Infection multiple (Eorezo + toolbar+...)

de **fagorl** » 01 Aoû 2010 15:41

Bonjours,

Ceci n'est pas mon ordinateur mais je dépanne mes voisins voici le rapport HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:47, on 01/08/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE
C:\Program Files\BboxUpdate\BTLiveUpdate.exe
C:\Program Files\Soft2PC\soft2pc.exe
C:\Documents and Settings\Véronique\Application Data\Soft2PC\Software\SoftwareHP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe
C:\WINDOWS\system32\smss32.exe
C:\Program Files\Securityessentials2010\SE2010.exe
C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\VIA\RAID\raid_tool.exe
D:\Installation\VNC4\winvnc4.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_08\bin\jucheck.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Véronique\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\winlogon32.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SOFT2PCBHO - {3475D2C4-BBD1-4255-A70D-4125A4D30956} - C:\Program Files\Soft2PC\soft2pcBHO.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [VGAUtil] C:\Program Files\GigaByte\VGA Utility Manager\G-VGA.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Program Files\ATI Technologies\ATI HydraVision\HydraMD.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [EPSON Stylus DX5000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE /FU "C:\WINDOWS\TEMP\E_S56.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [BboxUpdate] C:\Program Files\BboxUpdate\BTLiveUpdate.exe
O4 - HKLM\..\Run: [soft2PC] "C:\Program Files\Soft2PC\soft2pc.exe"
O4 - HKLM\..\Run: [Helper] C:\Documents and Settings\Véronique\Application Data\Soft2PC\Software\SoftwareHP.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orange Desktop Search] "C:\Program Files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" /tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKCU\..\Run: [Security essentials 2010] C:\Program Files\Securityessentials2010\SE2010.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Bouygues Telecom Mes services en un clic.lnk = ?
O4 - Startup: Raccourci vers winvnc4.exe.lnk = D:\Installation\VNC4\winvnc4.exe
O4 - Startup: srvklw32.exe
O4 - Global Startup: gwum.lnk = C:\Program Files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\helpers32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.cyber-deployment.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.cyber-deployment.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Service Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 11323 bytes

Je ne veux pas trop jouer aux apprentis sorcier donc je vous laisse la main étant donné que mon niveau dans ma formation ne me permet pas de le désinfectés.
Merci d'avance !

Il y a donc au niveau des symptome de nombreuse pages de pubs et la page d'acceuil sur IE qui est Lo.st.(c'est pourquoi je pense que c'est une infection Eorezo^^ j'attend confirmation).

désolé pour le double post mais j'ai oublié de vous dire qu'une analyse complète de MBAM a été faite voici le rapport:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4377

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

01/08/2010 18:28:05
mbam-log-2010-08-01 (18-28-05).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 233172
Temps écoulé: 1 heure(s), 7 minute(s), 20 seconde(s)

Processus mémoire infecté(s): 4
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 13
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 54

Processus mémoire infecté(s):
C:\Documents and Settings\Véronique\Application Data\Soft2PC\Software\SoftwareHP.exe (Rogue.Eorezo) -> Unloaded process successfully.
C:\WINDOWS\system32\aspimgr.exe (Trojan.Danmec) -> Unloaded process successfully.
C:\Program Files\Securityessentials2010\SE2010.exe (Rogue.SecurityEssentials2010) -> Unloaded process successfully.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aspimgr (Trojan.Danmec) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SE2010 (Rogue.Securityessentials2010) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Sft (Backdoor.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\helper (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\security essentials 2010 (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon32.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\winlogon32.exe) Good: (userinit.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\Securityessentials2010 (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Véronique\Application Data\Soft2PC\Software\SoftwareHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Application Data\Soft2PC\Software\software.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\A6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\D.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\D1.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\D3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\1D.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\23.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\2E.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\36.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\38.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\100.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\106.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\108.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\10D.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\10F.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\11.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\12.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\14.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\16.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\19.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\B0.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\B2.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\C5.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\C7.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\CB.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\CD.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\F3.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\F5.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\FE.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temp\80.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Local Settings\Temp\A4.tmp (Rootkit.TDSS) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temporary Internet Files\Content.IE5\K8BJ2HLU\exe[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\aspimgr.exe (Trojan.Danmec) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4VEUU4HZ\exe[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\zbtlevqn.sys (Rootkit.Bubnix) -> Delete on reboot.
C:\WINDOWS\Temp\1B.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\1C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\~TM41.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Program Files\Securityessentials2010\SE2010.exe (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Bureau\Security essentials 2010.lnk (Rogue.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Security essentials 2010.lnk (Rogue.SecurityEssentials2010) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\helpers32.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\smss32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\warnings.html (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon32.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\irunin.bmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\irunin.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\irunin.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\irunin.lng (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\s32.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ws386.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Véronique\Menu Démarrer\Programmes\Démarrage\srvklw32.exe (Trojan.Agent) -> Delete on reboot.

de **ric025** » 01 Aoû 2010 19:15

Salut.

C'est pas un pc-test ?? Sérieusement, elle fait quoi ta voisine avec son pc ? Des cultures de malwares en laboratoire ? :lol:

Rootkit TDSS, Rogue ... Y'a pire que la pauvre ASK toolbar et Eorezo, crois-moi !

Utilises ce logiciel de diagnostic :

• Télécharges ZHPDiag
• Laisses toi guider lors de l'installation, il se lancera automatiquement à la fin.
• Cliques sur l'icône représentant une loupe (« Lancer le diagnostic »)
• Enregistres le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
• Héberges le rapport ZHPDiag.txt sur ce site, puis copies/colles le lien fourni dans ta prochaine réponse sur le forum.

++

de **fagorl** » 01 Aoû 2010 19:53

Voici le lien:

http://www.cijoint.fr/cjlink.php?file=c ... XwanVp.txt

Merci de prendre en charge cette désinfection Rico! :merci:

de **ric025** » 01 Aoû 2010 20:10

RE.

Télécharge AD-Remover (de C_XX) sur ton Bureau.
Clique sur TÉLÉCHARGER et enregistre-le sur ton bureau.
Déconnecte toi et ferme toutes les applications en cours
Double-clique sur l'icône AD-Remover, le programme s'installera automatiquement.
Sous Vista et Windows 7 : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal, clique sur "Nettoyer".
Confirme le lancement de l'analyse et laisse l'outil travailler.
Une fois le nettoyage terminé, AD-Remover te demandera de redémarrer l'ordinateur pour finaliser le nettoyage.. Clique sur Oui.
Ensuite poste le rapport qui est sauvegardé à cet endroit C:\Ad-Report-CLEAN[1].txt

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Tutoriel pour t'aider

++

de **fagorl** » 01 Aoû 2010 21:03

======= RAPPORT D'AD-REMOVER 2.0.0.1,D | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par C_XX le 26/07/10 à 12:00
Contact: AdRemover.contact[AT]gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html

C:\Program Files\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 21:53:00 le 01/08/2010, Mode normal

Microsoft Windows XP Édition familiale Service Pack 3 (X86)
Véronique@ORDIROUCHER ( )

============== ACTION(S) ==============

0,Fichier supprimé: C:\DOCUME~1\VRONIQ~1\LOCALS~1\Temp\ASKSUTBLOG
0,Dossier supprimé: C:\Program Files\Ask.com
0,Dossier supprimé: C:\Documents and Settings\Véronique\Application Data\Soft2PC
0,Dossier supprimé: C:\Documents and Settings\Véronique\Local Settings\Application Data\Soft2PC
0,Dossier supprimé: C:\Program Files\Soft2PC

(!) -- Fichiers temporaires supprimés.

