résolu Warning! Spyware detected on your computer

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

résolu Warning! Spyware detected on your computer

Messagepar Marvel » 23 Juil 2008 18:31

Bonjour à tous;
Comme beaucoup actuellement, j'ai étais infecté par 'antivirus xp 2008',
résultat un joli écran bleu comme font d'écran avec écrit ''Warning! Spyware detected on your computer'' qu'il est impossible de changer .
Si une âme charitable pourrais me donner un petit coup de main se ne serait pas de refus, merci d'avance.
Dernière édition par Marvel le 25 Juil 2008 01:03, édité 1 fois.
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22

Re: Warning! Spyware detected on your computer

Messagepar Falkra » 23 Juil 2008 22:30

Bienvenue sur la section sécurité de libellules. :-D

Pour voir ce qui tourne sur ta machine et pouvoir nettoyer les infections présentes, il nous faut faire quelques tests.

Voici comment démarrer.
:arrow: Poste un rapport Hijackthis (v2.0.2) dans ta prochaine réponse stp :
Voici un tuto avec les liens nécessaires :
http://www.libellules.ch/poster_log_hijackthis.php
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Warning! Spyware detected on your computer

Messagepar Marvel » 23 Juil 2008 23:11

Bonjour, voici le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:07:12, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Documents and Settings\All Users\Application Data\dsjutalw\zajwbqte.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\lphc50jj0ee21.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\jotabedw.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Famille\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [lphc50jj0ee21] C:\WINDOWS\system32\lphc50jj0ee21.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [procdben] C:\WINDOWS\system32\jotabedw.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [setsrvapl] C:\WINDOWS\system32\qdopunyx.exe
O4 - HKLM\..\Policies\Explorer\Run: [JdoNy0rCIy] D:\Documents and Settings\All Users\Application Data\dsjutalw\zajwbqte.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Famille\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/ ... loader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BFB12B2-584D-488E-BCC7-B5CC4EB68011}: NameServer = 86.64.145.144 84.103.237.144
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O21 - SSODL: cfgui - {483759E7-0716-4186-98D2-04F3A56BA479} - C:\Program Files\trcjgaf\cfgui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9336 bytes
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22

Re: Warning! Spyware detected on your computer

Messagepar Falkra » 23 Juil 2008 23:13

Double ou triple infection, tu as installé des choses en trop. ;)

On fait deux rapports de diagnostic, ensuite, on en traite deux, puis on voit ce qui reste.

Désactive tes protections résidentes ( Antivirus , ... ) tu les réactiveras ensuite

Télécharge Lop S&D (d'Eric_71) sur ton bureau

  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton bureau
  • Sélectionne la langue souhaitée, puis choisis l'Option 1 ( Recherche )
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré ( C:\lopR.txt )

( Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide).


------


Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Warning! Spyware detected on your computer

Messagepar Marvel » 23 Juil 2008 23:26

voilà les deux rapports^^:

rapport Lop S&D:


--------------------\\ Lop S&D 4.2.2-3 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Famille ] [ "C:\Lop SD" ] [ Selection : 1 ]
[ 24/07/2008 | 0:17:29,87 ] [ PC : Bertout ]
[ MAJ : 22-07-2008 | 17:35 ]

--------------------\\ Listing des dossiers dans Application Data
















--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[23/07/2008 18:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[24/12/2007|02:19] C:\Program Files\1964
[03/04/2008|16:08] C:\Program Files\Adaware
[19/11/2007|01:43] C:\Program Files\Adobe
[08/11/2007|11:33] C:\Program Files\Alwil Software
[08/11/2007|19:52] C:\Program Files\AMD
[08/11/2007|11:13] C:\Program Files\CCleaner
[15/03/2008|15:48] C:\Program Files\COL11004
[08/11/2007|19:52] C:\Program Files\ComPlus Applications
[12/02/2008|04:58] C:\Program Files\Crawler
[08/11/2007|19:52] C:\Program Files\CyberLink
[04/06/2008|23:14] C:\Program Files\DivX
[23/02/2008|12:38] C:\Program Files\DNA
[23/07/2008|19:36] C:\Program Files\eMule
[02/03/2008|14:48] C:\Program Files\EZ-DUB
[11/05/2008|02:43] C:\Program Files\Fichiers communs
[10/05/2008|03:57] C:\Program Files\FileSubmit
[08/11/2007|19:52] C:\Program Files\GMixon
[15/04/2008|13:25] C:\Program Files\Google
[29/02/2008|21:32] C:\Program Files\Heredis 8
[11/12/2007|14:32] C:\Program Files\Hewlett-Packard
[11/12/2007|14:32] C:\Program Files\HP
[13/07/2008|16:41] C:\Program Files\IMVU
[11/05/2008|02:43] C:\Program Files\InstallShield Installation Information
[13/06/2008|09:43] C:\Program Files\Internet Explorer
[11/05/2008|02:41] C:\Program Files\InterVideo
[11/05/2008|02:43] C:\Program Files\InterVideo Information Service
[12/11/2007|16:53] C:\Program Files\IrfanView
[16/11/2007|23:28] C:\Program Files\Java
[08/11/2007|11:32] C:\Program Files\Kit ADSL
[08/11/2007|19:52] C:\Program Files\Learn2.com
[19/11/2007|03:07] C:\Program Files\Lecteur Windows Media.lnk
[09/11/2007|17:57] C:\Program Files\Lexmark
[08/11/2007|16:06] C:\Program Files\Lexmark Z700-P700 Series
[15/03/2008|15:48] C:\Program Files\Media Player Classic
[15/03/2008|15:48] C:\Program Files\Messenger
[04/04/2008|17:14] C:\Program Files\Messenger Plus! Live
[12/11/2007|05:28] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/11/2007|17:51] C:\Program Files\microsoft frontpage
[17/11/2007|17:51] C:\Program Files\Microsoft Office
[10/11/2007|22:05] C:\Program Files\Microsoft SQL Server Compact Edition
[17/11/2007|17:54] C:\Program Files\Microsoft Visual Studio
[01/04/2008|13:23] C:\Program Files\Movie Maker
[23/07/2008|23:27] C:\Program Files\Mozilla Firefox
[15/02/2008|21:14] C:\Program Files\MSN
[08/11/2007|19:52] C:\Program Files\MSN Gaming Zone
[12/11/2007|05:23] C:\Program Files\MSXML 4.0
[08/11/2007|19:54] C:\Program Files\NetMeeting
[14/04/2008|15:26] C:\Program Files\No‰l Danjou
[01/04/2008|14:37] C:\Program Files\Outlook Express
[12/04/2008|00:36] C:\Program Files\PC Inspector File Recovery
[15/04/2008|13:35] C:\Program Files\Picasa2
[15/03/2008|15:48] C:\Program Files\Pochette Express 2
[03/04/2008|17:19] C:\Program Files\QuickTime
[08/11/2007|19:52] C:\Program Files\Real
[29/02/2008|21:44] C:\Program Files\RegSupreme
[23/07/2008|17:24] C:\Program Files\rhc10jj0ee21
[07/01/2008|02:48] C:\Program Files\roms
[18/04/2008|18:48] C:\Program Files\Samsung
[13/07/2008|22:40] C:\Program Files\ScummVM
[08/11/2007|19:55] C:\Program Files\Services en ligne
[24/04/2008|10:32] C:\Program Files\Sierra On-Line
[08/11/2007|19:52] C:\Program Files\Sonic
[23/07/2008|18:09] C:\Program Files\Spybot - Search & Destroy
[20/03/2008|17:57] C:\Program Files\Spyware Terminator
[22/06/2008|16:57] C:\Program Files\Studio-Scrap
[17/12/2007|16:18] C:\Program Files\Tracker Software
[23/07/2008|17:22] C:\Program Files\trcjgaf
[08/11/2007|19:52] C:\Program Files\Ulead Systems
[08/11/2007|19:52] C:\Program Files\Uninstall Information
[08/11/2007|16:42] C:\Program Files\VideoLAN
[29/02/2008|21:31] C:\Program Files\Windows Live
[08/11/2007|19:52] C:\Program Files\Windows Media Components
[15/03/2008|15:48] C:\Program Files\Windows Media Connect 2
[14/04/2008|18:29] C:\Program Files\Windows Media Player
[08/11/2007|19:55] C:\Program Files\Windows NT
[08/11/2007|19:52] C:\Program Files\WindowsUpdate
[08/11/2007|16:42] C:\Program Files\WinRAR
[08/11/2007|19:52] C:\Program Files\xerox
[03/04/2008|17:26] C:\Program Files\XoftSpySE

