphics
2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-24 09:33 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-24 09:33 --------- d-----w C:\Program Files\Windows Live
2008-08-24 09:32 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-08-24 09:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-08-14 13:23 2,191,232 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 13:23 2,068,096 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-08-14 10:04 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-07-26 10:01 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-06-23 09:43 214 ----a-w C:\Documents and Settings\Mehdi\Application Data\wklnhst.dat
.
((((((((((((((((((((((((((((( snapshot@2008-10-22_17.44.49.89 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-23 16:41:06 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_f0.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:33 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 04:34 1695232]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-19 15:18 405583]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 03:18 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 12:16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-07 20:36 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-07 20:32 126976]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 19:26 82009]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 17:07 729177]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 19:59 49152]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 06:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 06:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 06:00 455168]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-08 22:05 339968]
"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 19:04 188416]
"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 10:13 2880512]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-09-05 12:43 319488]
"eRecoveryService"="C:\Program Files\Acer\eRecovery\Monitor.exe" [2005-06-29 18:26 352256]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 13:37 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 12:41 602182]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48 157592]
"QuickTime Task"="C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" [2008-09-06 15:09 413696]
"AppleSyncNotifier"="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 12:57 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-10-01 18:57 289576]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-06-08 13:31 29696 C:\WINDOWS\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 04:33 15360]
C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2005-12-30 01:36:34 581632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"=
"C:\\Program Files\\Vuze\\Azureus.exe"=
"C:\\Program Files\\HomePlayer\\HomePlayer.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Synology Assistant\\DSAssistant.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\Synology Download Redirector\\Redirector.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Alwil Software\\Avast4\\ashAvast.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37 20560]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 14:10 4096]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 17:54 78208]
R2 int15.sys;int15.sys;C:\Program Files\Acer\eRecovery\int15.sys [2005-01-13 15:46 69632]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 17:58 7296]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 16:57 4010]
S2 CYUSB;Cypress Generic USB Driver;C:\WINDOWS\system32\DRIVERS\CyUsb.sys [ ]
S2 EZUSBDEV;Cypress General Purpose USB Driver w/ Keil Monitor (ezmon.sys);C:\WINDOWS\system32\Drivers\ezmon.sys [ ]
S3 DTT200U;DTT200U DVB-T USB receiver Driver;C:\WINDOWS\system32\Drivers\DTT200U.sys [2004-09-06 14:40 18432]
S3 DTT200ULD;DTT200U DVB-T USB receiver firmware loader;C:\WINDOWS\system32\Drivers\DTT200ULD.sys [2004-12-15 05:42 18560]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;C:\WINDOWS\system32\Drivers\M9205.sys [2005-10-14 12:36 70272]
S3 getPlus(R) Helper;getPlus(R) Helper;C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2008-08-29 10:00 33752]
S3 M9207;DTV-DVB M9207 USB DVB-T / TV BOX;C:\WINDOWS\system32\DRIVERS\M9207BDA.sys [2005-10-14 12:34 37248]
S3 ST330;ST330;C:\WINDOWS\system32\drivers\st330.sys [2007-03-17 11:55 30464]
S3 STBUS;STBUS;C:\WINDOWS\system32\drivers\stbus.sys [2007-03-17 11:55 12672]
S3 USB28xxBGA;PCTV Hybrid Pro* Stick;C:\WINDOWS\system32\DRIVERS\emBDA.sys [2006-02-08 14:12 217216]
S3 USB28xxOEM;USB 28xx OEM Filter;C:\WINDOWS\system32\DRIVERS\emOEM.sys [2006-02-08 14:12 17792]
S3 xbreader;ActionReplay XBox Driver (xbreader.sys);C:\WINDOWS\system32\Drivers\xbreader.sys [2001-01-02 23:53 19677]
*Newly Created Service* - CATCHME
.