-- Fichier ouvert: C:\Documents and Settings\Véronique\Application Data\Mozilla\FireFox\Profiles\c5cr9c6x.default\Prefs.js --
Ligne supprimée: user_pref("browser.startup.homepage", "hxxp://y.lo.st");
-- Fichier Fermé --

1,Clé supprimée: HKLM\Software\Classes\CLSID\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
1,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
1,Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3475D2C4-BBD1-4255-A70D-4125A4D30956}
1,Clé supprimée: HKLM\Software\Classes\Interface\{CC883F50-95BB-4A25-9DBF-B801506F1BC4}
1,Clé supprimée: HKLM\Software\Classes\TypeLib\{B52F3553-49FA-4599-81A4-F98951E0B53B}
0,Clé supprimée: HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO
0,Clé supprimée: HKLM\Software\Classes\SoftwareBHO.SOFT2PCBHO.1
0,Clé supprimée: HKLM\Software\Classes\AppID\Soft2PCBHO.DLL
1,Clé supprimée: HKLM\Software\Classes\AppID\{AB67D16D-3824-4683-B81A-D66DBA61B1AF}
0,Clé supprimée: HKLM\Software\soft2PC
0,Clé supprimée: HKCU\Software\soft2PC
3,Clé supprimée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Soft2PC_is1
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Software_is1
0,Clé supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft2PC_is1

0,Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Run|soft2PC
0,Valeur supprimée: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser|{D4027C7F-154A-4066-A1AD-4243D8127440}

============== SCAN ADDITIONNEL ==============

** Mozilla Firefox Version [Impossible d'obtenir la version] **

-- C:\Documents and Settings\Véronique\Application Data\Mozilla\FireFox\Profiles\c5cr9c6x.default\Prefs.js --
browser.startup.homepage_override.mstone, rv:1.9.1.9

========================================

** Internet Explorer Version [8.0.6001.18702] **

[HKCU\Software\Microsoft\Internet Explorer\Main]
AutoHide: yes
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dl ... ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Do404Search: 0x01000000
Enable Browser Extensions: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\Main]
Default_Page_URL: hxxp://go.microsoft.com/fwlink/?LinkId=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Search bar: hxxp://search.msn.com/spbasic.htm
Search Page: hxxp://www.microsoft.com/isapi/redir.dl ... r=iesearch
Start Page: hxxp://fr.msn.com/

[HKLM\Software\Microsoft\Internet Explorer\ABOUTURLS]
Tabs: res://ieframe.dll/tabswelcome.htm
Blank: res://mshtml.dll/blank.htm

========================================

C:\Program Files\Ad-Remover\Quarantine: 38 Fichier(s)
C:\Program Files\Ad-Remover\Backup: 15 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 01/08/2010 (2645 Octet(s))
C:\Ad-Report-SCAN[1].txt - 01/08/2010 (4152 Octet(s))

Fin à: 21:55:48, 01/08/2010

============== E.O.F ==============

de **ric025** » 02 Aoû 2010 12:54

Bonjour.

Ok ! :good:

Peux-tu repasser MBAM en examen rapide et poster le rapport.

Puis un nouveau ZHPDiag stp.

++

de **fagorl** » 02 Aoû 2010 16:42

Voici le rapport MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4377

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

02/08/2010 17:38:12
mbam-log-2010-08-02 (17-38-12).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 132828
Temps écoulé: 7 minute(s), 37 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\drivers\zbtlevqn.sys (Rootkit.Bubnix) -> Delete on reboot.
C:\Documents and Settings\Véronique\Local Settings\Temporary Internet Files\Content.IE5\AB1LDJ7H\exe[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

de **fagorl** » 02 Aoû 2010 17:08

Et (encore dsl pour le double post) voici le rapport ZHPDiag:

http://www.cijoint.fr/cjlink.php?file=c ... 9ijGdt.txt
je croit qu'il reste une infections rootkits car à la fin du rapport il y a ça:

detected MBR rootkit hooks:
\Driver\atapi -> 0x825fe008
Warning: possible MBR rootkit infection !

C'est grave? :affraid:

PS: à chaque fois sur son PC, je n'arrive pas à héberger les fichier il me met connexion impossible à la page web du coup je suis obligé de repasser par mon PC pour poster les rapports ( ce qui explique les doubles post) donc ma question est simple^^ pourquoi?

de **ric025** » 02 Aoû 2010 17:34

Bonsoir.

Invité a écrit:donc ma question est simple^^ pourquoi?

Ben, certainement l'infection !

/!\ Attention /!\
Le logiciel qui suit peut faire des dégâts en cas de mauvaise utilisation ! A utiliser uniquement avec une aide appropriée.

/!\ Désactive tous tes logiciels de protection /!\

• Télécharge ComboFix (de sUBs) sur ton Bureau.
• Double-clique sur ComboFix.exe afin de le lancer.
• Si tu es sous Windows XP, il va te demander d'installer la console de récupération : tu dois absolument accepter.
• Ne touche à rien pendant le scan.
• Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Tutoriel officiel de Combofix : http://www.bleepingcomputer.com/combofi ... r-combofix

de **fagorl** » 03 Aoû 2010 12:01

Voici le rapport combofix:

ComboFix 10-08-02.03 - Véronique 03/08/2010 10:35:45.1.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.294 [GMT 2:00]
Lancé depuis: G:\ComboFix.exe
AV: AntiVir Personal Edition *On-access scanning disabled* (Outdated) {F50D9AC1-6409-476C-A8D6-8F5F82336C8F}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Internet Explorer\ws2help.dll
c:\windows\g32.txt
c:\windows\gs32.txt
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\Thumbs.db

Une copie infectée de c:\windows\system32\drivers\gagp30kx.sys a été trouvée et désinfectée
Copie restaurée à partir de - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPIMGR

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-03 au 2010-08-03 ))))))))))))))))))))))))))))))))))))
.