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[08/11/2007|19:52] C:\Program Files\Fichiers communs\Adobe
[08/11/2007|19:53] C:\Program Files\Fichiers communs\AOL
[08/11/2007|19:53] C:\Program Files\Fichiers communs\aolshare
[02/02/2008|13:12] C:\Program Files\Fichiers communs\Apple
[13/11/2007|18:57] C:\Program Files\Fichiers communs\AVSMedia
[17/11/2007|17:54] C:\Program Files\Fichiers communs\Designer
[11/12/2007|14:31] C:\Program Files\Fichiers communs\Hewlett-Packard
[11/12/2007|14:37] C:\Program Files\Fichiers communs\HP
[09/11/2007|17:57] C:\Program Files\Fichiers communs\InstallShield
[08/11/2007|19:52] C:\Program Files\Fichiers communs\Java
[17/11/2007|17:54] C:\Program Files\Fichiers communs\Microsoft Shared
[08/11/2007|19:52] C:\Program Files\Fichiers communs\MSSoap
[08/11/2007|19:52] C:\Program Files\Fichiers communs\Nullsoft
[08/11/2007|19:52] C:\Program Files\Fichiers communs\ODBC
[08/11/2007|19:52] C:\Program Files\Fichiers communs\Real
[08/11/2007|19:53] C:\Program Files\Fichiers communs\Services
[11/12/2007|14:37] C:\Program Files\Fichiers communs\Sonic Shared
[08/11/2007|19:52] C:\Program Files\Fichiers communs\SpeechEngines
[08/11/2007|19:53] C:\Program Files\Fichiers communs\SureThing Shared
[08/11/2007|11:25] C:\Program Files\Fichiers communs\Symantec Shared
[01/04/2008|14:37] C:\Program Files\Fichiers communs\System
[11/05/2008|02:43] C:\Program Files\Fichiers communs\Ulead
[08/11/2007|19:52] C:\Program Files\Fichiers communs\Ulead Systems
[10/11/2007|22:00] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[08/11/2007|19:52] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 54 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

D:\DOCUME~1\Famille\Cookies\famille@advertstream[1].txt
D:\DOCUME~1\Famille\Cookies\famille@d2.advertserve[1].txt
D:\DOCUME~1\Famille\Cookies\famille@adopt.euroclick[2].txt

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 00:18:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
folder error: D:\DOCUME~1\Famille\LOCALS~1\APPLIC~1

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

=> D:\DOCUME~1\Famille\Application Data\Studio-Scrap\Serial
=> D:\DOCUME~1\Famille\Application Data\Ulead Systems\Ulead PhotoImpact\10.0 SE\Ulead.DAT\GradientSerialize.ugl
=> D:\DOCUME~1\Famille\Application Data\Ulead Systems\Ulead PhotoImpact\10.0 SE\Ulead.DAT\SwatchSerialize.usl


[F:63][D:107]-> D:\DOCUME~1\Famille\LOCALS~1\Temp
[F:572][D:0]-> D:\DOCUME~1\Famille\Cookies
[F:7428][D:19]-> D:\DOCUME~1\Famille\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 0:20:26,32

rapport Toolbar-S&D:


-----------\\ ToolBar S&D 1.0.6 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Famille ] [ "C:\Toolbar SD" ] [ Selection : 1 ]
[ 24/07/2008 | 0:24:05,70 ] [ PC : Bertout ]
[ MAJ : 18-07-2008 | 20:45 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\Crawler
C:\Program Files\Crawler\Download
C:\Program Files\Crawler\Shared
C:\Program Files\Crawler\Toolbar
D:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Crawler Toolbar
D:\DOCUME~1\Famille\Cookies\famille@crawler[1].txt

-----------\\ Extensions

(Program Files) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.lycos.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


-----------\\ Fin du rapport a 0:25:23,68
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22

Re: Warning! Spyware detected on your computer

Messagepar Falkra » 23 Juil 2008 23:28

Relance Lop S&D

  • Choisis cette fois ci l'Option 2 ( Suppression )
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré ( C:\lopR.txt )

(Si le Bureau ne réapparaît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)


----

Relance Toolbar-S&D en double-cliquant sur le raccourci. Tape sur "2" puis valide en appuyant sur "Entrée".
! Ne ferme pas la fenêtre lors de la suppression !
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

----

Poste un 3eme rapport, un rapport HijackThis que tu feras après les deux opérations ci dessus. :-D
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Warning! Spyware detected on your computer

Messagepar Marvel » 23 Juil 2008 23:44

rapport Lop S&D:


--------------------\\ Lop S&D 4.2.2-3 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Famille ] [ "D:\Lop SD" ] [ Selection : 2 ]
[ 24/07/2008 | 0:30:31,73 ] [ PC : Bertout ]
[ MAJ : 22-07-2008 | 17:35 ]


