Comment faire pour desinfecter mon Pc de AMVO.exe?

[metabolis]

Bonjour a tous

J'ai un problème avec mon Pc sous WinXP Pro (Antivirus Norton corporate).

Et j’ai suivi ces directives (celles de Gof sur un autre poste)

~~~~

Télécharge Flashdisinfector de sUBs sur ton bureau.

Branche tes supports amovibles, démarre les (disques dur externes par exemple) pour ceux qui le devraient.

Double-clique sur Flash_Disinfector.exe.

Cela sera très rapide, un message t'informera de la fin du fix.

Attention, celui-ci stoppe le processus explorer.exe puis le redémarre, prends soin de ne pas laisser de documents (word, excel) sur lesquels tu travailles ouvert à ce moment la.

Si tu as beaucoup de clés à désinfecter, tu peux renouveler l'opération en branchant les clés non traitées une à une.

 

Télécharge combofix.exe (par sUBs) et sauvegarde le sur ton bureau.

Double-clique combofix.exe afin de l'exécuter et suis les instructions.

Lorsque l'analyse sera complétée, un rapport apparaîtra.

Copie-colle ce rapport dans ta prochaine réponse.

~~~~

et voila le rapport:

ComboFix 08-01-30.1 - admin 2008-01-30 17:48:52.1 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.186 [GMT 0:00]

Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

ADS - system32: deleted 3584 bytes in 1 streams.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\Documents and Settings\admin\new.txt

C:\WINDOWS\system32\amvo1.dll

D:\Autorun.inf . . . . Echec de suppression

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

 

.

-------\NPF

 

 

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))

.

 

2008-01-30 17:28 . 2008-01-30 17:28 104,044 -r-hs---- C:\h.cmd

2008-01-30 09:48 . 2008-01-30 09:48 3,320 --a------ C:\WINDOWS\desctemp.dat

2008-01-29 19:24 . 2008-01-30 09:23 103,683 -r-hs---- C:\ylr.exe

2008-01-22 18:08 . 2008-01-28 16:43 <REP> d-------- C:\Program Files\SopCast

2008-01-22 18:08 . 2008-01-22 18:55 <REP> d-------- C:\Documents and Settings\admin\Application Data\SopCast

2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Program Files\TVUPlayer

2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks

2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\admin\Application Data\TVU networks

2008-01-22 16:00 . 2008-01-22 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-01-22 15:59 . 2008-01-22 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared

2008-01-22 10:19 . 2008-01-22 10:19 <REP> d-------- C:\UniScan

2008-01-21 17:16 . 2008-01-21 17:16 <REP> d-------- C:\Documents and Settings\admin\Application Data\TransMemory_Secure

2008-01-19 11:02 . 2008-01-19 11:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-19 11:02 . 2008-01-19 11:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-15 10:25 . 2008-01-15 10:25 <REP> d-------- C:\Program Files\ProgDVB

2008-01-12 16:40 . 2008-01-12 16:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft

2008-01-11 17:40 . 2008-01-11 17:40 <REP> d-------- C:\Mixesoft

2008-01-10 12:01 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\admin\Application Data\Webcammax

2008-01-10 12:00 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webcammax

2008-01-10 11:57 . 2008-01-10 12:00 <REP> d-------- C:\Program Files\WebcamMax

2008-01-09 11:18 . 2008-01-09 11:18 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll

2008-01-09 11:18 . 2008-01-09 11:18 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll

2008-01-09 11:18 . 2008-01-09 11:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm

2008-01-09 11:18 . 2008-01-09 11:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2008-01-09 11:16 . 2008-01-09 11:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2008-01-09 11:16 . 2008-01-09 11:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll

2008-01-09 11:16 . 2008-01-09 11:16 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll

2008-01-09 11:16 . 2008-01-09 11:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest

2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest

2008-01-05 11:31 . 2008-01-05 11:31 0 --a------ C:\WINDOWS\vpc32.INI

2008-01-05 11:16 . <REP> C:\Documents and Settings\LocalService\Application Data\Dossier de t‚l‚chargement Share-to-Web

2008-01-05 10:59 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-05 10:59 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-01-05 10:58 . 2008-01-30 17:28 <REP> d-------- C:\Program Files\Symantec AntiVirus

2008-01-05 10:58 . 2008-01-05 10:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-05 09:08 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared

2008-01-04 17:04 . 2008-01-05 17:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\FileZilla

2008-01-04 17:03 . 2008-01-04 19:14 <REP> d-------- C:\Program Files\FileZilla Client

2007-12-31 09:44 . 2008-01-29 18:26 155 --a------ C:\WINDOWS\winamp.ini

2007-12-27 18:17 . 2007-12-31 11:14 <REP> d-------- C:\Program Files\Florikey V4.5 Beta

2007-12-26 18:55 . 2007-12-29 10:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis

2007-12-26 18:37 . 2007-12-26 18:52 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys

2007-12-26 18:37 . 2007-12-26 18:37 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys

2007-12-26 18:37 . 2007-12-26 18:52 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys

2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Fichiers communs\Acronis

2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Acronis

2007-12-26 17:07 . 2007-12-26 17:07 <REP> d-------- C:\Program Files\Windows Doctor

2007-12-25 17:07 . 2007-12-25 17:07 <REP> d-------- C:\Documents and Settings\admin\Application Data\Uniblue

2007-12-25 10:57 . 2007-12-25 10:58 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2007-12-11 19:44 . 2007-12-11 19:44 593,920 --a--c--- C:\WINDOWS\system32\dpuGUI11.dll

2007-12-11 19:44 . 2007-12-11 19:44 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll

2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu11.dll

2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu10.dll

2007-12-11 19:44 . 2007-12-11 19:44 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-12-11 19:44 . 2007-12-11 19:44 57,344 --a--c--- C:\WINDOWS\system32\dpv11.dll

2007-12-11 19:44 . 2007-12-11 19:44 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll

2007-12-11 19:43 . 2007-12-11 19:43 12,288 --a--c--- C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-11 19:43 . 2007-12-11 19:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm

2007-12-11 19:43 . 2007-12-11 19:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm

2007-12-06 18:40 . 2007-12-06 18:40 <REP> d-------- C:\Program Files\MP3 Splitter & Joiner

2007-12-04 10:20 . 2007-12-04 10:20 <REP> d--hs---- C:\Diskeeper

2007-12-03 18:37 . 2007-12-03 18:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Program Files\X-Tool 1.0.0

2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

2007-12-01 15:07 . 2007-12-01 15:07 268 --ah----- C:\sqmdata11.sqm

2007-12-01 15:07 . 2007-12-01 15:07 244 --ah----- C:\sqmnoopt11.sqm

2007-12-01 09:02 . 2007-12-01 09:02 268 --ah----- C:\sqmdata10.sqm

2007-12-01 09:02 . 2007-12-01 09:02 244 --ah----- C:\sqmnoopt10.sqm

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-30 09:09 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus

2008-01-26 11:21 --------- d-----w C:\Program Files\DivX

2008-01-24 11:06 3,781 ----a-w C:\WINDOWS\E220AutoRunLog.tmp

2008-01-22 16:54 --------- d-----w C:\Documents and Settings\admin\Application Data\U3