2010-08-01 20:00 . 2010-08-03 08:44 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-08-01 19:23 . 2010-08-01 19:54 -------- d-----w- c:\program files\Ad-Remover
2010-08-01 18:33 . 2010-08-02 15:41 -------- d-----w- c:\program files\ZHPDiag
2010-08-01 16:57 . 2010-08-01 16:56 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 16:50 . 2010-08-01 16:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-01 16:46 . 2010-08-01 16:46 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-01 16:45 . 2010-08-01 16:46 -------- dc-h--w- c:\windows\ie8
2010-08-01 15:17 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-01 15:17 . 2010-08-01 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-01 15:17 . 2010-08-01 16:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 15:17 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 15:07 . 2010-08-01 15:07 -------- d-----w- c:\program files\CCleaner
2010-07-22 21:52 . 2010-08-03 08:45 767488 ----a-w- c:\windows\system32\drivers\hnivyu.sys
2010-07-15 10:50 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-01 20:11 . 2005-01-26 10:34 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-08-01 16:57 . 2006-11-04 17:41 -------- d-----w- c:\program files\Fichiers communs\Java
2010-08-01 16:56 . 2006-04-19 17:08 -------- d-----w- c:\program files\Java
2010-07-31 18:13 . 2007-02-19 16:11 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-07-22 21:52 . 2010-07-22 21:52 24 ----a-w- c:\windows\system32\config\systemprofile\Application Data\hwzypv.dat
2010-07-22 09:16 . 2010-07-15 11:10 24 ----a-w- c:\documents and settings\NetworkService\Application Data\hwzypv.dat
2010-06-23 21:27 . 2004-08-05 12:00 80856 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-23 21:27 . 2004-08-05 12:00 500814 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-23 09:20 . 2010-06-23 09:20 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb6.tmp.exe
2010-06-14 14:31 . 2005-01-26 09:57 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-05 10:15 . 2005-01-26 10:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 10:14 . 2010-05-08 09:07 -------- d-----w- c:\program files\Steam
2010-06-05 09:55 . 2010-06-05 09:55 0 ----a-w- c:\windows\nsreg.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Orange Desktop Search"="c:\program files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2007-01-17 4938016]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2004-09-17 552960]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 270336]
"HydraVisionViewport"="c:\program files\ATI Technologies\ATI HydraVision\HydraMD.exe" [2003-04-01 364544]
"AVGCtrl"="c:\program files\AVPersonal\AVGNT.EXE" [2004-11-08 127016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Resume copy"="copyfstq.exe" [2002-03-24 46080]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"BboxUpdate"="c:\program files\BboxUpdate\BTLiveUpdate.exe" [2008-08-06 103936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
gwum.lnk - c:\program files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe [2005-1-26 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-1-26 561152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Installation\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Gigabyte\\VGA Utility Manager\\G-vga.exe"=
"d:\\hl2\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bbox\\eSKernel.exe"=
"c:\\Program Files\\BboxUpdate\\BTLiveUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12678:TCP"= 12678:TCP:NortonAV
"15106:TCP"= 15106:TCP:NortonAV
"17642:TCP"= 17642:TCP:NortonAV
"16181:TCP"= 16181:TCP:NortonAV
"18522:TCP"= 18522:TCP:NortonAV
"12464:TCP"= 12464:TCP:NortonAV
"18977:TCP"= 18977:TCP:NortonAV
"17629:TCP"= 17629:TCP:NortonAV
"17791:TCP"= 17791:TCP:NortonAV
"18533:TCP"= 18533:TCP:NortonAV
"18700:TCP"= 18700:TCP:NortonAV
"16524:TCP"= 16524:TCP:NortonAV
"18081:TCP"= 18081:TCP:NortonAV
"13041:TCP"= 13041:TCP:NortonAV
"12544:TCP"= 12544:TCP:NortonAV
"17537:TCP"= 17537:TCP:NortonAV
"17844:TCP"= 17844:TCP:NortonAV
"12818:TCP"= 12818:TCP:NortonAV
"15064:TCP"= 15064:TCP:NortonAV
"15751:TCP"= 15751:TCP:NortonAV
"12833:TCP"= 12833:TCP:NortonAV
"18227:TCP"= 18227:TCP:NortonAV
"15581:TCP"= 15581:TCP:NortonAV
"14546:TCP"= 14546:TCP:NortonAV
"13045:TCP"= 13045:TCP:NortonAV
"17431:TCP"= 17431:TCP:NortonAV
"12567:TCP"= 12567:TCP:NortonAV
"13173:TCP"= 13173:TCP:NortonAV
"16624:TCP"= 16624:TCP:NortonAV
"16217:TCP"= 16217:TCP:NortonAV
"15457:TCP"= 15457:TCP:NortonAV
"15226:TCP"= 15226:TCP:NortonAV
"18980:TCP"= 18980:TCP:NortonAV
"18857:TCP"= 18857:TCP:NortonAV
"14974:TCP"= 14974:TCP:NortonAV
"18489:TCP"= 18489:TCP:NortonAV
"16124:TCP"= 16124:TCP:NortonAV
"18764:TCP"= 18764:TCP:NortonAV
"15631:TCP"= 15631:TCP:NortonAV
"16759:TCP"= 16759:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"18383:TCP"= 18383:TCP:NortonAV
"12864:TCP"= 12864:TCP:NortonAV
"15700:TCP"= 15700:TCP:NortonAV
"18355:TCP"= 18355:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"17062:TCP"= 17062:TCP:NortonAV
"17436:TCP"= 17436:TCP:NortonAV
"17170:TCP"= 17170:TCP:NortonAV
"13322:TCP"= 13322:TCP:NortonAV
"15527:TCP"= 15527:TCP:NortonAV
"14752:TCP"= 14752:TCP:NortonAV
"16029:TCP"= 16029:TCP:NortonAV
"13555:TCP"= 13555:TCP:NortonAV
"12874:TCP"= 12874:TCP:NortonAV
"16945:TCP"= 16945:TCP:NortonAV
"15627:TCP"= 15627:TCP:NortonAV
"18785:TCP"= 18785:TCP:NortonAV
"13731:TCP"= 13731:TCP:NortonAV
"16088:TCP"= 16088:TCP:NortonAV
"16052:TCP"= 16052:TCP:NortonAV
"14639:TCP"= 14639:TCP:NortonAV
"17577:TCP"= 17577:TCP:NortonAV
"14783:TCP"= 14783:TCP:NortonAV
"14540:TCP"= 14540:TCP:NortonAV
"12601:TCP"= 12601:TCP:NortonAV
"16199:TCP"= 16199:TCP:NortonAV
"12148:TCP"= 12148:TCP:NortonAV
"15635:TCP"= 15635:TCP:NortonAV
"17307:TCP"= 17307:TCP:NortonAV
"14555:TCP"= 14555:TCP:NortonAV
"18413:TCP"= 18413:TCP:NortonAV
"15272:TCP"= 15272:TCP:NortonAV