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

Supprime! - D:\DOCUME~1\Famille\Cookies\famille@advertstream[1].txt
Supprime! - D:\DOCUME~1\Famille\Cookies\famille@d2.advertserve[1].txt
Supprime! - D:\DOCUME~1\Famille\Cookies\famille@adopt.euroclick[2].txt
RestaurÚ! - Fichier Hosts

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Supprime! - D:\DOCUME~1\Famille\APPLIC~1\Viewpoint
Supprime! - D:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing des dossiers dans APPLIC~1

[17/08/2004|02:55] D:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
[08/11/2007|19:57] D:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
[08/11/2007|19:57] D:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
[08/11/2007|19:57] D:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft
[08/11/2007|19:57] D:\DOCUME~1\ADMINI~1\APPLIC~1\Real
[30/09/2005|11:03] D:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
[08/11/2007|19:57] D:\DOCUME~1\ADMINI~1\APPLIC~1\You've Got Pictures Screensaver

[30/09/2005|10:59] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[06/08/2007|21:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[30/09/2005|11:00] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL
[29/06/2007|13:17] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AOL Downloads
[11/01/2008|10:30] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
[19/09/2007|12:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[16/05/2006|15:34] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Avg7
[13/11/2007|18:54] D:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
[04/10/2006|15:57] D:\DOCUME~1\ALLUSE~1\APPLIC~1\BOONTY
[30/09/2005|11:11] D:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
[01/04/2008|13:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[23/07/2008|17:21] D:\DOCUME~1\ALLUSE~1\APPLIC~1\dsjutalw
[19/09/2007|12:40] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[15/02/2008|21:46] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[11/12/2007|14:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
[16/12/2007|12:39] D:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
[11/05/2008|02:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[02/06/2008|21:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[23/02/2008|01:57] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[17/10/2006|17:24] D:\DOCUME~1\ALLUSE~1\APPLIC~1\MumboJumbo
[30/09/2005|11:00] D:\DOCUME~1\ALLUSE~1\APPLIC~1\OD2
[18/07/2008|03:14] D:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[30/09/2005|11:01] D:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
[13/10/2006|08:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Sandlot Games
[30/09/2005|19:40] D:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
[01/04/2008|12:15] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
[07/01/2007|20:20] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
[23/07/2008|18:09] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
[19/03/2008|18:36] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
[08/11/2007|11:26] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[06/07/2007|02:47] D:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[04/02/2008|11:22] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
[31/08/2006|09:53] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[11/04/2008|17:41] D:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[29/06/2006|17:45] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
[19/11/2007|12:32] D:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom

[15/11/2005|16:31] D:\DOCUME~1\Bertout\APPLIC~1\CyberLink
[17/08/2004|02:55] D:\DOCUME~1\Bertout\APPLIC~1\desktop.ini
[07/10/2005|20:24] D:\DOCUME~1\Bertout\APPLIC~1\Identities
[07/10/2005|20:24] D:\DOCUME~1\Bertout\APPLIC~1\Macromedia
[08/11/2005|20:49] D:\DOCUME~1\Bertout\APPLIC~1\Microsoft
[07/10/2005|20:24] D:\DOCUME~1\Bertout\APPLIC~1\Real
[26/10/2005|13:43] D:\DOCUME~1\Bertout\APPLIC~1\Sun
[30/09/2005|11:03] D:\DOCUME~1\Bertout\APPLIC~1\Symantec
[27/10/2005|19:42] D:\DOCUME~1\Bertout\APPLIC~1\Ulead Systems
[07/10/2005|20:24] D:\DOCUME~1\Bertout\APPLIC~1\You've Got Pictures Screensaver

[01/04/2008|13:14] D:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[08/11/2007|19:57] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
[08/11/2007|19:57] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
[08/11/2007|19:57] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[08/11/2007|19:57] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Real
[30/09/2005|11:03] D:\DOCUME~1\DEFAUL~1\APPLIC~1\Symantec
[08/11/2007|19:57] D:\DOCUME~1\DEFAUL~1\APPLIC~1\You've Got Pictures Screensaver

[01/07/2008|20:24] D:\DOCUME~1\Famille\APPLIC~1\Adobe
[08/11/2007|14:53] D:\DOCUME~1\Famille\APPLIC~1\AdobeUM
[11/01/2008|10:42] D:\DOCUME~1\Famille\APPLIC~1\Apple Computer
[13/11/2007|18:54] D:\DOCUME~1\Famille\APPLIC~1\AVS4YOU
[28/11/2007|14:35] D:\DOCUME~1\Famille\APPLIC~1\CyberLink
[17/08/2004|02:55] D:\DOCUME~1\Famille\APPLIC~1\desktop.ini
[05/06/2008|03:14] D:\DOCUME~1\Famille\APPLIC~1\DivX
[05/12/2007|19:02] D:\DOCUME~1\Famille\APPLIC~1\gtk-2.0
[11/11/2007|16:27] D:\DOCUME~1\Famille\APPLIC~1\Help
[11/12/2007|14:43] D:\DOCUME~1\Famille\APPLIC~1\HP
[19/11/2007|12:32] D:\DOCUME~1\Famille\APPLIC~1\Identities
[17/07/2008|18:43] D:\DOCUME~1\Famille\APPLIC~1\IMVU
[18/04/2008|18:48] D:\DOCUME~1\Famille\APPLIC~1\InstallShield
[15/11/2007|21:08] D:\DOCUME~1\Famille\APPLIC~1\Interactive Agents
[11/05/2008|02:46] D:\DOCUME~1\Famille\APPLIC~1\InterVideo
[28/03/2008|17:44] D:\DOCUME~1\Famille\APPLIC~1\Lavasoft
[28/01/2008|08:17] D:\DOCUME~1\Famille\APPLIC~1\Leadertech
[08/11/2007|13:34] D:\DOCUME~1\Famille\APPLIC~1\Macromedia
[09/01/2008|02:55] D:\DOCUME~1\Famille\APPLIC~1\Media Player Classic
[26/04/2008|14:48] D:\DOCUME~1\Famille\APPLIC~1\Microsoft
[17/11/2007|17:51] D:\DOCUME~1\Famille\APPLIC~1\Microsoft Web Folders
[08/11/2007|13:32] D:\DOCUME~1\Famille\APPLIC~1\Mozilla
[15/02/2008|21:14] D:\DOCUME~1\Famille\APPLIC~1\MSNInstaller
[10/11/2007|01:49] D:\DOCUME~1\Famille\APPLIC~1\OD2
[08/11/2007|19:57] D:\DOCUME~1\Famille\APPLIC~1\Real
[23/07/2008|17:24] D:\DOCUME~1\Famille\APPLIC~1\rhc10jj0ee21
[30/04/2008|18:44] D:\DOCUME~1\Famille\APPLIC~1\ScummVM
[15/03/2008|17:53] D:\DOCUME~1\Famille\APPLIC~1\Skype
[28/01/2008|08:17] D:\DOCUME~1\Famille\APPLIC~1\Sonic
[01/04/2008|11:49] D:\DOCUME~1\Famille\APPLIC~1\Spyware Terminator
[22/06/2008|16:59] D:\DOCUME~1\Famille\APPLIC~1\Studio-Scrap
[08/11/2007|13:19] D:\DOCUME~1\Famille\APPLIC~1\Sun
[08/11/2007|11:17] D:\DOCUME~1\Famille\APPLIC~1\Symantec
[04/02/2008|11:27] D:\DOCUME~1\Famille\APPLIC~1\Ulead Systems
[08/01/2008|01:43] D:\DOCUME~1\Famille\APPLIC~1\vlc
[08/11/2007|16:45] D:\DOCUME~1\Famille\APPLIC~1\WinRAR
[01/01/2008|19:17] D:\DOCUME~1\Famille\APPLIC~1\XnView
[08/11/2007|19:57] D:\DOCUME~1\Famille\APPLIC~1\You've Got Pictures Screensaver
[19/11/2007|12:32] D:\DOCUME~1\Famille\APPLIC~1\Zylom