2008-01-22 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-01-12 10:02 --------- d-----w C:\Program Files\Locate

2008-01-10 09:28 --------- d-----w C:\Program Files\eMule

2008-01-05 11:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Dossier de téléchargement Share-to-Web

2008-01-05 11:11 --------- d-----w C:\Program Files\MSN Messenger

2008-01-05 11:10 --------- d-----w C:\Program Files\QuickTime

2008-01-05 11:00 --------- d-----w C:\Program Files\Symantec

2007-12-31 09:44 --------- d-----w C:\Program Files\Winamp

2007-12-07 16:44 --------- d-----w C:\Program Files\CCleaner

2007-12-04 11:26 --------- d-----w C:\Program Files\CodeRouteMarocMP3

2007-12-03 18:45 --------- d-----w C:\Program Files\Google

2007-11-24 16:30 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-11-24 16:30 290,816 ------w C:\WINDOWS\Setup1.exe

2007-10-29 11:36 88,576 -c-ha-w C:\Documents and Settings\admin\Application Data\rbap550.dll

2007-10-29 11:36 73,728 -c-ha-w C:\Documents and Settings\admin\Application Data\RBRegEx550.dll

2007-10-29 11:36 38,912 -c-ha-w C:\Documents and Settings\admin\Application Data\RBShell550.dll

2007-10-29 11:36 29,184 -c-ha-w C:\Documents and Settings\admin\Application Data\RBInternetEncodings550.dll

2007-10-29 11:36 1,166,772 -c-ha-w C:\Documents and Settings\admin\Application Data\RBXML550.dll

2007-10-29 11:36 1,001,472 -c-ha-w C:\Documents and Settings\admin\Application Data\RBScript550.dll

2007-03-05 19:36 47,360 -c--a-w C:\Documents and Settings\admin\Application Data\pcouffin.sys

2006-11-10 19:19 8 --sh--r C:\WINDOWS\system32\9C8C5F520D.sys

2006-11-10 19:22 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952]

"combofix"="C:\ComboFix\kmd.exe" [2004-08-05 12:00 400896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]

"Userinit"="Userinit.exe"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]

backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]

backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

--a------ 2007-02-16 18:49 149024 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

--a------ 2007-02-17 17:34 1965736 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-09-11 00:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

C:\WINDOWS\system32\amvo.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-10-23 14:18 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2K]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2005-04-08 15:52 48752 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-05 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

--a------ 2005-02-01 19:28 1469952 C:\Program Files\DU Meter\DUMeter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

--a------ 2007-10-11 03:15 802816 C:\Program Files\Internet Download Manager\IDMan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2005-08-31 20:27 1658592 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a--c--- 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a--c--- 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a--c--- 2007-01-20 07:09 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-07-07 15:25 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-11-23 16:32 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

--a------ 2007-02-17 17:30 1190064 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows]

--a------ 2004-08-05 12:00 33792 C:\WINDOWS\system32\rundll32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WinDefend"=2 (0x2)

"usnjsvc"=3 (0x3)

"SM_clp300_FUService"=3 (0x3)

"ose"=3 (0x3)

"IDriverT"=3 (0x3)

"Diskeeper"=2 (0x2)

"SmcService"=2 (0x2)

"ServiceLayer"=3 (0x3)

"iPod Service"=3 (0x3)

"cpextender"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"NMIndexingService"=3 (0x3)

"gusvc"=2 (0x2)

"WLSetupSvc"=3 (0x3)

"idsvc"=3 (0x3)

"SavRoam"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"AdobeActiveFileMonitor6.0"=2 (0x2)

"AcrSch2Svc"=2 (0x2)

 

R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-01-11 05:39]

R2 FLYCAM;FlyCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\flycam.sys [2006-01-12 02:29]

S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys []

S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS []

S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;C:\Program Files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS []

S3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2005-02-10 13:26]

S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]

S4 CameraServer;CameraServer;C:\Program Files\Eyemail Technology Inc\CameraServer.exe [2006-01-12 02:52]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53427bce-b3a3-11db-aa3e-101111111111}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856875e2-bf68-11db-aa48-101111111111}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2138f5c-c03b-11dc-a77e-54554344520d}]

\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-01-30 01:42:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-30 17:54:02

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\VPTray.exe

C:\Program Files\Symantec AntiVirus\DoScan.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-01-30 17:58:17 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-30 17:58:12

.

2008-01-09 09:06:43 --- E O F ---

 

Merci.

[angelique]

Tu as donc executé Flash_Disinfector.exe avec toutes tes periphs USB infectés connectées??????

 

On va commencer comme ça ;o)

 

1/ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\Setup1.exe
C:\ylr.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

* Une fenêtre bleue va apparaitre: au message qui apparait ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

 

2/Télécharger cette version d'HijackThis ( http://www.merijn.org/files/hijackthis.zip )

Créer un "nouveau dossier" dédié à hijackthis en c:\ nommé HJT, dezipper hijackthis.zip dans ce repertoire , tu obtiens donc c:\HJT\HijackThis.exe

-le lancer " do a system scan & save log file "pour obtenir un rapport.txt(c:\HijackThis.txt)afin de le poster

[metabolis]

C'est fait et voila les rapports

ComboFix:

ComboFix 08-01-30.1 - admin 2008-01-30 19:29:59.2 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.148 [GMT 0:00]

Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE

C:\WINDOWS\Setup1.exe

C:\ylr.exe

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\ylr.exe

C:\Autorun.inf . . . . Echec de suppression

C:\WINDOWS\Setup1.exe

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo0.dll

C:\WINDOWS\system32\amvo1.dll

C:\ylr.exe

D:\Autorun.inf . . . . Echec de suppression

C:\Autorun.inf . . . . Echec de suppression

D:\Autorun.inf . . . . Echec de suppression

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-30 ))))))))))))))))))))))))))))))))))))

.

 

2008-01-30 19:18 . 2008-01-30 19:29 414 -rahs---- C:\autorun.inf

2008-01-30 17:28 . 2008-01-30 19:17 104,044 -r-hs---- C:\h.cmd

2008-01-30 09:48 . 2008-01-30 09:48 3,320 --a------ C:\WINDOWS\desctemp.dat

2008-01-22 18:08 . 2008-01-28 16:43 <REP> d-------- C:\Program Files\SopCast

2008-01-22 18:08 . 2008-01-22 18:55 <REP> d-------- C:\Documents and Settings\admin\Application Data\SopCast

2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Program Files\TVUPlayer

2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks

2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\admin\Application Data\TVU networks

2008-01-22 16:00 . 2008-01-22 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-01-22 15:59 . 2008-01-22 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared

2008-01-22 10:19 . 2008-01-22 10:19 <REP> d-------- C:\UniScan

2008-01-21 17:16 . 2008-01-21 17:16 <REP> d-------- C:\Documents and Settings\admin\Application Data\TransMemory_Secure

2008-01-19 11:02 . 2008-01-19 11:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-19 11:02 . 2008-01-19 11:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-15 10:25 . 2008-01-15 10:25 <REP> d-------- C:\Program Files\ProgDVB

