TratBHO [Trj]

88 utilisateurs inconnus
Ajouter une réponse



 Mot :   Pseudo :  
 
Bas de page
Auteur
 Sujet : TratBHO [Trj]
 
Plus d'informations

Bonjour a tous,
 
Depuis quelques temps, avast me met un message disant que mon pc est infecté par un trojan :TratBHO. C'est a chaque fois un fichier dll qui est concerné. J'ai beau faire "supprimer" ou "mettre en quarentaine", le message revient souvent. Comment m'en debarrasser ?
 
Merci.

Profil : Helper
Plus d'informations

Bonjour,
 
Quel emplacement ?
 
Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2


---------------
Prévention & Protection|Les logiciels gratuits
Plus d'informations

Voici le rapport :
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:45:38, on 14/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [BMd757d4c1] Rundll32.exe "C:\WINDOWS\system32\jcaxtxuv.dll",s
O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\ooropaes.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Plusone] C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
 
--
End of file - 5205 bytes

Profil : Helper
Plus d'informations

Re,
 
Désactive tes protections résidentes (antivirus, Spybot...) !
 

  • Télécharge Combofix (sUBs) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.


---------------
Prévention & Protection|Les logiciels gratuits
Plus d'informations

Voici le rapport de Combofix :
 
 * Création d'un nouveau point de restauration
 
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\WINDOWS\cookies.ini
C:\WINDOWS\msnimport.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\buarpliw.dll
C:\WINDOWS\system32\cdbgblfy.ini
C:\WINDOWS\system32\cxgvaxjy.ini
C:\WINDOWS\system32\djrhygim.ini
C:\WINDOWS\system32\dqfhdhkt.ini
C:\WINDOWS\system32\ecbnxvox.ini
C:\WINDOWS\system32\gjvvurkg.dll
C:\WINDOWS\system32\gkdeixym.ini
C:\WINDOWS\system32\hQAIOqss.ini
C:\WINDOWS\system32\hQAIOqss.ini2
C:\WINDOWS\system32\iykogntx.ini
C:\WINDOWS\system32\jcaxtxuv.dll
C:\WINDOWS\system32\JmUEOqss.ini
C:\WINDOWS\system32\JmUEOqss.ini2
C:\WINDOWS\system32\jqpfncxq.ini
C:\WINDOWS\system32\kghtyvnd.ini
C:\WINDOWS\system32\kxrhmgba.dll
C:\WINDOWS\system32\kynlfvng.ini
C:\WINDOWS\system32\levltkit.ini
C:\WINDOWS\system32\ljjgheb.dll
C:\WINDOWS\system32\magfuevp.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mwnuhymx.dll
C:\WINDOWS\system32\myxiedkg.dll
C:\WINDOWS\system32\ogcqrptx.dll
C:\WINDOWS\system32\Onoonnpo.ini
C:\WINDOWS\system32\Onoonnpo.ini2
C:\WINDOWS\system32\powiogtx.ini
C:\WINDOWS\system32\seaporoo.ini
C:\WINDOWS\system32\sqcfehfw.dll
C:\WINDOWS\system32\ssmrypnp.ini
C:\WINDOWS\system32\sybhrlun.dll
C:\WINDOWS\system32\tixrdlpw.ini
C:\WINDOWS\system32\tuvvtrs.dll
C:\WINDOWS\system32\udrmhnep.ini
C:\WINDOWS\system32\uywqrntg.dll
C:\WINDOWS\system32\vpejysls.dll
C:\WINDOWS\system32\vrejhkrg.dll
C:\WINDOWS\system32\wbjqmeaq.ini
C:\WINDOWS\system32\wobpqadp.dll
C:\WINDOWS\system32\xfavhxqf.dll
C:\WINDOWS\system32\xhaechne.ini
C:\WINDOWS\system32\xijhmcve.ini
C:\WINDOWS\system32\xtgoiwop.dll
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\yirdyues.dll
C:\WINDOWS\system32\ynpgiuyl.dll
C:\WINDOWS\system32\yskvnsal.ini
C:\WINDOWS\system32\ysyvxbwo.ini
C:\WINDOWS\system32\yttiwfht.dll
 
.
(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-03-17 to 2008-04-17  ))))))))))))))))))))))))))))))))))))
.
 