[30/09/2005|19:40] D:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

[11/05/2008|13:27] D:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Help
[20/04/2008|15:03] D:\DOCUME~1\LOCALS~1.AUT\APPLIC~1\Microsoft

[30/09/2005|19:40] D:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[24/02/2006|13:01] D:\DOCUME~1\NETWOR~1\APPLIC~1\Symantec

[08/11/2007|19:57] D:\DOCUME~1\NETWOR~1.AUT\APPLIC~1\Microsoft

[07/01/2007|13:48] D:\DOCUME~1\nicole\APPLIC~1\7Wonders
[11/09/2007|01:06] D:\DOCUME~1\nicole\APPLIC~1\Adobe
[27/03/2007|08:44] D:\DOCUME~1\nicole\APPLIC~1\AdobeUM
[09/09/2007|22:09] D:\DOCUME~1\nicole\APPLIC~1\Apple Computer
[03/12/2005|16:00] D:\DOCUME~1\nicole\APPLIC~1\CyberLink
[17/08/2004|02:55] D:\DOCUME~1\nicole\APPLIC~1\desktop.ini
[15/08/2007|16:57] D:\DOCUME~1\nicole\APPLIC~1\DialMessenger
[05/05/2007|12:47] D:\DOCUME~1\nicole\APPLIC~1\Google
[20/01/2006|17:06] D:\DOCUME~1\nicole\APPLIC~1\Help
[07/01/2007|20:27] D:\DOCUME~1\nicole\APPLIC~1\HP
[13/10/2006|08:15] D:\DOCUME~1\nicole\APPLIC~1\Identities
[25/09/2007|18:53] D:\DOCUME~1\nicole\APPLIC~1\Lavasoft
[27/09/2006|16:30] D:\DOCUME~1\nicole\APPLIC~1\Leadertech
[07/10/2006|17:09] D:\DOCUME~1\nicole\APPLIC~1\Logitech
[26/11/2005|12:24] D:\DOCUME~1\nicole\APPLIC~1\Macromedia
[09/01/2007|15:41] D:\DOCUME~1\nicole\APPLIC~1\Magic Match
[22/10/2007|20:47] D:\DOCUME~1\nicole\APPLIC~1\Microsoft
[20/02/2007|18:29] D:\DOCUME~1\nicole\APPLIC~1\Microsoft Web Folders
[20/06/2007|19:12] D:\DOCUME~1\nicole\APPLIC~1\Mozilla
[22/08/2006|22:02] D:\DOCUME~1\nicole\APPLIC~1\MSNInstaller
[02/12/2005|19:43] D:\DOCUME~1\nicole\APPLIC~1\OD2
[06/08/2007|22:08] D:\DOCUME~1\nicole\APPLIC~1\Opera
[11/05/2007|13:40] D:\DOCUME~1\nicole\APPLIC~1\PatchUpdate_InstantShareJPG.log
[11/05/2007|13:39] D:\DOCUME~1\nicole\APPLIC~1\PatchUpdate_IZClosingDiscError.log
[24/04/2007|08:11] D:\DOCUME~1\nicole\APPLIC~1\PC Tools
[14/12/2005|19:17] D:\DOCUME~1\nicole\APPLIC~1\Real
[04/08/2007|17:07] D:\DOCUME~1\nicole\APPLIC~1\ScummVM
[29/11/2005|17:41] D:\DOCUME~1\nicole\APPLIC~1\Skype
[27/09/2006|16:31] D:\DOCUME~1\nicole\APPLIC~1\Sonic
[27/11/2005|17:03] D:\DOCUME~1\nicole\APPLIC~1\Sun
[26/11/2005|12:25] D:\DOCUME~1\nicole\APPLIC~1\Symantec
[24/04/2007|08:30] D:\DOCUME~1\nicole\APPLIC~1\Talkback
[11/04/2007|12:28] D:\DOCUME~1\nicole\APPLIC~1\Ulead Systems
[10/04/2007|20:46] D:\DOCUME~1\nicole\APPLIC~1\Update_HP_RedboxHprblog_HPSU.log
[10/08/2007|16:50] D:\DOCUME~1\nicole\APPLIC~1\vlc
[02/08/2007|03:25] D:\DOCUME~1\nicole\APPLIC~1\Wildfire
[26/11/2005|21:06] D:\DOCUME~1\nicole\APPLIC~1\You've Got Pictures Screensaver
[13/10/2006|08:15] D:\DOCUME~1\nicole\APPLIC~1\Zylom

[19/03/2008|19:10] D:\DOCUME~1\PROPRI~1\APPLIC~1\You've Got Pictures Screensaver

--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

[23/07/2008 18:38][--ah-----] C:\WINDOWS\tasks\SA.DAT
[05/08/2004 14:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing des dossiers dans C:\Program Files