"13651:TCP"= 13651:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"18825:TCP"= 18825:TCP:NortonAV
"14231:TCP"= 14231:TCP:NortonAV
"12381:TCP"= 12381:TCP:NortonAV
"13627:TCP"= 13627:TCP:NortonAV
"18609:TCP"= 18609:TCP:NortonAV
"16841:TCP"= 16841:TCP:NortonAV
"13799:TCP"= 13799:TCP:NortonAV
"14399:TCP"= 14399:TCP:NortonAV
"18243:TCP"= 18243:TCP:NortonAV
"16383:TCP"= 16383:TCP:NortonAV
"17684:TCP"= 17684:TCP:NortonAV
"17411:TCP"= 17411:TCP:NortonAV
"15399:TCP"= 15399:TCP:NortonAV
"15061:TCP"= 15061:TCP:NortonAV
"16476:TCP"= 16476:TCP:NortonAV
"18231:TCP"= 18231:TCP:NortonAV
"12106:TCP"= 12106:TCP:NortonAV
"15217:TCP"= 15217:TCP:NortonAV
"13822:TCP"= 13822:TCP:NortonAV
"13450:TCP"= 13450:TCP:NortonAV
"12745:TCP"= 12745:TCP:NortonAV
"16876:TCP"= 16876:TCP:NortonAV
"16806:TCP"= 16806:TCP:NortonAV
"14040:TCP"= 14040:TCP:NortonAV
"15919:TCP"= 15919:TCP:NortonAV
"15392:TCP"= 15392:TCP:NortonAV
"12114:TCP"= 12114:TCP:NortonAV
"16540:TCP"= 16540:TCP:NortonAV
"13089:TCP"= 13089:TCP:NortonAV
"13429:TCP"= 13429:TCP:NortonAV
"16312:TCP"= 16312:TCP:NortonAV
"13830:TCP"= 13830:TCP:NortonAV
"13289:TCP"= 13289:TCP:NortonAV
"14339:TCP"= 14339:TCP:NortonAV
"16986:TCP"= 16986:TCP:NortonAV
"15223:TCP"= 15223:TCP:NortonAV
"13369:TCP"= 13369:TCP:NortonAV
"17320:TCP"= 17320:TCP:NortonAV
"13508:TCP"= 13508:TCP:NortonAV
"18172:TCP"= 18172:TCP:NortonAV
"14696:TCP"= 14696:TCP:NortonAV
"12829:TCP"= 12829:TCP:NortonAV
"17797:TCP"= 17797:TCP:NortonAV
"15962:TCP"= 15962:TCP:NortonAV
"16519:TCP"= 16519:TCP:NortonAV
"14607:TCP"= 14607:TCP:NortonAV
"14144:TCP"= 14144:TCP:NortonAV
"15505:TCP"= 15505:TCP:NortonAV
"15328:TCP"= 15328:TCP:NortonAV
"15600:TCP"= 15600:TCP:NortonAV
"12979:TCP"= 12979:TCP:NortonAV
"16194:TCP"= 16194:TCP:NortonAV
"17948:TCP"= 17948:TCP:NortonAV
"16193:TCP"= 16193:TCP:NortonAV
"12662:TCP"= 12662:TCP:NortonAV
"15396:TCP"= 15396:TCP:NortonAV
"16579:TCP"= 16579:TCP:NortonAV
"13442:TCP"= 13442:TCP:NortonAV
"13214:TCP"= 13214:TCP:NortonAV
"13513:TCP"= 13513:TCP:NortonAV
"13107:TCP"= 13107:TCP:NortonAV
"13636:TCP"= 13636:TCP:NortonAV
"14653:TCP"= 14653:TCP:NortonAV
"14153:TCP"= 14153:TCP:NortonAV
"14934:TCP"= 14934:TCP:NortonAV
"13528:TCP"= 13528:TCP:NortonAV
"13419:TCP"= 13419:TCP:NortonAV
"12140:TCP"= 12140:TCP:NortonAV
"17016:TCP"= 17016:TCP:NortonAV
"15987:TCP"= 15987:TCP:NortonAV
"16398:TCP"= 16398:TCP:NortonAV
"15388:TCP"= 15388:TCP:NortonAV
"15852:TCP"= 15852:TCP:NortonAV
"12798:TCP"= 12798:TCP:NortonAV
"12418:TCP"= 12418:TCP:NortonAV
"18495:TCP"= 18495:TCP:NortonAV
"18304:TCP"= 18304:TCP:NortonAV
"17539:TCP"= 17539:TCP:NortonAV
"16375:TCP"= 16375:TCP:NortonAV
"15032:TCP"= 15032:TCP:NortonAV
"12565:TCP"= 12565:TCP:NortonAV
"16355:TCP"= 16355:TCP:NortonAV
"18974:TCP"= 18974:TCP:NortonAV
"17046:TCP"= 17046:TCP:NortonAV
"17269:TCP"= 17269:TCP:NortonAV
"12532:TCP"= 12532:TCP:NortonAV
"15706:TCP"= 15706:TCP:NortonAV
"16346:TCP"= 16346:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13043:TCP"= 13043:TCP:NortonAV
"18749:TCP"= 18749:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"14009:TCP"= 14009:TCP:NortonAV
"16078:TCP"= 16078:TCP:NortonAV
"18006:TCP"= 18006:TCP:NortonAV
"18229:TCP"= 18229:TCP:NortonAV
"17311:TCP"= 17311:TCP:NortonAV
"14373:TCP"= 14373:TCP:NortonAV
"13866:TCP"= 13866:TCP:NortonAV
"14884:TCP"= 14884:TCP:NortonAV
"13774:TCP"= 13774:TCP:NortonAV
"17580:TCP"= 17580:TCP:NortonAV
"12340:TCP"= 12340:TCP:NortonAV
"17680:TCP"= 17680:TCP:NortonAV
"16785:TCP"= 16785:TCP:NortonAV
"13439:TCP"= 13439:TCP:NortonAV
"17160:TCP"= 17160:TCP:NortonAV
"18889:TCP"= 18889:TCP:NortonAV
"12073:TCP"= 12073:TCP:NortonAV
"16548:TCP"= 16548:TCP:NortonAV
"16481:TCP"= 16481:TCP:NortonAV
"17341:TCP"= 17341:TCP:NortonAV
"16623:TCP"= 16623:TCP:NortonAV
"16709:TCP"= 16709:TCP:NortonAV
"14055:TCP"= 14055:TCP:NortonAV
"15069:TCP"= 15069:TCP:NortonAV
"18230:TCP"= 18230:TCP:NortonAV
"16706:TCP"= 16706:TCP:NortonAV
"12948:TCP"= 12948:TCP:NortonAV
"13855:TCP"= 13855:TCP:NortonAV
"17859:TCP"= 17859:TCP:NortonAV
"14227:TCP"= 14227:TCP:NortonAV
"16155:TCP"= 16155:TCP:NortonAV
"16136:TCP"= 16136:TCP:NortonAV
"15734:TCP"= 15734:TCP:NortonAV
"16688:TCP"= 16688:TCP:NortonAV
"14979:TCP"= 14979:TCP:NortonAV
"16382:TCP"= 16382:TCP:NortonAV
"17656:TCP"= 17656:TCP:NortonAV
"12310:TCP"= 12310:TCP:NortonAV
"17389:TCP"= 17389:TCP:NortonAV
"12199:TCP"= 12199:TCP:NortonAV
"15856:TCP"= 15856:TCP:NortonAV
"15176:TCP"= 15176:TCP:NortonAV
"17879:TCP"= 17879:TCP:NortonAV
"18331:TCP"= 18331:TCP:NortonAV
"13031:TCP"= 13031:TCP:NortonAV
"15968:TCP"= 15968:TCP:NortonAV
"17309:TCP"= 17309:TCP:NortonAV
"14077:TCP"= 14077:TCP:NortonAV
"13786:TCP"= 13786:TCP:NortonAV
"16942:TCP"= 16942:TCP:NortonAV
"13378:TCP"= 13378:TCP:NortonAV
"16260:TCP"= 16260:TCP:NortonAV
"15212:TCP"= 15212:TCP:NortonAV
"18623:TCP"= 18623:TCP:NortonAV
"16899:TCP"= 16899:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"12749:TCP"= 12749:TCP:NortonAV
"17363:TCP"= 17363:TCP:NortonAV
"15887:TCP"= 15887:TCP:NortonAV
"16442:TCP"= 16442:TCP:NortonAV
"12108:TCP"= 12108:TCP:NortonAV
"18122:TCP"= 18122:TCP:NortonAV
"18028:TCP"= 18028:TCP:NortonAV
"16221:TCP"= 16221:TCP:NortonAV
"17878:TCP"= 17878:TCP:NortonAV
"14832:TCP"= 14832:TCP:NortonAV
"13966:TCP"= 13966:TCP:NortonAV
"16308:TCP"= 16308:TCP:NortonAV
"16387:TCP"= 16387:TCP:NortonAV
"14628:TCP"= 14628:TCP:NortonAV
"18458:TCP"= 18458:TCP:NortonAV
"17739:TCP"= 17739:TCP:NortonAV
"12762:TCP"= 12762:TCP:NortonAV
"16203:TCP"= 16203:TCP:NortonAV
"18190:TCP"= 18190:TCP:NortonAV
"13223:TCP"= 13223:TCP:NortonAV
"17802:TCP"= 17802:TCP:NortonAV
"18105:TCP"= 18105:TCP:NortonAV
"18719:TCP"= 18719:TCP:NortonAV
"14265:TCP"= 14265:TCP:NortonAV
"18152:TCP"= 18152:TCP:NortonAV
"17556:TCP"= 17556:TCP:NortonAV
"14785:TCP"= 14785:TCP:NortonAV
"15094:TCP"= 15094:TCP:NortonAV
"17279:TCP"= 17279:TCP:NortonAV
"13703:TCP"= 13703:TCP:NortonAV
"14256:TCP"= 14256:TCP:NortonAV