2008-01-12 16:40 . 2008-01-12 16:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft

2008-01-11 17:40 . 2008-01-11 17:40 <REP> d-------- C:\Mixesoft

2008-01-10 12:01 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\admin\Application Data\Webcammax

2008-01-10 12:00 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webcammax

2008-01-10 11:57 . 2008-01-10 12:00 <REP> d-------- C:\Program Files\WebcamMax

2008-01-09 11:18 . 2008-01-09 11:18 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll

2008-01-09 11:18 . 2008-01-09 11:18 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll

2008-01-09 11:18 . 2008-01-09 11:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm

2008-01-09 11:18 . 2008-01-09 11:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2008-01-09 11:16 . 2008-01-09 11:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2008-01-09 11:16 . 2008-01-09 11:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll

2008-01-09 11:16 . 2008-01-09 11:16 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll

2008-01-09 11:16 . 2008-01-09 11:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest

2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest

2008-01-05 11:31 . 2008-01-05 11:31 0 --a------ C:\WINDOWS\vpc32.INI

2008-01-05 11:16 . <REP> C:\Documents and Settings\LocalService\Application Data\Dossier de t‚l‚chargement Share-to-Web

2008-01-05 10:59 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-05 10:59 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-01-05 10:58 . 2008-01-30 19:36 <REP> d-------- C:\Program Files\Symantec AntiVirus

2008-01-05 10:58 . 2008-01-05 10:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-05 09:08 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared

2008-01-04 17:04 . 2008-01-05 17:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\FileZilla

2008-01-04 17:03 . 2008-01-04 19:14 <REP> d-------- C:\Program Files\FileZilla Client

2007-12-31 09:44 . 2008-01-29 18:26 155 --a------ C:\WINDOWS\winamp.ini

2007-12-27 18:17 . 2007-12-31 11:14 <REP> d-------- C:\Program Files\Florikey V4.5 Beta

2007-12-26 18:55 . 2007-12-29 10:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis

2007-12-26 18:37 . 2007-12-26 18:52 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys

2007-12-26 18:37 . 2007-12-26 18:37 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys

2007-12-26 18:37 . 2007-12-26 18:52 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys

2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Fichiers communs\Acronis

2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Acronis

2007-12-26 17:07 . 2007-12-26 17:07 <REP> d-------- C:\Program Files\Windows Doctor

2007-12-25 17:07 . 2007-12-25 17:07 <REP> d-------- C:\Documents and Settings\admin\Application Data\Uniblue

2007-12-25 10:57 . 2007-12-25 10:58 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2007-12-11 19:44 . 2007-12-11 19:44 593,920 --a--c--- C:\WINDOWS\system32\dpuGUI11.dll

2007-12-11 19:44 . 2007-12-11 19:44 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll

2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu11.dll

2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu10.dll

2007-12-11 19:44 . 2007-12-11 19:44 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-12-11 19:44 . 2007-12-11 19:44 57,344 --a--c--- C:\WINDOWS\system32\dpv11.dll

2007-12-11 19:44 . 2007-12-11 19:44 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll

2007-12-11 19:43 . 2007-12-11 19:43 12,288 --a--c--- C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-11 19:43 . 2007-12-11 19:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm

2007-12-11 19:43 . 2007-12-11 19:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm

2007-12-06 18:40 . 2007-12-06 18:40 <REP> d-------- C:\Program Files\MP3 Splitter & Joiner

2007-12-04 10:20 . 2007-12-04 10:20 <REP> d--hs---- C:\Diskeeper

2007-12-03 18:37 . 2007-12-03 18:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Program Files\X-Tool 1.0.0

2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

2007-12-01 15:07 . 2007-12-01 15:07 268 --ah----- C:\sqmdata11.sqm

2007-12-01 15:07 . 2007-12-01 15:07 244 --ah----- C:\sqmnoopt11.sqm

2007-12-01 09:02 . 2007-12-01 09:02 268 --ah----- C:\sqmdata10.sqm

2007-12-01 09:02 . 2007-12-01 09:02 244 --ah----- C:\sqmnoopt10.sqm

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-30 09:09 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus

2008-01-26 11:21 --------- d-----w C:\Program Files\DivX

2008-01-24 11:06 3,781 ----a-w C:\WINDOWS\E220AutoRunLog.tmp

2008-01-22 16:54 --------- d-----w C:\Documents and Settings\admin\Application Data\U3

2008-01-22 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-01-12 10:02 --------- d-----w C:\Program Files\Locate

2008-01-10 09:28 --------- d-----w C:\Program Files\eMule

2008-01-05 11:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Dossier de téléchargement Share-to-Web

2008-01-05 11:11 --------- d-----w C:\Program Files\MSN Messenger

2008-01-05 11:10 --------- d-----w C:\Program Files\QuickTime

2008-01-05 11:00 --------- d-----w C:\Program Files\Symantec

2007-12-31 09:44 --------- d-----w C:\Program Files\Winamp

2007-12-07 16:44 --------- d-----w C:\Program Files\CCleaner

2007-12-04 11:26 --------- d-----w C:\Program Files\CodeRouteMarocMP3

2007-12-03 18:45 --------- d-----w C:\Program Files\Google

2007-11-24 16:30 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-10-29 11:36 88,576 -c-ha-w C:\Documents and Settings\admin\Application Data\rbap550.dll

2007-10-29 11:36 73,728 -c-ha-w C:\Documents and Settings\admin\Application Data\RBRegEx550.dll

2007-10-29 11:36 38,912 -c-ha-w C:\Documents and Settings\admin\Application Data\RBShell550.dll

2007-10-29 11:36 29,184 -c-ha-w C:\Documents and Settings\admin\Application Data\RBInternetEncodings550.dll

2007-10-29 11:36 1,166,772 -c-ha-w C:\Documents and Settings\admin\Application Data\RBXML550.dll

2007-10-29 11:36 1,001,472 -c-ha-w C:\Documents and Settings\admin\Application Data\RBScript550.dll

2007-03-05 19:36 47,360 -c--a-w C:\Documents and Settings\admin\Application Data\pcouffin.sys

2006-11-10 19:19 8 --sh--r C:\WINDOWS\system32\9C8C5F520D.sys

2006-11-10 19:22 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

"amva"="C:\WINDOWS\system32\amvo.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952]

"combofix"="C:\ComboFix\kmd.exe" [2004-08-05 12:00 400896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]

backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]

backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

--a------ 2007-02-16 18:49 149024 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

--a------ 2007-02-17 17:34 1965736 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-09-11 00:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

C:\WINDOWS\system32\amvo.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-10-23 14:18 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2K]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2005-04-08 15:52 48752 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-05 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

--a------ 2005-02-01 19:28 1469952 C:\Program Files\DU Meter\DUMeter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

--a------ 2007-10-11 03:15 802816 C:\Program Files\Internet Download Manager\IDMan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2005-08-31 20:27 1658592 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a--c--- 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a--c--- 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a--c--- 2007-01-20 07:09 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-07-07 15:25 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-11-23 16:32 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