[24/12/2007|02:19] C:\Program Files\1964
[03/04/2008|16:08] C:\Program Files\Adaware
[19/11/2007|01:43] C:\Program Files\Adobe
[08/11/2007|11:33] C:\Program Files\Alwil Software
[08/11/2007|19:52] C:\Program Files\AMD
[08/11/2007|11:13] C:\Program Files\CCleaner
[15/03/2008|15:48] C:\Program Files\COL11004
[08/11/2007|19:52] C:\Program Files\ComPlus Applications
[12/02/2008|04:58] C:\Program Files\Crawler
[08/11/2007|19:52] C:\Program Files\CyberLink
[04/06/2008|23:14] C:\Program Files\DivX
[23/02/2008|12:38] C:\Program Files\DNA
[23/07/2008|19:36] C:\Program Files\eMule
[02/03/2008|14:48] C:\Program Files\EZ-DUB
[11/05/2008|02:43] C:\Program Files\Fichiers communs
[10/05/2008|03:57] C:\Program Files\FileSubmit
[08/11/2007|19:52] C:\Program Files\GMixon
[15/04/2008|13:25] C:\Program Files\Google
[29/02/2008|21:32] C:\Program Files\Heredis 8
[11/12/2007|14:32] C:\Program Files\Hewlett-Packard
[11/12/2007|14:32] C:\Program Files\HP
[13/07/2008|16:41] C:\Program Files\IMVU
[11/05/2008|02:43] C:\Program Files\InstallShield Installation Information
[13/06/2008|09:43] C:\Program Files\Internet Explorer
[11/05/2008|02:41] C:\Program Files\InterVideo
[11/05/2008|02:43] C:\Program Files\InterVideo Information Service
[12/11/2007|16:53] C:\Program Files\IrfanView
[16/11/2007|23:28] C:\Program Files\Java
[08/11/2007|11:32] C:\Program Files\Kit ADSL
[08/11/2007|19:52] C:\Program Files\Learn2.com
[19/11/2007|03:07] C:\Program Files\Lecteur Windows Media.lnk
[09/11/2007|17:57] C:\Program Files\Lexmark
[08/11/2007|16:06] C:\Program Files\Lexmark Z700-P700 Series
[15/03/2008|15:48] C:\Program Files\Media Player Classic
[15/03/2008|15:48] C:\Program Files\Messenger
[04/04/2008|17:14] C:\Program Files\Messenger Plus! Live
[12/11/2007|05:28] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[17/11/2007|17:51] C:\Program Files\microsoft frontpage
[17/11/2007|17:51] C:\Program Files\Microsoft Office
[10/11/2007|22:05] C:\Program Files\Microsoft SQL Server Compact Edition
[17/11/2007|17:54] C:\Program Files\Microsoft Visual Studio
[01/04/2008|13:23] C:\Program Files\Movie Maker
[24/07/2008|00:27] C:\Program Files\Mozilla Firefox
[15/02/2008|21:14] C:\Program Files\MSN
[08/11/2007|19:52] C:\Program Files\MSN Gaming Zone
[12/11/2007|05:23] C:\Program Files\MSXML 4.0
[08/11/2007|19:54] C:\Program Files\NetMeeting
[14/04/2008|15:26] C:\Program Files\No‰l Danjou
[01/04/2008|14:37] C:\Program Files\Outlook Express
[12/04/2008|00:36] C:\Program Files\PC Inspector File Recovery
[15/04/2008|13:35] C:\Program Files\Picasa2
[15/03/2008|15:48] C:\Program Files\Pochette Express 2
[03/04/2008|17:19] C:\Program Files\QuickTime
[08/11/2007|19:52] C:\Program Files\Real
[29/02/2008|21:44] C:\Program Files\RegSupreme
[23/07/2008|17:24] C:\Program Files\rhc10jj0ee21
[07/01/2008|02:48] C:\Program Files\roms
[18/04/2008|18:48] C:\Program Files\Samsung
[13/07/2008|22:40] C:\Program Files\ScummVM
[08/11/2007|19:55] C:\Program Files\Services en ligne
[24/04/2008|10:32] C:\Program Files\Sierra On-Line
[08/11/2007|19:52] C:\Program Files\Sonic
[23/07/2008|18:09] C:\Program Files\Spybot - Search & Destroy
[20/03/2008|17:57] C:\Program Files\Spyware Terminator
[22/06/2008|16:57] C:\Program Files\Studio-Scrap
[17/12/2007|16:18] C:\Program Files\Tracker Software
[23/07/2008|17:22] C:\Program Files\trcjgaf
[08/11/2007|19:52] C:\Program Files\Ulead Systems
[08/11/2007|19:52] C:\Program Files\Uninstall Information
[08/11/2007|16:42] C:\Program Files\VideoLAN
[29/02/2008|21:31] C:\Program Files\Windows Live
[08/11/2007|19:52] C:\Program Files\Windows Media Components
[15/03/2008|15:48] C:\Program Files\Windows Media Connect 2
[14/04/2008|18:29] C:\Program Files\Windows Media Player
[08/11/2007|19:55] C:\Program Files\Windows NT
[08/11/2007|19:52] C:\Program Files\WindowsUpdate
[08/11/2007|16:42] C:\Program Files\WinRAR
[08/11/2007|19:52] C:\Program Files\xerox
[03/04/2008|17:26] C:\Program Files\XoftSpySE

--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

[08/11/2007|19:52] C:\Program Files\Fichiers communs\Adobe
[08/11/2007|19:53] C:\Program Files\Fichiers communs\AOL
[08/11/2007|19:53] C:\Program Files\Fichiers communs\aolshare
[02/02/2008|13:12] C:\Program Files\Fichiers communs\Apple
[13/11/2007|18:57] C:\Program Files\Fichiers communs\AVSMedia
[17/11/2007|17:54] C:\Program Files\Fichiers communs\Designer
[11/12/2007|14:31] C:\Program Files\Fichiers communs\Hewlett-Packard
[11/12/2007|14:37] C:\Program Files\Fichiers communs\HP
[09/11/2007|17:57] C:\Program Files\Fichiers communs\InstallShield
[08/11/2007|19:52] C:\Program Files\Fichiers communs\Java
[17/11/2007|17:54] C:\Program Files\Fichiers communs\Microsoft Shared
[08/11/2007|19:52] C:\Program Files\Fichiers communs\MSSoap
[08/11/2007|19:52] C:\Program Files\Fichiers communs\Nullsoft
[08/11/2007|19:52] C:\Program Files\Fichiers communs\ODBC
[08/11/2007|19:52] C:\Program Files\Fichiers communs\Real
[08/11/2007|19:53] C:\Program Files\Fichiers communs\Services
[11/12/2007|14:37] C:\Program Files\Fichiers communs\Sonic Shared
[08/11/2007|19:52] C:\Program Files\Fichiers communs\SpeechEngines
[08/11/2007|19:53] C:\Program Files\Fichiers communs\SureThing Shared
[08/11/2007|11:25] C:\Program Files\Fichiers communs\Symantec Shared
[01/04/2008|14:37] C:\Program Files\Fichiers communs\System
[11/05/2008|02:43] C:\Program Files\Fichiers communs\Ulead
[08/11/2007|19:52] C:\Program Files\Fichiers communs\Ulead Systems
[10/11/2007|22:00] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[08/11/2007|19:52] C:\Program Files\Fichiers communs\xing shared

--------------------\\ Process

( 52 Processus )

... OK !

--------------------\\ Recherche avec S_Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Recherche de Fichiers / Dossiers Lop

Aucun fichier / dossier Lop trouvé !

--------------------\\ Verification du Registre

..... OK !