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [26/01/2005 13:30 5248]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [26/01/2005 12:28 24539]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [26/01/2005 12:28 75904]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [27/01/2005 17:17 75264]
R2 AVWUpSrv;AntiVir Update;c:\program files\AVPersonal\AVWUPSRV.EXE [26/01/2005 12:56 36864]
R3 avgntdd;avgntdd;c:\program files\AVPersonal\AVGNTDD.SYS [10/12/2004 13:46 32560]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [01/08/2010 22:00 23524]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\Gigabyte Windows Utility Manager\MARKFUN.W32 [26/01/2005 12:35 8236]
R3 WMIBIOS;%WMIBIOS.ServiceName%;c:\windows\system32\drivers\wmibios.sys [26/01/2005 12:37 18272]
R3 WMIINFO;WMIINFO Driver;c:\windows\system32\drivers\wmiinfo.sys [26/01/2005 12:37 21184]
S0 zbtlevqn;zbtlevqn; [x]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 23:44 135664]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S3 huadio;huadio;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [26/01/2005 13:30 160640]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - hnivyu
.
Contenu du dossier 'Tâches planifiées'

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 21:44]

2010-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 21:44]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.bbox.bouyguestelecom.fr/pid3 ... rtail.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: cyber-deployment.com
Trusted Zone: cyber-deployment.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 10:44
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\huadio]
"ImagePath"="\??\c:\huadio.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\Gigabyte Windows Utility Manager\markfun.w32"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hnivyu]

.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1716)
c:\program files\ATI Technologies\ATI HydraVision\HydraDMH.dll
c:\program files\ATI Technologies\ATI HydraVision\HydraMDH.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\AVPersonal\AVGUARD.EXE
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SOUNDMAN.EXE
d:\installation\VNC4\winvnc4.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Heure de fin: 2010-08-03 10:49:27 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-08-03 08:49

Avant-CF: 1 396 617 216 octets libres
Après-CF: 1 610 817 536 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

- - End Of File - - B4A3CC8566D8D55074113C7EF65BD2DD

de **ric025** » 03 Aoû 2010 13:10

Ok on continue.

/!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour fagorl, il n'est pas transposable sur un autre ordinateur !

Tu dois avoir l'icône Combofix sur ton bureau.

• Télécharge ce dossier http://sd-1.archive-host.com/membres/up ... Script.zip
• Fais un clic-droit dessus --> Extraire tout --> choisis le Bureau comme destination
• Un fichier CFScript.txt se trouve à l'intérieur et se place sur le Bureau.

• Désactive tes logiciels de protection
• Fais un glisser/déposer de ce fichier CFScript.txt sur le fichier Combofix.exe (comme sur cette image :

)
• Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
• Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
• Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

++

de **fagorl** » 03 Aoû 2010 22:48

Voici le râpport (un peu tard^^),

ComboFix 10-08-02.03 - Véronique 03/08/2010 20:04:44.2.1 - x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.511.232 [GMT 2:00]
Lancé depuis: c:\documents and settings\Véronique\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Véronique\Bureau\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\NetworkService\Application Data\hwzypv.dat"
"c:\windows\system32\config\systemprofile\Application Data\hwzypv.dat"
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\NetworkService\Application Data\hwzypv.dat
c:\program files\Windows Live\Messenger\ws2help.dll
c:\program files\Windows Media Player\ws2help.dll
c:\windows\system32\config\systemprofile\Application Data\hwzypv.dat

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HNIVYU
-------\Legacy_HUADIO
-------\Legacy_MARKFUN_NT
-------\Service_hnivyu
-------\Service_huadio
-------\Service_MarkFun_NT

((((((((((((((((((((((((((((( Fichiers créés du 2010-07-03 au 2010-08-03 ))))))))))))))))))))))))))))))))))))
.