--a------ 2007-02-17 17:30 1190064 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows]

--a------ 2004-08-05 12:00 33792 C:\WINDOWS\system32\rundll32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WinDefend"=2 (0x2)

"usnjsvc"=3 (0x3)

"SM_clp300_FUService"=3 (0x3)

"ose"=3 (0x3)

"IDriverT"=3 (0x3)

"Diskeeper"=2 (0x2)

"SmcService"=2 (0x2)

"ServiceLayer"=3 (0x3)

"iPod Service"=3 (0x3)

"cpextender"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"NMIndexingService"=3 (0x3)

"gusvc"=2 (0x2)

"WLSetupSvc"=3 (0x3)

"idsvc"=3 (0x3)

"SavRoam"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"AdobeActiveFileMonitor6.0"=2 (0x2)

"AcrSch2Svc"=2 (0x2)

 

R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-01-11 05:39]

R2 FLYCAM;FlyCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\flycam.sys [2006-01-12 02:29]

S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys []

S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS []

S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;C:\Program Files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS []

S3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2005-02-10 13:26]

S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]

S4 CameraServer;CameraServer;C:\Program Files\Eyemail Technology Inc\CameraServer.exe [2006-01-12 02:52]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53427bce-b3a3-11db-aa3e-101111111111}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856875e2-bf68-11db-aa48-101111111111}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-01-30 01:42:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-30 19:36:08

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\VPTray.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-01-30 19:40:13 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-30 19:40:09

ComboFix2.txt 2008-01-30 17:58:17

.

2008-01-09 09:06:43 --- E O F ---

 

et voila celui de HJT:

 

Logfile of HijackThis v1.99.1

Scan saved at 19:43:57, on 30/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\VPTray.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\ping.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.17.239.251:8888

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Startup: VPTray.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200705...ex/qtplugin.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1173808772615

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://fichiers.touslesdrivers.com/fichier...ion_2_0_4_9.cab

O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} - https://vpn.meditel.ma/extender.cab

O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

 

merci.

[angelique]

Tu as executé Flash_desinfector??????????? car je vois ça:

 

D:\Autorun.inf . . . . Echec de suppression

C:\Autorun.inf . . . . Echec de suppression

 

ça serait l'autorun.inf de Flash_desinfector.

 

 

**ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amva"="-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amva]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

* Une fenêtre bleue va apparaitre: au message qui apparait ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

**Pourquoi as tu desactivé de executer---msconfig le demarrage auto de ton AV sysmantec [ccApp.exe] ??? ainsi que windows defender [MSASCui.exe] ???

[metabolis]

c'est fait , voila le rapport :

ComboFix 08-01-30.1 - admin 2008-01-31 9:38:56.3 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.174 [GMT 0:00]

Endroit: C:\Documents and Settings\admin\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\admin\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf . . . . Echec de suppression

D:\Autorun.inf . . . . Echec de suppression

C:\Autorun.inf . . . . Echec de suppression

D:\Autorun.inf . . . . Echec de suppression

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))

.

 

2008-01-30 19:43 . 2008-01-30 19:43 <REP> d-------- C:\HJT

2008-01-30 19:18 . 2008-01-30 19:29 414 -rahs---- C:\autorun.inf

2008-01-30 17:28 . 2008-01-30 19:17 104,044 -r-hs---- C:\h.cmd

2008-01-30 09:48 . 2008-01-30 09:48 3,320 --a------ C:\WINDOWS\desctemp.dat

2008-01-22 18:08 . 2008-01-28 16:43 <REP> d-------- C:\Program Files\SopCast

2008-01-22 18:08 . 2008-01-22 18:55 <REP> d-------- C:\Documents and Settings\admin\Application Data\SopCast

2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Program Files\TVUPlayer

2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks

2008-01-22 17:45 . 2008-01-22 17:45 <REP> d-------- C:\Documents and Settings\admin\Application Data\TVU networks

2008-01-22 16:00 . 2008-01-22 16:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet

2008-01-22 15:59 . 2008-01-22 15:59 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared

2008-01-22 10:19 . 2008-01-22 10:19 <REP> d-------- C:\UniScan

2008-01-21 17:16 . 2008-01-21 17:16 <REP> d-------- C:\Documents and Settings\admin\Application Data\TransMemory_Secure

2008-01-19 11:02 . 2008-01-19 11:02 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-01-19 11:02 . 2008-01-19 11:02 1,409 --a------ C:\WINDOWS\QTFont.for

2008-01-15 10:25 . 2008-01-15 10:25 <REP> d-------- C:\Program Files\ProgDVB

2008-01-12 16:40 . 2008-01-12 16:40 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft

2008-01-11 17:40 . 2008-01-11 17:40 <REP> d-------- C:\Mixesoft

2008-01-10 12:01 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\admin\Application Data\Webcammax

2008-01-10 12:00 . 2008-01-10 12:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Webcammax

2008-01-10 11:57 . 2008-01-10 12:00 <REP> d-------- C:\Program Files\WebcamMax

2008-01-09 11:18 . 2008-01-09 11:18 1,044,480 --a--c--- C:\WINDOWS\system32\libdivx.dll

2008-01-09 11:18 . 2008-01-09 11:18 200,704 --a--c--- C:\WINDOWS\system32\ssldivx.dll

2008-01-09 11:18 . 2008-01-09 11:18 9,878 --a------ C:\WINDOWS\system32\dsm_fr.qm

2008-01-09 11:18 . 2008-01-09 11:18 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb

2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll

2008-01-09 11:16 . 2008-01-09 11:16 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll

2008-01-09 11:16 . 2008-01-09 11:16 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll

2008-01-09 11:16 . 2008-01-09 11:16 682,496 --a------ C:\WINDOWS\system32\DivX.dll

2008-01-09 11:16 . 2008-01-09 11:16 196,608 --a--c--- C:\WINDOWS\system32\dtu100.dll

2008-01-09 11:16 . 2008-01-09 11:16 81,920 --a------ C:\WINDOWS\system32\dpl100.dll

2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dtu100.dll.manifest

2008-01-09 11:16 . 2008-01-09 11:16 416 --a------ C:\WINDOWS\system32\dpl100.dll.manifest

2008-01-05 11:31 . 2008-01-05 11:31 0 --a------ C:\WINDOWS\vpc32.INI

2008-01-05 11:16 . <REP> C:\Documents and Settings\LocalService\Application Data\Dossier de t‚l‚chargement Share-to-Web

2008-01-05 10:59 . 2005-04-01 20:36 123,200 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS

2008-01-05 10:59 . 2005-04-01 20:36 91,856 --a------ C:\WINDOWS\system32\S32EVNT1.DLL

2008-01-05 10:58 . 2008-01-31 09:44 <REP> d-------- C:\Program Files\Symantec AntiVirus

2008-01-05 10:58 . 2008-01-05 10:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Symantec

2008-01-05 09:08 . 2008-01-05 11:06 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared

2008-01-04 17:04 . 2008-01-05 17:12 <REP> d-------- C:\Documents and Settings\admin\Application Data\FileZilla