--------------------\\ Verification du fichier Hosts

Fichier Hosts PROPRE


--------------------\\ Recherche de fichiers avec Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 00:32:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden files ...
folder error: D:\DOCUME~1\Famille\LOCALS~1\APPLIC~1

--------------------\\ Recherche d'autres infections

--------------------\\ Cracks & Keygens ..

=> D:\DOCUME~1\Famille\Application Data\Studio-Scrap\Serial
=> D:\DOCUME~1\Famille\Application Data\Ulead Systems\Ulead PhotoImpact\10.0 SE\Ulead.DAT\GradientSerialize.ugl
=> D:\DOCUME~1\Famille\Application Data\Ulead Systems\Ulead PhotoImpact\10.0 SE\Ulead.DAT\SwatchSerialize.usl


[F:65][D:107]-> D:\DOCUME~1\Famille\LOCALS~1\Temp
[F:569][D:0]-> D:\DOCUME~1\Famille\Cookies
[F:7428][D:19]-> D:\DOCUME~1\Famille\LOCALS~1\TEMPOR~1\content.IE5

--------------------\\ Fin du rapport a 0:34:53,78

rapport Toolbar-S&D:


-----------\\ ToolBar S&D 1.0.6 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : Famille ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
[ 24/07/2008 | 0:36:12,65 ] [ PC : Bertout ]
[ MAJ : 18-07-2008 | 20:45 ]

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\Crawler\Download
Supprime! - C:\Program Files\Crawler\Shared
Supprime! - C:\Program Files\Crawler\Toolbar
Supprime! - D:\DOCUME~1\ALLUSE~1\MENUDÉ~1\PROGRA~1\Crawler Toolbar
Supprime! - D:\DOCUME~1\Famille\Cookies\famille@crawler[1].txt
Supprime! - C:\Program Files\Crawler

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(Program Files) - {3112ca9c-de6d-4884-a869-9855de68056c} => google-toolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.lycos.fr/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"SearchMigratedDefaultURL"="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


-----------\\ Fin du rapport a 0:37:53,34

rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:41:36, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Documents and Settings\All Users\Application Data\dsjutalw\zajwbqte.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\lphc50jj0ee21.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\jotabedw.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Famille\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [lphc50jj0ee21] C:\WINDOWS\system32\lphc50jj0ee21.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [procdben] C:\WINDOWS\system32\jotabedw.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [setsrvapl] C:\WINDOWS\system32\qdopunyx.exe
O4 - HKLM\..\Policies\Explorer\Run: [JdoNy0rCIy] D:\Documents and Settings\All Users\Application Data\dsjutalw\zajwbqte.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Famille\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/ ... loader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BFB12B2-584D-488E-BCC7-B5CC4EB68011}: NameServer = 86.64.145.144 84.103.237.144
O21 - SSODL: cfgui - {483759E7-0716-4186-98D2-04F3A56BA479} - C:\Program Files\trcjgaf\cfgui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 9195 bytes
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22

Re: Warning! Spyware detected on your computer

Messagepar Falkra » 23 Juil 2008 23:52

Il en reste plein, mais il y en a moins. On continue. :-D

Télécharge Malwarebytes' Anti-Malware (MBAM)

  • Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  • Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  • Sélectionne "Exécuter un examen rapide"
  • Clique sur "Rechercher"
  • L'analyse démarre, le scan est relativement long, c'est normal.
  • A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

    Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  • Ferme tes navigateurs.
  • Si des malwares ont été détectés, clique sur Afficher les résultats.
    Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Warning! Spyware detected on your computer

Messagepar Marvel » 24 Juil 2008 00:08

Malwarebytes' Anti-Malware 1.22
Version de la base de données: 984
Windows 5.1.2600 Service Pack 2

01:07:07 24/07/2008
mbam-log-7-24-2008 (01-07-07).txt

Type de recherche: Examen rapide
Eléments examinés: 56967
Temps écoulé: 10 minute(s), 50 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 13
Fichier(s) infecté(s): 60

Processus mémoire infecté(s):
C:\WINDOWS\system32\lphc50jj0ee21.exe (Trojan.FakeAlert) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\blphc50jj0ee21.scr (Trojan.FakeAlert) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhc10jj0ee21 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc10jj0ee21 (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\uninstall (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RUNTIME (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc50jj0ee21 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21 (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21 (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21\rhc10jj0ee21.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21\rhc10jj0ee21.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Program Files\rhc10jj0ee21\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\blphc50jj0ee21.scr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lphc50jj0ee21.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\phc50jj0ee21.bmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pphc50jj0ee21.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
D:\Documents and Settings\Famille\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22

Re: Warning! Spyware detected on your computer

Messagepar Falkra » 24 Juil 2008 00:10

Ha, joli, belle récolte ça. :supers: :mrgreen:

Poste un nouveau rapport HijackThis stp.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Warning! Spyware detected on your computer

Messagepar Marvel » 24 Juil 2008 00:16

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:15:48, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
D:\Documents and Settings\All Users\Application Data\dsjutalw\zajwbqte.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\jotabedw.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\ubczktqh.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\rhc10jj0ee21\rhc10jj0ee21.exe
C:\WINDOWS\system32\pphc50jj0ee21.exe
D:\Documents and Settings\Famille\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [lphc50jj0ee21] C:\WINDOWS\system32\lphc50jj0ee21.exe
O4 - HKLM\..\Run: [SMrhc10jj0ee21] C:\Program Files\rhc10jj0ee21\rhc10jj0ee21.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [procdben] C:\WINDOWS\system32\jotabedw.exe
O4 - HKCU\..\Run: [setsrvapl] C:\WINDOWS\system32\qdopunyx.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [JdoNy0rCIy] D:\Documents and Settings\All Users\Application Data\dsjutalw\zajwbqte.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Famille\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/ ... loader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BFB12B2-584D-488E-BCC7-B5CC4EB68011}: NameServer = 84.103.237.141 86.64.145.141
O21 - SSODL: cfgui - {483759E7-0716-4186-98D2-04F3A56BA479} - C:\Program Files\trcjgaf\cfgui.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 8902 bytes
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22

Re: Warning! Spyware detected on your computer

Messagepar Falkra » 24 Juil 2008 00:17

Ce qui suit n'est que pour ta machine, et ta machine seulement.
Ne pas utiliser sur une autre machine : dangereux.