2010-08-03 11:54 . 2009-11-25 10:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-03 11:54 . 2009-03-30 08:32 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-08-03 11:54 . 2009-02-13 10:28 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-08-03 11:54 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-08-03 11:54 . 2010-08-03 11:54 -------- d-----w- c:\program files\Avira
2010-08-03 11:54 . 2010-08-03 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-08-01 20:00 . 2010-08-03 18:14 23524 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-08-01 19:23 . 2010-08-01 19:54 -------- d-----w- c:\program files\Ad-Remover
2010-08-01 18:33 . 2010-08-02 15:41 -------- d-----w- c:\program files\ZHPDiag
2010-08-01 16:57 . 2010-08-01 16:56 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-01 16:50 . 2010-08-01 16:50 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-08-01 16:46 . 2010-08-01 16:46 -------- d--h--w- c:\windows\msdownld.tmp
2010-08-01 16:45 . 2010-08-01 16:46 -------- dc-h--w- c:\windows\ie8
2010-08-01 15:17 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-01 15:17 . 2010-08-01 15:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-01 15:17 . 2010-08-01 16:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-01 15:17 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-01 15:07 . 2010-08-01 15:07 -------- d-----w- c:\program files\CCleaner
2010-07-15 10:50 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-03 11:54 . 2005-01-26 10:56 -------- d-----w- c:\program files\AVPersonal
2010-08-01 20:11 . 2005-01-26 10:34 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-08-01 16:57 . 2006-11-04 17:41 -------- d-----w- c:\program files\Fichiers communs\Java
2010-08-01 16:56 . 2006-04-19 17:08 -------- d-----w- c:\program files\Java
2010-07-31 18:13 . 2007-02-19 16:11 -------- d-----w- c:\program files\ABBYY FineReader 6.0 Sprint
2010-06-23 21:27 . 2004-08-05 12:00 80856 ----a-w- c:\windows\system32\perfc00C.dat
2010-06-23 21:27 . 2004-08-05 12:00 500814 ----a-w- c:\windows\system32\perfh00C.dat
2010-06-23 09:20 . 2010-06-23 09:20 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb6.tmp.exe
2010-06-14 14:31 . 2005-01-26 09:57 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-05 10:15 . 2005-01-26 10:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-05 10:14 . 2010-05-08 09:07 -------- d-----w- c:\program files\Steam
2010-06-05 09:55 . 2010-06-05 09:55 0 ----a-w- c:\windows\nsreg.dat
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"Orange Desktop Search"="c:\program files\Orange HSS\Orange Desktop Search\OrangeDesktopSearch.exe" [2007-01-17 4938016]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 65536]
"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2004-09-17 552960]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 270336]
"HydraVisionViewport"="c:\program files\ATI Technologies\ATI HydraVision\HydraMD.exe" [2003-04-01 364544]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Resume copy"="copyfstq.exe" [2002-03-24 46080]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-05-14 248552]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"BboxUpdate"="c:\program files\BboxUpdate\BTLiveUpdate.exe" [2008-08-06 103936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
gwum.lnk - c:\program files\Gigabyte\Gigabyte Windows Utility Manager\gwum.exe [2005-1-26 471040]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
VIA RAID TOOL.lnk - c:\program files\VIA\RAID\raid_tool.exe [2005-1-26 561152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Installation\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Gigabyte\\VGA Utility Manager\\G-vga.exe"=
"d:\\hl2\\hl2.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bbox\\eSKernel.exe"=
"c:\\Program Files\\BboxUpdate\\BTLiveUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12678:TCP"= 12678:TCP:NortonAV
"15106:TCP"= 15106:TCP:NortonAV
"17642:TCP"= 17642:TCP:NortonAV
"16181:TCP"= 16181:TCP:NortonAV
"18522:TCP"= 18522:TCP:NortonAV
"12464:TCP"= 12464:TCP:NortonAV
"18977:TCP"= 18977:TCP:NortonAV
"17629:TCP"= 17629:TCP:NortonAV
"17791:TCP"= 17791:TCP:NortonAV
"18533:TCP"= 18533:TCP:NortonAV
"18700:TCP"= 18700:TCP:NortonAV
"16524:TCP"= 16524:TCP:NortonAV
"18081:TCP"= 18081:TCP:NortonAV
"13041:TCP"= 13041:TCP:NortonAV
"12544:TCP"= 12544:TCP:NortonAV
"17537:TCP"= 17537:TCP:NortonAV
"17844:TCP"= 17844:TCP:NortonAV
"12818:TCP"= 12818:TCP:NortonAV
"15064:TCP"= 15064:TCP:NortonAV
"15751:TCP"= 15751:TCP:NortonAV
"12833:TCP"= 12833:TCP:NortonAV
"18227:TCP"= 18227:TCP:NortonAV
"15581:TCP"= 15581:TCP:NortonAV
"14546:TCP"= 14546:TCP:NortonAV
"13045:TCP"= 13045:TCP:NortonAV
"17431:TCP"= 17431:TCP:NortonAV
"12567:TCP"= 12567:TCP:NortonAV
"13173:TCP"= 13173:TCP:NortonAV
"16624:TCP"= 16624:TCP:NortonAV
"16217:TCP"= 16217:TCP:NortonAV
"15457:TCP"= 15457:TCP:NortonAV
"15226:TCP"= 15226:TCP:NortonAV
"18980:TCP"= 18980:TCP:NortonAV
"18857:TCP"= 18857:TCP:NortonAV
"14974:TCP"= 14974:TCP:NortonAV
"18489:TCP"= 18489:TCP:NortonAV
"16124:TCP"= 16124:TCP:NortonAV
"18764:TCP"= 18764:TCP:NortonAV
"15631:TCP"= 15631:TCP:NortonAV
"16759:TCP"= 16759:TCP:NortonAV
"15358:TCP"= 15358:TCP:NortonAV
"18383:TCP"= 18383:TCP:NortonAV
"12864:TCP"= 12864:TCP:NortonAV
"15700:TCP"= 15700:TCP:NortonAV
"18355:TCP"= 18355:TCP:NortonAV
"16824:TCP"= 16824:TCP:NortonAV
"17062:TCP"= 17062:TCP:NortonAV
"17436:TCP"= 17436:TCP:NortonAV
"17170:TCP"= 17170:TCP:NortonAV
"13322:TCP"= 13322:TCP:NortonAV
"15527:TCP"= 15527:TCP:NortonAV
"14752:TCP"= 14752:TCP:NortonAV
"16029:TCP"= 16029:TCP:NortonAV
"13555:TCP"= 13555:TCP:NortonAV
"12874:TCP"= 12874:TCP:NortonAV
"16945:TCP"= 16945:TCP:NortonAV
"15627:TCP"= 15627:TCP:NortonAV
"18785:TCP"= 18785:TCP:NortonAV
"13731:TCP"= 13731:TCP:NortonAV
"16088:TCP"= 16088:TCP:NortonAV
"16052:TCP"= 16052:TCP:NortonAV
"14639:TCP"= 14639:TCP:NortonAV
"17577:TCP"= 17577:TCP:NortonAV
"14783:TCP"= 14783:TCP:NortonAV
"14540:TCP"= 14540:TCP:NortonAV
"12601:TCP"= 12601:TCP:NortonAV
"16199:TCP"= 16199:TCP:NortonAV