2008-01-04 17:03 . 2008-01-04 19:14 <REP> d-------- C:\Program Files\FileZilla Client

2007-12-31 09:44 . 2008-01-29 18:26 155 --a------ C:\WINDOWS\winamp.ini

2007-12-27 18:17 . 2007-12-31 11:14 <REP> d-------- C:\Program Files\Florikey V4.5 Beta

2007-12-26 18:55 . 2007-12-29 10:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Acronis

2007-12-26 18:37 . 2007-12-26 18:52 392,320 --a------ C:\WINDOWS\system32\drivers\timntr.sys

2007-12-26 18:37 . 2007-12-26 18:37 114,048 --a------ C:\WINDOWS\system32\drivers\snapman.sys

2007-12-26 18:37 . 2007-12-26 18:52 32,768 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys

2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Fichiers communs\Acronis

2007-12-26 18:36 . 2007-12-26 18:36 <REP> d-------- C:\Program Files\Acronis

2007-12-26 17:07 . 2007-12-26 17:07 <REP> d-------- C:\Program Files\Windows Doctor

2007-12-25 17:07 . 2007-12-25 17:07 <REP> d-------- C:\Documents and Settings\admin\Application Data\Uniblue

2007-12-25 10:57 . 2007-12-25 10:58 <REP> d--h----- C:\WINDOWS\msdownld.tmp

2007-12-11 19:44 . 2007-12-11 19:44 593,920 --a--c--- C:\WINDOWS\system32\dpuGUI11.dll

2007-12-11 19:44 . 2007-12-11 19:44 344,064 --a--c--- C:\WINDOWS\system32\dpus11.dll

2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu11.dll

2007-12-11 19:44 . 2007-12-11 19:44 294,912 --a--c--- C:\WINDOWS\system32\dpu10.dll

2007-12-11 19:44 . 2007-12-11 19:44 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe

2007-12-11 19:44 . 2007-12-11 19:44 57,344 --a--c--- C:\WINDOWS\system32\dpv11.dll

2007-12-11 19:44 . 2007-12-11 19:44 53,248 --a--c--- C:\WINDOWS\system32\dpuGUI10.dll

2007-12-11 19:43 . 2007-12-11 19:43 12,288 --a--c--- C:\WINDOWS\system32\DivXWMPExtType.dll

2007-12-11 19:43 . 2007-12-11 19:43 8,835 --a--c--- C:\WINDOWS\system32\dpufr.qm

2007-12-11 19:43 . 2007-12-11 19:43 3,162 --a--c--- C:\WINDOWS\system32\dtu_fr.qm

2007-12-06 18:40 . 2007-12-06 18:40 <REP> d-------- C:\Program Files\MP3 Splitter & Joiner

2007-12-04 10:20 . 2007-12-04 10:20 <REP> d--hs---- C:\Diskeeper

2007-12-03 18:37 . 2007-12-03 18:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation

2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Program Files\X-Tool 1.0.0

2007-12-03 18:36 . 2007-12-03 18:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater

2007-12-01 15:07 . 2007-12-01 15:07 268 --ah----- C:\sqmdata11.sqm

2007-12-01 15:07 . 2007-12-01 15:07 244 --ah----- C:\sqmnoopt11.sqm

2007-12-01 09:02 . 2007-12-01 09:02 268 --ah----- C:\sqmdata10.sqm

2007-12-01 09:02 . 2007-12-01 09:02 244 --ah----- C:\sqmnoopt10.sqm

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-01-30 09:09 --------- d-----w C:\Documents and Settings\admin\Application Data\Azureus

2008-01-26 11:21 --------- d-----w C:\Program Files\DivX

2008-01-24 11:06 3,781 ----a-w C:\WINDOWS\E220AutoRunLog.tmp

2008-01-22 16:54 --------- d-----w C:\Documents and Settings\admin\Application Data\U3

2008-01-22 15:59 --------- d-----w C:\Program Files\Fichiers communs\Adobe

2008-01-12 10:02 --------- d-----w C:\Program Files\Locate

2008-01-10 09:28 --------- d-----w C:\Program Files\eMule

2008-01-05 11:16 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Dossier de téléchargement Share-to-Web

2008-01-05 11:11 --------- d-----w C:\Program Files\MSN Messenger

2008-01-05 11:10 --------- d-----w C:\Program Files\QuickTime

2008-01-05 11:00 --------- d-----w C:\Program Files\Symantec

2007-12-31 09:44 --------- d-----w C:\Program Files\Winamp

2007-12-07 16:44 --------- d-----w C:\Program Files\CCleaner

2007-12-04 11:26 --------- d-----w C:\Program Files\CodeRouteMarocMP3

2007-12-03 18:45 --------- d-----w C:\Program Files\Google

2007-11-24 16:30 74,752 ----a-w C:\WINDOWS\ST6UNST.EXE

2007-10-29 11:36 88,576 -c-ha-w C:\Documents and Settings\admin\Application Data\rbap550.dll

2007-10-29 11:36 73,728 -c-ha-w C:\Documents and Settings\admin\Application Data\RBRegEx550.dll

2007-10-29 11:36 38,912 -c-ha-w C:\Documents and Settings\admin\Application Data\RBShell550.dll

2007-10-29 11:36 29,184 -c-ha-w C:\Documents and Settings\admin\Application Data\RBInternetEncodings550.dll

2007-10-29 11:36 1,166,772 -c-ha-w C:\Documents and Settings\admin\Application Data\RBXML550.dll

2007-10-29 11:36 1,001,472 -c-ha-w C:\Documents and Settings\admin\Application Data\RBScript550.dll

2007-03-05 19:36 47,360 -c--a-w C:\Documents and Settings\admin\Application Data\pcouffin.sys

2006-11-10 19:19 8 --sh--r C:\WINDOWS\system32\9C8C5F520D.sys

2006-11-10 19:22 848 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 12:00 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 19:28 1469952]

"combofix"="C:\ComboFix\kmd.exe" [2004-08-05 12:00 400896]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 12:00 15360]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoInstrumentation"= 1 (0x1)

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

 

[HKLM\~\startupfolder\C:^Documents and Settings^admin^Menu Démarrer^Programmes^Démarrage^Yahoo! Widget Engine.lnk]

backup=C:\WINDOWS\pss\Yahoo! Widget Engine.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

backup=C:\WINDOWS\pss\Outil de mise à jour Google.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Privoxy.lnk]

backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]

--a------ 2007-02-16 18:49 149024 C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]

--a------ 2007-02-17 17:34 1965736 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]

--a------ 2007-09-11 00:43 67488 C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

--a------ 2007-10-23 14:18 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C2K]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]

--a------ 2005-04-08 15:52 48752 C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

--a------ 2004-08-05 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]

--a------ 2005-02-01 19:28 1469952 C:\Program Files\DU Meter\DUMeter.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]

--a------ 2007-10-11 03:15 802816 C:\Program Files\Internet Download Manager\IDMan.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

--a------ 2005-08-31 20:27 1658592 C:\Program Files\Messenger\msmsgs.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2007-03-01 14:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]

--a--c--- 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]