2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-15 12:58 . 2008-04-15 12:58 <REP> d-------- C:\Program Files\ATI
2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
2008-03-31 07:49 . 2008-03-31 07:49 315,664 --------- C:\WINDOWS\system32\mlJBUOfD.dll
2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
2008-03-28 13:53 . 2008-03-28 13:53 315,568 --a------ C:\WINDOWS\system32\opnnoonO.dll
2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Lo‹c CV.docx
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 04:35 --------- d-----w C:\Program Files\eMule
2008-04-17 00:53 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-16 01:30 --------- d-----w C:\Program Files\Circle Developement
2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-22 21:10 --------- d-----w C:\Program Files\Java
2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
 
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
   C:\WINDOWS\system32\ddayx.dll
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7765CA7-D33D-4A6A-8A17-564BCC3B415C}]
2008-03-28 13:53 315568 --a------ C:\WINDOWS\system32\opnnoonO.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
"Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe" [2008-04-17 10:28 3055104]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
iiffedd.dll
 
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ    msv1_0 C:\WINDOWS\system32\opnnoonO.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
 
R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
 
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-17 12:00:00 C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job"
- c:\docume~1\neyrat\applic~1\typelo~1\Loud Drive Intra.exe
.
**************************************************************************
 
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 10:27:46
Windows 5.1.2600 Service Pack 2 NTFS
 
Balayage processus cach‚s ...
 
Balayage cach‚ autostart entries ...
 
Balayage des fichiers cach‚s ...
 
Scan termin‚ avec succŠs
Les fichiers cach‚s: 4
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-17 10:30:01 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-17 22:29:58
 
Pre-Run: 12,904,787,968 octets libres
Post-Run: 13,539,024,896 octets libres
.
2008-04-17 12:20:18 --- E O F ---  

Profil : Helper
Plus d'informations

Re,
 
Télécharge MalwareByte's Anti-Malware sur ton Bureau.
Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.
 
Une fois l'installation et la mise à jour effectuées, redémarre en mode sans échec.
AIDE : Redémarrer en mode sans échec
 

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.
REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.
 
AIDE : Tuto en images sur MBAM


---------------
Prévention & Protection|Les logiciels gratuits
Plus d'informations

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 663
 
Type de recherche: Examen complet (C:\|E:\|)
Eléments examinés: 72932
Temps écoulé: 52 minute(s), 40 second(s)
 
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 15
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 27
 
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
 
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
 
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e214df62-6209-435f-b904-763b39ae102b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e214df62-6209-435f-b904-763b39ae102b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\stuffplug3 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
 
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMd757d4c1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\www.host-domain-lookup.com (Malware.Trace) -> Quarantined and deleted successfully.
 
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnoono.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\opnnoono.dll  -> Quarantined and deleted successfully.
 
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
 
Fichier(s) infecté(s):
C:\WINDOWS\system32\opnnoonO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Onoonnpo.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Onoonnpo.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tqckthta.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\athtkcqt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\gjvvurkg.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\kxrhmgba.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\magfuevp.dll.vir (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\myxiedkg.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014030.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014281.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP108\A0014348.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0014386.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0014882.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0015604.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP109\A0015616.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025271.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025272.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025273.dll (Trojan.AVKiller) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP133\A0025278.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{23FD062D-5BA9-49DE-BB5B-0A0B6208EB44}\RP135\A0025479.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\qmwdlejb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
E:\SP3.5.590.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
E:\StuffPlug3\Uninstall.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bobtmoaj.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mlJBUOfD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\CASINO01.INI (Malware.Trace) -> Quarantined and deleted successfully.

Profil : Helper
Plus d'informations

Reposte un rapport Hijackthis.


---------------
Prévention & Protection|Les logiciels gratuits
Plus d'informations

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:51, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7C8DBDC2-2027-46E2-894C-2267B18004A4} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: {9a0a0945-dfb5-2a4b-3474-af6a05ca80fd} - {df08ac50-a6fa-4743-b4a2-5bfd5490a0a9} - C:\WINDOWS\system32\mowekaif.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Amok Eggs Four Web] C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [d464e75d] rundll32.exe "C:\WINDOWS\system32\tqckthta.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Plusone] C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ASUS SmartDoctor] C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe  /start
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8D4EE4-E173-4739-B9F1-E5725490FB2B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: iiffedd - iiffedd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
 
--
End of file - 6052 bytes

Profil : Helper
Plus d'informations

Refais un scan Combofix :)


---------------
Prévention & Protection|Les logiciels gratuits
Plus d'informations

ComboFix 08-04-20.5 - Neyrat 2008-04-22 10:57:28.2 - NTFSx86
Microsoft Windows XP Édition familiale  5.1.2600.2.1252.1.1036.18.555 [GMT -12:00]
Endroit: E:\Loic\ComboFix.exe
 * Création d'un nouveau point de restauration
 
[color=red]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/color]
.
 
((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.
 