"12148:TCP"= 12148:TCP:NortonAV
"15635:TCP"= 15635:TCP:NortonAV
"17307:TCP"= 17307:TCP:NortonAV
"14555:TCP"= 14555:TCP:NortonAV
"18413:TCP"= 18413:TCP:NortonAV
"15272:TCP"= 15272:TCP:NortonAV
"13651:TCP"= 13651:TCP:NortonAV
"17136:TCP"= 17136:TCP:NortonAV
"18825:TCP"= 18825:TCP:NortonAV
"14231:TCP"= 14231:TCP:NortonAV
"12381:TCP"= 12381:TCP:NortonAV
"13627:TCP"= 13627:TCP:NortonAV
"18609:TCP"= 18609:TCP:NortonAV
"16841:TCP"= 16841:TCP:NortonAV
"13799:TCP"= 13799:TCP:NortonAV
"14399:TCP"= 14399:TCP:NortonAV
"18243:TCP"= 18243:TCP:NortonAV
"16383:TCP"= 16383:TCP:NortonAV
"17684:TCP"= 17684:TCP:NortonAV
"17411:TCP"= 17411:TCP:NortonAV
"15399:TCP"= 15399:TCP:NortonAV
"15061:TCP"= 15061:TCP:NortonAV
"16476:TCP"= 16476:TCP:NortonAV
"18231:TCP"= 18231:TCP:NortonAV
"12106:TCP"= 12106:TCP:NortonAV
"15217:TCP"= 15217:TCP:NortonAV
"13822:TCP"= 13822:TCP:NortonAV
"13450:TCP"= 13450:TCP:NortonAV
"12745:TCP"= 12745:TCP:NortonAV
"16876:TCP"= 16876:TCP:NortonAV
"16806:TCP"= 16806:TCP:NortonAV
"14040:TCP"= 14040:TCP:NortonAV
"15919:TCP"= 15919:TCP:NortonAV
"15392:TCP"= 15392:TCP:NortonAV
"12114:TCP"= 12114:TCP:NortonAV
"16540:TCP"= 16540:TCP:NortonAV
"13089:TCP"= 13089:TCP:NortonAV
"13429:TCP"= 13429:TCP:NortonAV
"16312:TCP"= 16312:TCP:NortonAV
"13830:TCP"= 13830:TCP:NortonAV
"13289:TCP"= 13289:TCP:NortonAV
"14339:TCP"= 14339:TCP:NortonAV
"16986:TCP"= 16986:TCP:NortonAV
"15223:TCP"= 15223:TCP:NortonAV
"13369:TCP"= 13369:TCP:NortonAV
"17320:TCP"= 17320:TCP:NortonAV
"13508:TCP"= 13508:TCP:NortonAV
"18172:TCP"= 18172:TCP:NortonAV
"14696:TCP"= 14696:TCP:NortonAV
"12829:TCP"= 12829:TCP:NortonAV
"17797:TCP"= 17797:TCP:NortonAV
"15962:TCP"= 15962:TCP:NortonAV
"16519:TCP"= 16519:TCP:NortonAV
"14607:TCP"= 14607:TCP:NortonAV
"14144:TCP"= 14144:TCP:NortonAV
"15505:TCP"= 15505:TCP:NortonAV
"15328:TCP"= 15328:TCP:NortonAV
"15600:TCP"= 15600:TCP:NortonAV
"12979:TCP"= 12979:TCP:NortonAV
"16194:TCP"= 16194:TCP:NortonAV
"17948:TCP"= 17948:TCP:NortonAV
"16193:TCP"= 16193:TCP:NortonAV
"12662:TCP"= 12662:TCP:NortonAV
"15396:TCP"= 15396:TCP:NortonAV
"16579:TCP"= 16579:TCP:NortonAV
"13442:TCP"= 13442:TCP:NortonAV
"13214:TCP"= 13214:TCP:NortonAV
"13513:TCP"= 13513:TCP:NortonAV
"13107:TCP"= 13107:TCP:NortonAV
"13636:TCP"= 13636:TCP:NortonAV
"14653:TCP"= 14653:TCP:NortonAV
"14153:TCP"= 14153:TCP:NortonAV
"14934:TCP"= 14934:TCP:NortonAV
"13528:TCP"= 13528:TCP:NortonAV
"13419:TCP"= 13419:TCP:NortonAV
"12140:TCP"= 12140:TCP:NortonAV
"17016:TCP"= 17016:TCP:NortonAV
"15987:TCP"= 15987:TCP:NortonAV
"16398:TCP"= 16398:TCP:NortonAV
"15388:TCP"= 15388:TCP:NortonAV
"15852:TCP"= 15852:TCP:NortonAV
"12798:TCP"= 12798:TCP:NortonAV
"12418:TCP"= 12418:TCP:NortonAV
"18495:TCP"= 18495:TCP:NortonAV
"18304:TCP"= 18304:TCP:NortonAV
"17539:TCP"= 17539:TCP:NortonAV
"16375:TCP"= 16375:TCP:NortonAV
"15032:TCP"= 15032:TCP:NortonAV
"12565:TCP"= 12565:TCP:NortonAV
"16355:TCP"= 16355:TCP:NortonAV
"18974:TCP"= 18974:TCP:NortonAV
"17046:TCP"= 17046:TCP:NortonAV
"17269:TCP"= 17269:TCP:NortonAV
"12532:TCP"= 12532:TCP:NortonAV
"15706:TCP"= 15706:TCP:NortonAV
"16346:TCP"= 16346:TCP:NortonAV
"18208:TCP"= 18208:TCP:NortonAV
"13043:TCP"= 13043:TCP:NortonAV
"18749:TCP"= 18749:TCP:NortonAV
"13279:TCP"= 13279:TCP:NortonAV
"14009:TCP"= 14009:TCP:NortonAV
"16078:TCP"= 16078:TCP:NortonAV
"18006:TCP"= 18006:TCP:NortonAV
"18229:TCP"= 18229:TCP:NortonAV
"17311:TCP"= 17311:TCP:NortonAV
"14373:TCP"= 14373:TCP:NortonAV
"13866:TCP"= 13866:TCP:NortonAV
"14884:TCP"= 14884:TCP:NortonAV
"13774:TCP"= 13774:TCP:NortonAV
"17580:TCP"= 17580:TCP:NortonAV
"12340:TCP"= 12340:TCP:NortonAV
"17680:TCP"= 17680:TCP:NortonAV
"16785:TCP"= 16785:TCP:NortonAV
"13439:TCP"= 13439:TCP:NortonAV
"17160:TCP"= 17160:TCP:NortonAV
"18889:TCP"= 18889:TCP:NortonAV
"12073:TCP"= 12073:TCP:NortonAV
"16548:TCP"= 16548:TCP:NortonAV
"16481:TCP"= 16481:TCP:NortonAV
"17341:TCP"= 17341:TCP:NortonAV
"16623:TCP"= 16623:TCP:NortonAV
"16709:TCP"= 16709:TCP:NortonAV
"14055:TCP"= 14055:TCP:NortonAV
"15069:TCP"= 15069:TCP:NortonAV
"18230:TCP"= 18230:TCP:NortonAV
"16706:TCP"= 16706:TCP:NortonAV
"12948:TCP"= 12948:TCP:NortonAV
"13855:TCP"= 13855:TCP:NortonAV
"17859:TCP"= 17859:TCP:NortonAV
"14227:TCP"= 14227:TCP:NortonAV
"16155:TCP"= 16155:TCP:NortonAV
"16136:TCP"= 16136:TCP:NortonAV
"15734:TCP"= 15734:TCP:NortonAV
"16688:TCP"= 16688:TCP:NortonAV
"14979:TCP"= 14979:TCP:NortonAV
"16382:TCP"= 16382:TCP:NortonAV
"17656:TCP"= 17656:TCP:NortonAV
"12310:TCP"= 12310:TCP:NortonAV
"17389:TCP"= 17389:TCP:NortonAV
"12199:TCP"= 12199:TCP:NortonAV
"15856:TCP"= 15856:TCP:NortonAV
"15176:TCP"= 15176:TCP:NortonAV
"17879:TCP"= 17879:TCP:NortonAV
"18331:TCP"= 18331:TCP:NortonAV
"13031:TCP"= 13031:TCP:NortonAV
"15968:TCP"= 15968:TCP:NortonAV
"17309:TCP"= 17309:TCP:NortonAV
"14077:TCP"= 14077:TCP:NortonAV
"13786:TCP"= 13786:TCP:NortonAV
"16942:TCP"= 16942:TCP:NortonAV
"13378:TCP"= 13378:TCP:NortonAV
"16260:TCP"= 16260:TCP:NortonAV
"15212:TCP"= 15212:TCP:NortonAV
"18623:TCP"= 18623:TCP:NortonAV
"16899:TCP"= 16899:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"12749:TCP"= 12749:TCP:NortonAV
"17363:TCP"= 17363:TCP:NortonAV
"15887:TCP"= 15887:TCP:NortonAV
"16442:TCP"= 16442:TCP:NortonAV
"12108:TCP"= 12108:TCP:NortonAV
"18122:TCP"= 18122:TCP:NortonAV
"18028:TCP"= 18028:TCP:NortonAV
"16221:TCP"= 16221:TCP:NortonAV
"17878:TCP"= 17878:TCP:NortonAV
"14832:TCP"= 14832:TCP:NortonAV
"13966:TCP"= 13966:TCP:NortonAV
"16308:TCP"= 16308:TCP:NortonAV
"16387:TCP"= 16387:TCP:NortonAV
"14628:TCP"= 14628:TCP:NortonAV
"18458:TCP"= 18458:TCP:NortonAV
"17739:TCP"= 17739:TCP:NortonAV
"12762:TCP"= 12762:TCP:NortonAV
"16203:TCP"= 16203:TCP:NortonAV
"18190:TCP"= 18190:TCP:NortonAV
"13223:TCP"= 13223:TCP:NortonAV
"17802:TCP"= 17802:TCP:NortonAV
"18105:TCP"= 18105:TCP:NortonAV
"18719:TCP"= 18719:TCP:NortonAV
"14265:TCP"= 14265:TCP:NortonAV
"18152:TCP"= 18152:TCP:NortonAV
"17556:TCP"= 17556:TCP:NortonAV
"14785:TCP"= 14785:TCP:NortonAV
"15094:TCP"= 15094:TCP:NortonAV
"17279:TCP"= 17279:TCP:NortonAV
"13703:TCP"= 13703:TCP:NortonAV
"14256:TCP"= 14256:TCP:NortonAV