Télécharge combofix.exe de sUBs et sauvegarde le sur ton bureau (et pas ailleurs).
  • Assure toi que tous les programmes sont fermés avant de commencer.
  • Double-clique combofix.exe afin de l'exécuter.
  • Clique sur "Oui" au message de Limitation de Garantie qui s'affiche.
  • Il est possible que ton pare-feu (firewall) te demande si tu acceptes ou non l'accès de nircmd.cfexe à la zone sûre: accepte.
  • Ne ferme pas la fenêtre qui vient de s'ouvrir, tu te retrouverais avec un bureau vide.
  • Lorsque l'analyse sera terminée, un rapport apparaîtra.
  • Copie-colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve dans : C:\Combofix.txt (si jamais).
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Warning! Spyware detected on your computer

Messagepar Marvel » 24 Juil 2008 00:34

ComboFix 08-07-23.3 - Famille 2008-07-24 1:21:03.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.57 [GMT 2:00]
Endroit: D:\Documents and Settings\Famille\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\rhc10jj0ee21
C:\WINDOWS\system32\blphc50jj0ee21.scr
C:\WINDOWS\system32\lphc50jj0ee21.exe
C:\WINDOWS\system32\phc50jj0ee21.bmp
C:\WINDOWS\system32\pphc50jj0ee21.exe
D:\Documents and Settings\Bertout\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-23 to 2008-07-23 ))))))))))))))))))))))))))))))))))))
.

2008-07-24 01:15 . 2008-07-24 01:15 94,208 --a------ C:\WINDOWS\system32\F.tmp
2008-07-24 01:13 . 2008-07-24 01:13 90,112 --a------ C:\WINDOWS\system32\gdcpwvif.exe
2008-07-24 00:53 . 2008-07-24 00:53 <REP> d-------- D:\Documents and Settings\Famille\Application Data\Malwarebytes
2008-07-24 00:53 . 2008-07-24 00:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 00:53 . 2008-07-24 00:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 00:53 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 00:53 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 00:21 . 2008-07-24 00:37 <REP> d-------- C:\Toolbar SD
2008-07-24 00:14 . 2008-07-24 00:20 <REP> d-------- C:\Lop SD
2008-07-23 18:39 . 2008-07-23 18:39 110,080 --a------ C:\WINDOWS\system32\wrkhexub.exe
2008-07-23 18:39 . 2008-07-23 18:39 77,824 --a------ C:\WINDOWS\system32\qdopunyx.exe
2008-07-23 18:22 . 2008-07-23 18:22 2,400 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-23 18:21 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-23 18:21 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-23 18:21 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-23 18:21 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-23 18:21 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-23 18:21 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-23 18:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-23 18:21 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-23 18:21 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 18:09 . 2008-07-24 01:26 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-23 17:22 . 2008-07-23 17:22 <REP> d-------- C:\Program Files\trcjgaf
2008-07-23 17:21 . 2008-07-23 17:21 <REP> d-------- D:\Documents and Settings\All Users\Application Data\dsjutalw
2008-07-23 17:21 . 2008-07-23 17:21 77,824 --a------ C:\WINDOWS\system32\jotabedw.exe
2008-07-14 13:45 . 2008-07-20 15:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 13:45 . 2008-07-14 13:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-13 14:22 . 2008-07-17 18:43 <REP> d-------- D:\Documents and Settings\Famille\Application Data\IMVU
2008-07-13 14:22 . 2008-07-13 16:41 <REP> d-------- C:\Program Files\IMVU
2008-07-01 20:21 . 2008-07-20 20:57 <REP> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 23:27 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 17:36 --------- d-----w C:\Program Files\eMule
2008-07-13 20:40 --------- d-----w C:\Program Files\ScummVM
2008-06-22 14:59 --------- d-----w D:\Documents and Settings\Famille\Application Data\Studio-Scrap
2008-06-22 14:57 --------- d-----w C:\Program Files\Studio-Scrap
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 01:14 --------- d-----w D:\Documents and Settings\Famille\Application Data\DivX
2008-06-04 21:14 --------- d-----w C:\Program Files\DivX
2008-06-02 19:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-19 01:07 675 ----a-w C:\Program Files\Lecteur Windows Media.lnk
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"procdben"="C:\WINDOWS\system32\jotabedw.exe" [2008-07-23 17:21 77824]
"setsrvapl"="C:\WINDOWS\system32\qdopunyx.exe" [2008-07-23 18:39 77824]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"GenComSet"="C:\WINDOWS\system32\gnurkpqt.exe" [2008-07-24 01:29 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-30 18:06 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"lphc50jj0ee21"="C:\WINDOWS\system32\lphc50jj0ee21.exe" [2008-07-24 01:29 110080]
"SMrhc10jj0ee21"="C:\Program Files\rhc10jj0ee21\rhc10jj0ee21.exe" [2008-07-23 17:27 9457664]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"JdoNy0rCIy"="D:\Documents and Settings\All Users\Application Data\dsjutalw\zajwbqte.exe" [2008-07-23 17:21 57344]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 1 (0x1)
"NoDispScrSavPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"cfgui"= {483759E7-0716-4186-98D2-04F3A56BA479} - C:\Program Files\trcjgaf\cfgui.dll [2008-07-23 17:22 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wel74.sys]
@="Driver"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
--a------ 2003-05-02 11:31 24576 c:\APPS\ABOARD\ABOARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc10jj0ee21]
--a------ 2008-07-23 17:27 9457664 C:\Program Files\rhc10jj0ee21\rhc10jj0ee21.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-03-04 15:53 2957824 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-09-30 18:06 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-04 15:53]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]
S3 PentaxUsb;PENTAX Optio 60 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 15:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06c61c38-0186-11dd-836e-00038a000015}]
\Shell\AutoRun\command - PStart.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.lycos.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: Crawler Search - tbr:iemenu
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Famille\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O17 -: HKLM\CCS\Interface\{8BFB12B2-584D-488E-BCC7-B5CC4EB68011}: NameServer = 86.64.145.140 84.103.237.140

O16 -: {C36112BF-2FA3-4694-8603-3B510EA3B465} - hxxp://f002.mail.caramail.lycos.fr/app/ ... loader.cab
C:\WINDOWS\Downloaded Program Files\FileUploader.inf
C:\WINDOWS\Downloaded Program Files\FileUploader.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 01:27:04
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\pphc50jj0ee21.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-24 1:32:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-23 23:32:16

Pre-Run: 1,718,071,296 octets libres
Post-Run: 1,619,857,408 octets libres

193 --- E O F --- 2008-07-14 08:02:46
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22

Re: Warning! Spyware detected on your computer

Messagepar Falkra » 24 Juil 2008 00:49

Ce qui suit n'est que pour ta machine, et ta machine seulement.
Ne pas utiliser sur une autre machine : dangereux.


Désactive TeaTimer dans spybot dès maintenant, ça peut empêcher la désinfection et n'est aps utile, de toute façon.
A faire en passant par les options de Spybot: il faut aller dans le menu "Mode"=> coche "Mode avancé" => "Outils"(en bas de page)=> "Résident" => et tu décoches cette case: "Résident Teatimer" .