Contenu du dossier 'Tâches planifiées'
2008-10-17 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-23 19:18:58
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
Heure de fin: 2008-10-23 19:20:01
ComboFix-quarantined-files.txt 2008-10-23 17:19:51
ComboFix2.txt 2008-10-23 16:45:12
ComboFix3.txt 2008-10-22 19:31:55
ComboFix4.txt 2008-10-22 19:22:26
ComboFix5.txt 2008-10-23 17:11:51
Avant-CF: 10 496 995 328 octets libres
Après-CF: 10,483,220,480 octets libres
211 --- E O F --- 2008-10-16 18:13:59
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:58:14, on 23/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6215199071
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 3561321093
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.ado [...] nos/gp.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)
--
End of file - 10390 bytes
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Répondre à Angeldark
Avira AntiVir Personal
Report file date: jeudi 23 octobre 2008 21:37
Scanning for 1705737 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: LAPTOPMEDYAYE
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 16/10/2008 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.7.59 4366336 Bytes 19/10/2008 19:35:52
ANTIVIR3.VDF : 7.0.7.80 166400 Bytes 23/10/2008 19:35:54
Engineversion : 8.2.0.7
AEVDF.DLL : 8.1.0.6 102772 Bytes 23/10/2008 19:36:16
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 23/10/2008 19:36:14
AESCN.DLL : 8.1.1.3 123252 Bytes 23/10/2008 19:36:13
AERDL.DLL : 8.1.1.2 438644 Bytes 23/10/2008 19:36:12
AEPACK.DLL : 8.1.2.4 369014 Bytes 23/10/2008 19:36:09
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 23/10/2008 19:36:07
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 23/10/2008 19:36:06
AEHELP.DLL : 8.1.1.2 115062 Bytes 23/10/2008 19:36:01
AEGEN.DLL : 8.1.0.41 319861 Bytes 23/10/2008 19:36:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 23/10/2008 19:35:58
AECORE.DLL : 8.1.2.7 172407 Bytes 23/10/2008 19:35:56
AEBB.DLL : 8.1.0.3 53618 Bytes 23/10/2008 19:35:55
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 23/10/2008 19:35:54
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 23 octobre 2008 21:37
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.exe' - '1' Module(s) have been scanned
Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
Scan process 'KEM.exe' - '1' Module(s) have been scanned
Scan process 'PicasaMediaDetector.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned
Scan process 'EPM-DM.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'MA_CMIDI_Inst.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'anbmServ.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
49 processes with 49 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '88' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\TDSSpqxt.sys.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.ats back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0120794.exe
[DETECTION] Is the TR/Small.bbc Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0120798.sys
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.ats back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121955.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121957.dll
[DETECTION] Is the TR/FakeAV.1.Gen.67 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121958.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.adb back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121959.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acx back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121960.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121961.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acx back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121963.dll
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.acs back-door program
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121965.dll
[DETECTION] Is the TR/FakeAV.1.Gen.67 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP418\A0121966.sys
[DETECTION] Contains a recognition pattern of the (harmful) BDS/TDSS.ats back-door program
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <ACERDATA>
D:\Ma musique\Musiquita del Verano 2005. By Edu Dj. Discoteca Monasterio Avda. de Brasil (madrid)pachanga, bisbal, shakira, juanes, don omar, sps, todos los exitos.ace
[0] Archive type: ACE
--> Musiquita del Verano 2005. By Edu Dj. Discoteca Monasterio Avda. de Brasil (madrid)\Cd2\04 - Pilar Montenegro - Tomalo Suave (Spanish edit).MP3
[WARNING] No further files can be extracted from this archive. The archive will be closed
End of the scan: jeudi 23 octobre 2008 22:38
Used time: 1:01:22 Hour(s)
The scan has been done completely.
7391 Scanning directories
423696 Files were scanned
12 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
12 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
423681 Files not concerned
8582 Archives were scanned
4 Warnings
12 Notes
J'ai relancé un nouveau scan, aucune infection détecté. Cependant, j'ai toujours des doutes...
Reposte un rapport Hijackthis. Pourquoi tu as des doutes ?
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:25:15, on 24/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\eManager\anbmServ.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Arcade\PCMService.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\acer\epm\epm-dm.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\KEM.exe
C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/window [...] 6215199071
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mi [...] 3561321093
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.ado [...] nos/gp.cab
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe
O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE (file missing)
--
End of file - 10328 bytes
J'ai des doutes parceque je ne maîtrise aucune des étapes de la désinfection... Je suis plutôt des gens qui essaient de comprendre ce qu'il font.
Toujours est-il que cela ne me soustrait pas aux remerciements qui te sont, largement, dus :-).
C'est apparemment propre 
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Tuto sur le scan en ligne
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Répondre à Angeldark
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, October 24, 2008 10:59:02 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 3 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 24/10/2008
Enregistrements dans la base antivirus Kaspersky : 1202661
-------------------------------------------------------------------------------
Paramètres d'analyse:
Analyser avec la base antivirus suivante: standard
Analyser les archives: vrai
Analyser les bases de messagerie: vrai
Cible de l'analyse - Poste de travail:
C:\
D:\
E:\
H:\
K:\
Statistiques de l'analyse:
Total d'objets analysés: 87132
Nombre de virus trouvés: 0
Nombre d'objets infectés: 0 / 0
Nombre d'objets suspects: 0
Durée de l'analyse: 01:30:23
Nom de l'objet infecté / Nom du virus / Dernière action
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\cert8.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\content-prefs.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\cookies.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\downloads.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\formhistory.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\key3.db L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\parent.lock L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\permissions.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\places.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\places.sqlite-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\search.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\webappsstore.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\Cache\_CACHE_001_ L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\Cache\_CACHE_002_ L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\Cache\_CACHE_003_ L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\Cache\_CACHE_MAP_ L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\OfflineCache\index.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Application Data\Mozilla\Firefox\Profiles\8x5myw7c.default\urlclassifier3.sqlite L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Historique\History.IE5\MSHist012008102420081025\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\temp\etilqs_lv1gVnYWXIgAMEGFEh81 L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\temp\etilqs_ro5MfWI9gXbWWID3MQ2e L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\temp\etilqs_ro5MfWI9gXbWWID3MQ2e-journal L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\Mehdi\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\System Volume Information\_restore{188E40F0-ED0E-4229-A9C6-C6CA03F40F1B}\RP422\change.log L'objet est verrouillé ignoré
C:\WINDOWS\$_hpcst$.hpc L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\DEFAULT L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SOFTWARE L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SYSTEM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
Analyse terminée.
C'est clean.
Répondre à Angeldark
Merki !
Je m'en vais installer antivir sur les autres pc de mon réseau :-)
Bon surf
Répondre à Angeldark
Il y a 1979 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