--a--c--- 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

--a--c--- 2007-01-20 07:09 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2007-07-07 15:25 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

--a------ 2007-11-23 16:32 185632 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]

--a------ 2007-02-17 17:30 1190064 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TuneUp MemOptimizer]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows]

--a------ 2004-08-05 12:00 33792 C:\WINDOWS\system32\rundll32.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

--a------ 2006-11-03 18:20 866584 C:\Program Files\Windows Defender\MSASCui.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"WMPNetworkSvc"=3 (0x3)

"WinDefend"=2 (0x2)

"usnjsvc"=3 (0x3)

"SM_clp300_FUService"=3 (0x3)

"ose"=3 (0x3)

"IDriverT"=3 (0x3)

"Diskeeper"=2 (0x2)

"SmcService"=2 (0x2)

"ServiceLayer"=3 (0x3)

"iPod Service"=3 (0x3)

"cpextender"=2 (0x2)

"Apple Mobile Device"=2 (0x2)

"NMIndexingService"=3 (0x3)

"gusvc"=2 (0x2)

"WLSetupSvc"=3 (0x3)

"idsvc"=3 (0x3)

"SavRoam"=3 (0x3)

"FLEXnet Licensing Service"=3 (0x3)

"AdobeActiveFileMonitor6.0"=2 (0x2)

"AcrSch2Svc"=2 (0x2)

 

R2 CamthWDM;WebcamMax, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\CamthWDM.sys [2007-01-11 05:39]

R2 FLYCAM;FlyCam, WDM Video Capture;C:\WINDOWS\system32\DRIVERS\flycam.sys [2006-01-12 02:29]

S3 AdWatchDrv;AW Realtime Driver;C:\WINDOWS\system32\drivers\AWRTPD.sys []

S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\PCANDIS5_RETWIFI.SYS []

S3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;C:\Program Files\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS []

S3 VNA;Check Point Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\vna.sys [2005-02-10 13:26]

S4 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 00:45]

S4 CameraServer;CameraServer;C:\Program Files\Eyemail Technology Inc\CameraServer.exe [2006-01-12 02:52]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53427bce-b3a3-11db-aa3e-101111111111}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{856875e2-bf68-11db-aa48-101111111111}]

\Shell\AutoRun\command - F:\LaunchU3.exe -a

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-01-31 01:42:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"

- C:\Program Files\Windows Defender\MpCmdRun.exe

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-01-31 09:43:58

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Documents and Settings\admin\Menu Démarrer\Programmes\Démarrage\VPTray.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-01-31 9:46:45 - machine was rebooted

ComboFix-quarantined-files.txt 2008-01-31 09:46:41

ComboFix2.txt 2008-01-30 19:40:13

ComboFix3.txt 2008-01-30 17:58:17

.

2008-01-09 09:06:43 --- E O F ---

[angelique]

ça t'interesse pas de repondre à mes questions???

 

**Pourquoi as tu desactivé de executer---msconfig le demarrage auto de ton AV sysmantec [ccApp.exe] ??? ainsi que windows defender [MSASCui.exe] ???

 

**Tu as executé Flash_desinfector??????????? car je vois ça:

 

D:\Autorun.inf . . . . Echec de suppression

C:\Autorun.inf . . . . Echec de suppression

 

ça serait l'autorun.inf de Flash_desinfector.

[metabolis]

ça t'interesse pas de repondre à mes questions???

 

**Pourquoi as tu desactivé de executer---msconfig le demarrage auto de ton AV sysmantec [ccApp.exe] ??? ainsi que windows defender [MSASCui.exe] ???

 

**Tu as executé Flash_desinfector??????????? car je vois ça:

 

D:\Autorun.inf . . . . Echec de suppression

C:\Autorun.inf . . . . Echec de suppression

 

ça serait l'autorun.inf de Flash_desinfector.

 

 

J'ai rien desactiver .peut etre que j'ai coché une option qu'il fallait pas coché quand j'ai lancé ces deux utilitaire CCleaner et Windows Doctor en plus je conais pas grand chose en informatique.

merci.

[angelique]

donc tu vas en executer----msconfig

 

onglet demarrage et recoche:: MSASCui.exe et ccApp.exe

 

Ton antivirus devrait se remettre au prochain redemarrage de ton pC

 

**desinstalle ComboFix de cette maniere, copie\colle la ligne ci dessous dans executer et valide par "enter":

 

"%userprofile%\Bureau\combofix.exe" /u

 

Ensuite assure toi que le dossier en gras a été supprimé:

 

c:\qoobox

 

**telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected, il faut patienter le temps qu'il effectue toutes les opérations

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

 

 

 

**Télécharge ewido anti-spyware micro scanner sur ton bureau.

• Double-clique sur le fichier ewido_micro.exe pour l'exécuter.
  
• Le programme va demander dès son lancement un accès internet pour se mettre à jour, accepte.
  
• Puis, un nouvel écran apparaît, assure toi que toutes les cases soient cochées.
  
• Clique sur Start Scan et laisse l'outil travailler.
  
• Quand l'outil à fini, clique sur save report et sauvegarde le rapport sur ton bureau.
  
• Poste le dans ta prochaine réponse.
  

• Nb, clique sur Remove infections
  

** * Fais un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Clique sur Accept

* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

* clique une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patiente un moment

* Clique sur Next.

* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

*poste le rapport

[MaxG]

Merci angélique pour tous ces conseils. J'ai suivi à la lettre tes instructions, et ça a bien marché. Il semblait que je m'étais débarrassé de ces virus (amvo.exe), et mon problème d'affichage des fichiers cachés était résolu... jusqu'à ce que je redémarre et que le virus réapparaisse...

 

Que faire ?

 

Voici mes rapports Combofix et Hijackthis :

 

1°) COMBOFIX

 

ComboFix 08-03-10.1 - Maxime 2008-03-14 9:01:03.3 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.580 [GMT -6:00]

Endroit: C:\Documents and Settings\Maxime\Bureau\ComboFix.exe

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Autorun.inf

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo1.dll

D:\Autorun.inf

 

.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-14 to 2008-03-14 ))))))))))))))))))))))))))))))))))))

.