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\celdeaht.ini
C:\WINDOWS\system32\cqhgnavi.dll
C:\WINDOWS\system32\dxqvatfo.ini
C:\WINDOWS\system32\gdjkgywm.dll
C:\WINDOWS\system32\ggtjhsfa.ini
C:\WINDOWS\system32\hqtelocf.ini
C:\WINDOWS\system32\kshqaxyt.ini
C:\WINDOWS\system32\lievwkwu.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mowekaif.dll
C:\WINDOWS\system32\rgbkijdy.ini
C:\WINDOWS\system32\uckaqfqy.dll
C:\WINDOWS\system32\udsejhgy.ini
 
.
(((((((((((((((((((((((((((((   Fichiers cr‚‚s 2008-03-22 to 2008-04-22  ))))))))))))))))))))))))))))))))))))
.
 
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\Malwarebytes
2008-04-21 10:01 . 2008-04-21 10:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-19 13:12 . 2008-04-21 07:53 2,707,566 ---hs---- C:\WINDOWS\system32\wfvvlpgj.ini
2008-04-18 13:10 . 2008-04-19 13:11 1,540,433 ---hs---- C:\WINDOWS\system32\iqcaxucl.ini
2008-04-17 10:33 . 2008-04-18 10:33 1,529,513 ---hs---- C:\WINDOWS\system32\bfsgkpju.ini
2008-04-17 10:24 . 2008-04-22 10:57 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-17 00:20 . 2008-04-17 00:20 <REP> d-------- C:\Program Files\MSXML 6.0
2008-04-15 13:00 . 2008-04-15 13:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-04-15 12:56 . 2008-02-25 21:05 593,920 --------- C:\WINDOWS\system32\ati2sgag.exe
2008-04-15 12:55 . 2008-04-15 12:57 <REP> d-------- C:\Program Files\ATI Technologies
2008-04-15 12:52 . 2008-02-14 05:35 166,450 --a------ C:\WINDOWS\system32\atiicdxx.dat
2008-04-15 12:52 . 2008-04-15 12:52 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-04-14 22:44 . 2008-04-14 22:44 <REP> d-------- C:\Program Files\Trend Micro
2008-04-14 20:00 . 2008-04-14 20:00 <REP> d-------- C:\ATI
2008-04-14 12:44 . 2008-04-14 12:44 <REP> d-------- C:\WINDOWS\system32\fr-FR
2008-04-14 12:42 . 2008-04-14 12:42 <REP> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-14 12:40 . 2008-04-14 12:40 <REP> d-------- C:\Program Files\Reference Assemblies
2008-04-14 12:40 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-13 13:18 . 2006-06-14 13:44 12,288 -ra------ C:\WINDOWS\system32\drivers\EIO_XP.sys
2008-04-13 13:13 . 2008-04-13 13:13 12,288 --a------ C:\WINDOWS\system32\drivers\EIO64_xp.sys
2008-04-13 13:11 . 2008-04-13 13:14 <REP> d-------- C:\Program Files\ASUS
2008-04-13 13:06 . 2008-04-13 13:06 21,541 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-13 13:00 . 2008-04-13 13:00 244 --ah----- C:\sqmnoopt01.sqm
2008-04-13 13:00 . 2008-04-13 13:00 232 --ah----- C:\sqmdata01.sqm
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\WINDOWS\system32\QuickTime
2008-04-12 14:23 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\QuickTime(2)
2008-04-12 14:23 . 2008-04-12 14:23 607 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-04-12 14:22 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Disney Interactive(2)
2008-04-10 08:36 . 2008-04-13 12:46 <REP> d-------- C:\Program Files\Adobe(2)
2008-04-09 18:23 . 2008-04-09 19:01 <REP> d-------- C:\julie
2008-04-09 18:04 . 2008-04-09 18:02 544,980 --a------ C:\Documents and Settings\julie0001.JPG
2008-04-09 17:51 . 2008-04-09 17:51 <REP> d-------- C:\Program Files\Canon
2008-04-09 17:49 . 2008-04-09 17:49 <REP> d-------- C:\Program Files\ScanSoft
2008-04-09 17:49 . 2008-04-13 12:47 <REP> d-------- C:\Program Files\Fichiers communs\ScanSoft Shared
2008-04-09 17:48 . 2008-04-09 17:48 <REP> d-------- C:\Program Files\ArcSoft
2008-04-09 17:44 . 2008-04-09 17:44 <REP> d-------- C:\CanoScan
2008-04-09 14:34 . 2008-04-13 12:47 <REP> d-------- C:\Documents and Settings\Neyrat\Application Data\MSNInstaller
2008-03-30 09:04 . 2008-03-30 09:04 315,632 --a------ C:\WINDOWS\system32\ssqOIAQh.dll
2008-03-28 07:38 . 2008-03-28 07:38 315,568 --a------ C:\WINDOWS\system32\ssqOEUmJ.dll
2008-03-27 17:25 . 2008-03-27 17:37 10,741 --a------ C:\Neyrat Lo‹c CV.docx
 