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [26/01/2005 13:30 5248]
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [26/01/2005 12:28 24539]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [26/01/2005 12:28 75904]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [27/01/2005 17:17 75264]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [03/08/2010 13:54 108289]
R3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [01/08/2010 22:00 23524]
R3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\Gigabyte Windows Utility Manager\MARKFUN.W32 [26/01/2005 12:35 8236]
R3 WMIBIOS;%WMIBIOS.ServiceName%;c:\windows\system32\drivers\wmibios.sys [26/01/2005 12:37 18272]
R3 WMIINFO;WMIINFO Driver;c:\windows\system32\drivers\wmiinfo.sys [26/01/2005 12:37 21184]
S0 zbtlevqn;zbtlevqn; [x]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/01/2010 23:44 135664]
S3 CnxEtP;ZTE ZXDSL852 Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys --> c:\windows\system32\DRIVERS\CnxEtP.sys [?]
S3 CnxEtU;ZTE ZXDSL852 Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys --> c:\windows\system32\DRIVERS\CnxEtU.sys [?]
S3 CnxTgNW;ZTE ZXDSL852 WAN PPPoA Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNW.sys --> c:\windows\system32\DRIVERS\CnxTgNW.sys [?]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [26/01/2005 13:30 160640]

--- Autres Services/Pilotes en mémoire ---

*NewlyCreated* - MARKFUN_NT
.
Contenu du dossier 'Tâches planifiées'

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 21:44]

2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 21:44]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.bbox.bouyguestelecom.fr/pid3 ... rtail.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: cyber-deployment.com
Trusted Zone: cyber-deployment.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-03 20:15
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\c:\program files\Gigabyte\Gigabyte Windows Utility Manager\markfun.w32"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2308)
c:\program files\ATI Technologies\ATI HydraVision\HydraDMH.dll
c:\program files\ATI Technologies\ATI HydraVision\HydraMDH.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Orange HSS\Orange Desktop Search\OrangeDesktopSearchSystem865.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Logitech\Video\FxSvr2.exe
d:\installation\VNC4\winvnc4.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\internet explorer\iexplore.exe
c:\program files\internet explorer\iexplore.exe
.
**************************************************************************
.
Heure de fin: 2010-08-03 20:20:30 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-08-03 18:20
ComboFix2.txt 2010-08-03 08:49

Avant-CF: 869 023 744 octets libres
Après-CF: 1 311 506 432 octets libres

- - End Of File - - B1C5722241BC42470E2C5F5006FE81DD

PS: je pars en croatie demain, le frère de ma voisine va prendre mon relais, histoire que l'ordinateur ne se réinfecte pas entre temps.Merci du coup de main !!

de **ric025** » 04 Aoû 2010 22:42

Bonsoir.

Ok !

La suite alors :

Relancer ZHP Diag, poster le lien du rapport comme demandé dans mon premier post !

++

de **fagorl** » 05 Aoû 2010 11:05

voila le lien .

http://www.premiumorange.com/zeb-help-p ... pdiag.html

[pris en charge par ric025] Infection multiple (Eorezo + toolbar+...)

[pris en charge par ric025] Infection multiple (Eorezo + toolbar+...)

Publicité

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Re: Infection multiple (Eorezo + toolbar+...)

Qui est en ligne

Qui a vu ce sujet