 

2008-03-14 08:46 . 2008-03-14 08:45 100,382 -r-hs---- C:\cayfq2.cmd

2008-03-14 08:44 . 2008-03-06 08:33 107,849 -r-hs---- C:\a3g3.bat

2008-03-12 08:54 . 2008-03-12 08:54 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-03-12 08:54 . 2008-03-12 08:54 1,409 --a------ C:\WINDOWS\QTFont.for

2008-03-12 07:08 . 2008-03-12 07:07 100,791 -r-hs---- C:\v.cmd

2008-03-10 14:43 . 2008-03-10 14:43 103,034 -r-hs---- C:\b.com

2008-03-01 14:03 . 2008-03-01 14:03 106,572 -r-hs---- C:\y82td3td.com

2008-02-27 11:25 . 2008-02-27 11:24 107,534 -r-hs---- C:\ekugb3.bat

2008-02-22 20:14 . 2008-02-23 21:01 109,413 -r-hs---- C:\oufddh.exe

2008-02-22 20:14 . 2008-02-19 12:24 107,052 -r-hs---- C:\gumkrhf.bat

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-02-14 01:22 --------- d-----w C:\Program Files\CCleaner

2008-02-13 22:40 69,689 ----a-w C:\WINDOWS\UNZIP.DLL

2008-02-13 22:40 507,904 ----a-w C:\WINDOWS\TMUPDATE.DLL

2008-02-13 22:40 286,720 ----a-w C:\WINDOWS\PATCH.EXE

2008-02-12 01:17 --------- d-----w C:\Program Files\Flor de Cana Screen Saver

2008-02-03 20:14 --------- d-----w C:\Program Files\DivX

2008-02-03 17:05 103,870 --sh--r C:\2ifetri.cmd

2008-02-02 14:22 104,644 --sh--r C:\i.cmd

2008-02-01 14:52 103,574 --sh--r C:\h.cmd

2008-01-28 13:41 105,293 --sh--r C:\xo8wr9.exe

2008-01-24 14:03 106,936 --sh--r C:\awda2.exe

2008-01-23 14:07 105,199 --sh--r C:\xn1i9x.com

2008-01-13 19:21 103,499 --sh--r C:\juok3st.bat

2008-01-13 19:21 103,499 --sh--r C:\d.com

2008-01-09 18:18 104,392 --sh--r C:\tio8x6.cmd

2007-12-19 01:51 123,873 --sh--r C:\n1deiect.com

.

 

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}"= "C:\Program Files\QualityCodec\iesplugin.dll" [ ]

 

[HKEY_CLASSES_ROOT\clsid\{bf1ced2c-4b3f-4079-a330-864eda5a4cff}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}"= C:\Program Files\QualityCodec\iesplugin.dll [ ]

 

[HKEY_CLASSES_ROOT\clsid\{bf1ced2c-4b3f-4079-a330-864eda5a4cff}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 05:00 15360]

"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 15:48 68856]

"amva"="C:\WINDOWS\system32\amvo.exe" [ ]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LaunchApp"="Alaunch" []

"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-02-08 10:36 155648]

"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-02-08 10:32 126976]

"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]

"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 05:00 110592 C:\WINDOWS\system32\bthprops.cpl]

"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 05:00 208952]

"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 05:00 59392]

"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]

"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 05:00 455168]

"EPM-DM"="c:\acer\epm\epm-dm.exe" [2005-03-28 18:04 188416]

"ePowerManagement"="C:\Acer\ePM\ePM.exe" [2005-03-24 09:13 2880512]

"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-03-28 12:20 319488]

"eRecoveryService"="C:\Windows\System32\Check.exe" [2005-03-23 10:01 245760]

"avast!"="C:\PROGRA~1\ALWILS~1\AVAST4~1\ashDisp.exe" [2007-12-04 07:00 79224]

"BigDogPath"="C:\WINDOWS\VM_STI.exe" [2005-02-28 17:53 53248]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 05:00 15360]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-27 19:17 443968]

 

C:\Documents and Settings\Maxime\Menu D‚marrer\Programmes\D‚marrage\

Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2004-05-09 12:36:40 40960]

avast! Antivirus.lnk - C:\Program Files\Alwil Software\Avast4bis\ashAvast.exe [2006-11-25 11:54:32 271736]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=acaptuser32.dll

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]

path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk

backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime^Menu Démarrer^Programmes^Démarrage^CFE.lnk]

path=C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\Démarrage\CFE.lnk

backup=C:\WINDOWS\pss\CFE.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime^Menu Démarrer^Programmes^Démarrage^Magic Notes.lnk]

path=C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\Démarrage\Magic Notes.lnk

backup=C:\WINDOWS\pss\Magic Notes.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime^Menu Démarrer^Programmes^Démarrage^message.exe]

path=C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\Démarrage\message.exe

backup=C:\WINDOWS\pss\message.exeStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.0.lnk]

path=C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.0.lnk

backup=C:\WINDOWS\pss\OpenOffice.org 2.0.lnkStartup

 

[HKLM\~\startupfolder\C:^Documents and Settings^Maxime^Menu Démarrer^Programmes^Démarrage^Rainlendar.lnk]

path=C:\Documents and Settings\Maxime\Menu Démarrer\Programmes\Démarrage\Rainlendar.lnk

backup=C:\WINDOWS\pss\Rainlendar.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

--a------ 2007-05-10 22:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]

--a------ 2007-05-11 02:59 46200 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]

C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]

C:\WINDOWS\system32\avpo.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]

--a------ 2005-02-28 17:53 53248 C:\WINDOWS\VM_STI.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

--a------ 2004-08-05 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]

C:\Program Files\DAEMON Tools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]

--a------ 2004-08-22 17:05 81920 C:\Program Files\DaemonTools\daemon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

--a------ 2006-09-12 01:58 229952 C:\Program Files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

--a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

--a------ 2007-09-27 19:17 443968 C:\Program Files\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

--a------ 2006-09-01 15:57 282624 C:\Program Files\QuickTime\qttask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

--a------ 2004-07-15 01:07 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2007-06-08 15:18 23233576 C:\Program Files\Skype\Phone\Skype.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

--a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

--a------ 2007-07-17 15:48 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]

-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

--a------ 2004-12-20 20:41 33792 C:\Program Files\Winamp\winampa.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]

--a------ 2005-07-15 23:48 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusDisableNotify"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Messenger\\msmsgs.exe"=

"C:\\Program Files\\BPFTP Server\\bpftpserver.exe"=

"D:\\Games Files\\Call of Duty\\CoDMP.exe"=

"C:\\Program Files\\Magic Notes\\Sticky32.exe"=

"C:\\Program Files\\FileZilla\\FileZilla.exe"=

"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=

"C:\\Program Files\\VLC\\vlc.exe"=

"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=

"C:\\Program Files\\Java\\jre1.5.0_09\\BIN\\javaw.exe"=

"C:\\WINDOWS\\Explorer.EXE"=

"C:\\WINDOWS\\System32\\javaw.exe"=

"C:\\Program Files\\iTunes\\iTunes.exe"=

"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"C:\\Program Files\\MSN Messenger\\livecall.exe"=

"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2004-07-19 13:10]

R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-03-24 16:54]

R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]

R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]

R3 int15.sys;int15.sys;C:\Program Files\acer\eRecovery\int15.sys [2005-01-13 14:46]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005e8fe6-7488-11dc-ab0f-00c09faa182e}]

\Shell\AutoRun\command - G:\juok3st.bat

\Shell\explore\Command - G:\juok3st.bat

\Shell\open\Command - G:\juok3st.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b731baa-67e9-11dc-aaf4-0012f06d4e04}]

\Shell\AutoRun\command - G:\juok3st.bat

\Shell\explore\Command - G:\juok3st.bat

\Shell\open\Command - G:\juok3st.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ebf7340-ef89-11dc-abf9-00c09faa182e}]

\Shell\AutoRun\command - G:\b.com

\Shell\explore\Command - G:\b.com

\Shell\open\Command - G:\b.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63101d18-59cf-11dc-aad8-00c09faa182e}]