.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 09:05 196,608 ----a-w C:\WINDOWS\system32\drivers\nStandard.bin
2008-04-22 08:00 --------- d-----w C:\Program Files\eMule
2008-04-16 01:30 --------- d-----w C:\Program Files\Circle Developement
2008-04-15 00:43 --------- d-----w C:\Program Files\MSBuild
2008-04-14 12:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-14 01:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-14 00:46 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-04-10 07:01 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\XnView
2008-03-30 00:00 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-03-22 21:10 --------- d-----w C:\Program Files\Java
2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-12 03:21 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-10 12:01 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-09 00:54 --------- d-----w C:\Documents and Settings\Neyrat\Application Data\Samsung
2008-03-09 00:21 --------- d-----w C:\Program Files\Samsung
2008-02-27 11:13 --------- d-----w C:\Program Files\Winamp
2008-02-26 05:51 2,863,616 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-02-26 03:12 372,736 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-02-26 03:10 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-02-26 03:10 299,520 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-02-26 03:02 172,032 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-02-26 03:02 126,976 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-02-26 03:01 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-02-26 03:01 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-02-26 03:01 126,976 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-02-26 03:00 520,192 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-02-26 02:59 9,797,632 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-02-26 02:58 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-02-26 02:49 3,176,480 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-02-26 02:41 1,755,264 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-02-26 02:29 46,080 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-02-26 02:25 393,216 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-02-26 02:23 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-02-26 02:22 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-02-26 02:19 167,936 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-02-26 02:16 520,192 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-02-25 06:59 --------- d-----w C:\Program Files\TVAnts
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:35 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:02 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-16 09:02 1,495,040 ----a-w C:\WINDOWS\system32\shdocvw(2).dll
2008-02-05 06:58 360,580 ----a-w C:\WINDOWS\eSellerateEngine.dll
2008-01-26 15:03 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
 
(((((((((((((((((((((((((((((   snapshot@2008-04-17_10.29.50.18   )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-17 22:27:19 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 22:59:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 22:59:54 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6d4.dat
.
(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
 
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7C8DBDC2-2027-46E2-894C-2267B18004A4}]
   C:\WINDOWS\system32\ddayx.dll
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 00:00 15360]
"Plusone"="C:\DOCUME~1\Neyrat\APPLIC~1\TYPELO~1\Less cast.exe" [2008-02-14 17:52 432128]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 04:24 1694208]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-11-06 11:16 1126400]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-05 15:44 16262656 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-15 22:04 2879488 C:\WINDOWS\SkyTel.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 01:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 22:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Amok Eggs Four Web"="C:\Documents and Settings\All Users\Application Data\part dead amok eggs\More Math.exe" [2008-04-22 11:01 3205120]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"d464e75d"="C:\WINDOWS\system32\tqckthta.dll" [ ]
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 00:00 15360]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffedd]
iiffedd.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.asv2"= asusasv2.dll
 
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 17:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
 
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
 
R0 mv614x;mv614x;C:\WINDOWS\system32\DRIVERS\mv614x.sys [2006-07-02 23:21]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-22 15:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-22 15:39]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 13:44]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-08-21 17:36]
R3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [2007-10-23 17:48]
S3 hid8101;hid8101;C:\WINDOWS\system32\drivers\hid8101.SYS [2006-10-22 22:42]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 11:11]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 11:11]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 11:11]
 
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-04-22 23:00:02 C:\WINDOWS\Tasks\ABD0E8A3906B9E3F.job"
- c:\docume~1\neyrat\applic~1\typelo~1\Loud Drive Intra.exe
.
**************************************************************************
 
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 11:00:15
Windows 5.1.2600 Service Pack 2 NTFS
 
Balayage processus cach‚s ...
 
Balayage cach‚ autostart entries ...
 
Balayage des fichiers cach‚s ...
 
Scan termin‚ avec succŠs
Les fichiers cach‚s: 4
 
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-04-22 11:01:53 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-22 23:01:50
ComboFix2.txt  2008-04-17 22:30:02
 
Pre-Run: 14,410,051,584 octets libres
Post-Run: 14,390,611,968 octets libres
 
211 --- E O F --- 2008-04-17 12:20:18

Profil : Helper
Plus d'informations

Re,

 

Télécharge Lop S&D.exe sur ton Bureau.

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

                       
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)


Message édité par Angeldark le 22-04-2008 à 15:58:01

---------------
Prévention & Protection|Les logiciels gratuits
Plus d'informations
n°193214
22-04-2008 à 15:19:27
Masquer