\Shell\AutoRun\command - ntde1ect.com

\Shell\explore\Command - ntde1ect.com

\Shell\open\Command - ntde1ect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66b99b2e-79cd-11dc-ab1f-00c09faa182e}]

\Shell\AutoRun\command - G:\ntde1ect.com

\Shell\explore\Command - G:\ntde1ect.com

\Shell\open\Command - G:\ntde1ect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{797322c8-aa0e-11dc-ab96-00c09faa182e}]

\Shell\AutoRun\command - G:\x6.bat

\Shell\explore\Command - G:\x6.bat

\Shell\open\Command - G:\x6.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88062c90-92ee-11dc-ab58-00c09faa182e}]

\Shell\AutoRun\command - ntdelect.com

\Shell\explore\Command - utdetect.com

\Shell\open\Command - utdetect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88cf097a-c120-11dc-abac-00c09faa182e}]

\Shell\AutoRun\command - G:\d.com

\Shell\explore\Command - G:\d.com

\Shell\open\Command - G:\d.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a44f7cf8-dfd8-11dc-abe8-00c09faa182e}]

\Shell\AutoRun\command - G:\gumkrhf.bat

\Shell\explore\Command - G:\gumkrhf.bat

\Shell\open\Command - G:\gumkrhf.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d4dbcc-7962-11da-a808-0012f06d4e04}]

\Shell\AutoRun\command - ntdelect.com

\Shell\explore\Command - utdetect.com

\Shell\open\Command - utdetect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22eee36-56e8-11dc-aad5-00c09faa182e}]

\Shell\AutoRun\command - G:\ekugb3.bat

\Shell\explore\Command - G:\ekugb3.bat

\Shell\open\Command - G:\ekugb3.bat

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b276c73c-7a04-11da-a80a-00c09faa182e}]

\Shell\AutoRun\command - ntde1ect.com

\Shell\explore\Command - ntde1ect.com

\Shell\open\Command - ntde1ect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bce13d94-a4df-11dc-ab86-00c09faa182e}]

\Shell\AutoRun\command - G:\m1t8ta.com

\Shell\explore\Command - G:\m1t8ta.com

\Shell\open\Command - G:\m1t8ta.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b449ac-c486-11dc-abb3-00c09faa182e}]

\Shell\AutoRun\command - H:\3wcxx91.cmd

\Shell\explore\Command - H:\3wcxx91.cmd

\Shell\open\Command - H:\3wcxx91.cmd

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b449ae-c486-11dc-abb3-00c09faa182e}]

\Shell\AutoRun\command - G:\v.com

\Shell\explore\Command - G:\v.com

\Shell\open\Command - G:\v.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5359cca-84df-11dc-ab38-00c09faa182e}]

\Shell\AutoRun\command - G:\ntde1ect.com

\Shell\explore\Command - G:\ntde1ect.com

\Shell\open\Command - G:\ntde1ect.com

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff5a1a5e-3525-11db-a92b-0012f06d4e04}]

\Shell\AutoRun\command - G:\b.com

\Shell\explore\Command - G:\b.com

\Shell\open\Command - G:\b.com

 

*Newly Created Service* - JHYUIOPEWFJESWEDADQS

.

**************************************************************************

 

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-03-14 09:03:19

Windows 5.1.2600 Service Pack 2 FAT NTAPI

 

Balayage processus cachés ...

 

Balayage caché autostart entries ...

 

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows

AppInit_DLLs = acaptuser32.dll??

 

Balayage des fichiers cachés ...

 

Scan terminé avec succès

Les fichiers cachés: 0

 

**************************************************************************

.

Temps d'accomplissement: 2008-03-14 9:03:46

ComboFix-quarantined-files.txt 2008-03-14 15:03:46

 

 

________________________________________________________________________________

___________________

 

 

 

 

2°) HIJACKTHIS

 

Logfile of HijackThis v1.99.1

Scan saved at 09:13:01, on 14/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0011)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4bis\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4bis\ashServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\acer\epm\epm-dm.exe

C:\Program Files\Launch Manager\QtZgAcer.EXE

C:\PROGRA~1\ALWILS~1\AVAST4~1\ashDisp.exe

C:\WINDOWS\VM_STI.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Rainlendar\Rainlendar.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\acer\eRecovery\Monitor.exe

C:\Program Files\Alwil Software\Avast4bis\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4bis\ashWebSv.exe

C:\Program Files\internet explorer\iexplore.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\HJT\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll

O3 - Toolbar: Protection Bar - {bf1ced2c-4b3f-4079-a330-864eda5a4cff} - C:\Program Files\QualityCodec\iesplugin.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [LaunchApp] Alaunch

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe

O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE

O4 - HKLM\..\Run: [eRecoveryService] C:\Windows\System32\Check.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\AVAST4~1\ashDisp.exe

O4 - HKLM\..\Run: [bigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe

O4 - Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4bis\ashAvast.exe

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.fr/s/v/21.10/uploader2.cab

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {B9907873-6560-4A36-B76B-9DADE84A7F55} (FnacmusicDnl.DnlManager) - http://www.fnacmusic.com/telechargementFna...nacmusicDnl.CAB

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: acaptuser32.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4bis\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4bis\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4bis\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4bis\ashWebSv.exe" /service (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

 

 

________________________________________________________________________________

_________________________________________

 

 

Des suggestions ?

 

Merci d'avance !!

MaxG

[angelique]

'jour MaxG , tu aurais du creer ton propre sujet!!

Vu que y'a plus de nouvelles de metabolis , je le prends ici en charge.

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\cayfq2.cmd
C:\a3g3.bat
C:\v.cmd
C:\b.com
C:\y82td3td.com
C:\ekugb3.bat
C:\oufddh.exe
C:\gumkrhf.bat
C:\2ifetri.cmd
C:\i.cmd
C:\h.cmd
C:\xo8wr9.exe
C:\awda2.exe
C:\xn1i9x.com
C:\juok3st.bat
C:\d.com
C:\tio8x6.cmd
C:\n1deiect.com
C:\WINDOWS\system32\avpo.exe

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amva"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avpa]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{005e8fe6-7488-11dc-ab0f-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b731baa-67e9-11dc-aaf4-0012f06d4e04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4ebf7340-ef89-11dc-abf9-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63101d18-59cf-11dc-aad8-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66b99b2e-79cd-11dc-ab1f-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{797322c8-aa0e-11dc-ab96-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88062c90-92ee-11dc-ab58-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88cf097a-c120-11dc-abac-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a44f7cf8-dfd8-11dc-abe8-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a9d4dbcc-7962-11da-a808-0012f06d4e04}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b22eee36-56e8-11dc-aad5-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b276c73c-7a04-11da-a80a-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bce13d94-a4df-11dc-ab86-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b449ac-c486-11dc-abb3-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1b449ae-c486-11dc-abb3-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5359cca-84df-11dc-ab38-00c09faa182e}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ff5a1a5e-3525-11db-a92b-0012f06d4e04}]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• Vire avast via ajout\suppression de programmes au profit d'antivir et fait un scan , poste le rapport aussi de resultat de scan d'antivir.

 

http://www.malekal.com/tutorial_antivir.php