  • Ouvre le bloc notes. Copie colle ceci dedans :

File::
C:\WINDOWS\system32\gdcpwvif.exe
C:\WINDOWS\system32\wrkhexub.exe
C:\WINDOWS\system32\qdopunyx.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\jotabedw.exe
C:\WINDOWS\system32\gnurkpqt.exe
C:\WINDOWS\system32\lphc50jj0ee21.exe
C:\Program Files\rhc10jj0ee21\rhc10jj0ee21.exe
C:\WINDOWS\system32\pphc50jj0ee21.exe
C:\Program Files\trcjgaf\cfgui.dll

Folder::
C:\Program Files\trcjgaf
D:\Documents and Settings\All Users\Application Data\dsjutalw
C:\Program Files\rhc10jj0ee21\

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"procdben"=-
"setsrvapl"=-
"GenComSet"=-
"SpybotSD TeaTimer"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"lphc50jj0ee21"=-
"SMrhc10jj0ee21"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"JdoNy0rCIy"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"cfgui"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wel74.sys]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMrhc10jj0ee21]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispBackgroundPage"= 0 (0x0)
"NoDispScrSavPage"= 0 (0x0)



  • Sauvegarde cela comme fichier texte nommé CFScript, sur le bureau.
  • Fais un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture
Image
  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
  • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

Ensuite ajoute un nouveau rapport HijackThis stp après ce rapport là.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Warning! Spyware detected on your computer

Messagepar Marvel » 24 Juil 2008 01:19

rapport CFScript_ComboFix

ComboFix 08-07-23.3 - Famille 2008-07-24 2:07:38.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.110 [GMT 2:00]
Endroit: D:\Documents and Settings\Famille\Bureau\ComboFix.exe
Command switches used :: D:\Documents and Settings\Famille\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Program Files\rhc10jj0ee21\rhc10jj0ee21.exe
C:\Program Files\trcjgaf\cfgui.dll
C:\WINDOWS\system32\gdcpwvif.exe
C:\WINDOWS\system32\gnurkpqt.exe
C:\WINDOWS\system32\jotabedw.exe
C:\WINDOWS\system32\lphc50jj0ee21.exe
C:\WINDOWS\system32\pphc50jj0ee21.exe
C:\WINDOWS\system32\qdopunyx.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\wrkhexub.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\rhc10jj0ee21\
C:\Program Files\rhc10jj0ee21\\database.dat
C:\Program Files\rhc10jj0ee21\\license.txt
C:\Program Files\rhc10jj0ee21\\MFC71.dll
C:\Program Files\rhc10jj0ee21\\MFC71ENU.DLL
C:\Program Files\rhc10jj0ee21\\msvcp71.dll
C:\Program Files\rhc10jj0ee21\\msvcr71.dll
C:\Program Files\rhc10jj0ee21\\rhc10jj0ee21.exe
C:\Program Files\rhc10jj0ee21\\rhc10jj0ee21.exe.local
C:\Program Files\rhc10jj0ee21\\Uninstall.exe
C:\Program Files\rhc10jj0ee21\rhc10jj0ee21.exe
C:\Program Files\trcjgaf
C:\Program Files\trcjgaf\cfgui.dll
C:\WINDOWS\system32\blphc50jj0ee21.scr
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\gdcpwvif.exe
C:\WINDOWS\system32\gnurkpqt.exe
C:\WINDOWS\system32\jotabedw.exe
C:\WINDOWS\system32\lphc50jj0ee21.exe
C:\WINDOWS\system32\phc50jj0ee21.bmp
C:\WINDOWS\system32\pphc50jj0ee21.exe
C:\WINDOWS\system32\qdopunyx.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\wrkhexub.exe
D:\Documents and Settings\All Users\Application Data\dsjutalw
D:\Documents and Settings\All Users\Application Data\dsjutalw\zajwbqte.exe
D:\Documents and Settings\Famille\Application Data\rhc10jj0ee21

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))))))
.

2008-07-24 00:53 . 2008-07-24 00:53 <REP> d-------- D:\Documents and Settings\Famille\Application Data\Malwarebytes
2008-07-24 00:53 . 2008-07-24 00:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-24 00:53 . 2008-07-24 00:53 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-24 00:53 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-24 00:53 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-24 00:21 . 2008-07-24 00:37 <REP> d-------- C:\Toolbar SD
2008-07-24 00:14 . 2008-07-24 00:20 <REP> d-------- C:\Lop SD
2008-07-23 18:21 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-23 18:21 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-23 18:21 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-23 18:21 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-23 18:21 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-23 18:21 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-23 18:21 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-23 18:21 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-23 18:21 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-23 18:09 . 2008-07-24 02:03 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-14 13:45 . 2008-07-20 15:48 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-14 13:45 . 2008-07-14 13:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-13 14:22 . 2008-07-17 18:43 <REP> d-------- D:\Documents and Settings\Famille\Application Data\IMVU
2008-07-13 14:22 . 2008-07-13 16:41 <REP> d-------- C:\Program Files\IMVU
2008-07-01 20:21 . 2008-07-20 20:57 <REP> d-------- C:\WINDOWS\system32\Adobe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 00:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 17:36 --------- d-----w C:\Program Files\eMule
2008-07-13 20:40 --------- d-----w C:\Program Files\ScummVM
2008-06-22 14:59 --------- d-----w D:\Documents and Settings\Famille\Application Data\Studio-Scrap
2008-06-22 14:57 --------- d-----w C:\Program Files\Studio-Scrap
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-05 01:14 --------- d-----w D:\Documents and Settings\Famille\Application Data\DivX
2008-06-04 21:14 --------- d-----w C:\Program Files\DivX
2008-06-02 19:14 --------- d-----w D:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-11-19 01:07 675 ----a-w C:\Program Files\Lecteur Windows Media.lnk
.

((((((((((((((((((((((((((((( snapshot@2008-07-24_ 1.31.59.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-24 00:12:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4e0.dat
+ 2008-07-24 00:14:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5ec.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"Ulead AutoDetector v2"="C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112]
"PCMService"="c:\Apps\Powercinema\PCMService.exe" [2005-05-11 13:48 127118]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-09-30 18:06 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 11:56 286720]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 17:34 213936]
"SoundMan"="SOUNDMAN.EXE" [2005-05-17 18:48 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\ulmp3acm.acm
"msacm.mpegacm"= C:\PROGRA~1\FICHIE~1\ULEADS~1\MPEG\mpegacm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Démarrage rapide de HP Photosmart Premier.lnk]
backup=C:\WINDOWS\pss\Démarrage rapide de HP Photosmart Premier.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTIVBOARD]
--a------ 2003-05-02 11:31 24576 c:\APPS\ABOARD\ABOARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 03:41 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
--a------ 2008-03-04 15:53 2957824 C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-09-30 18:06 180269 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\APPS\\Inventime\\my.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-03-04 15:53]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2005-05-27 12:51]
S3 PentaxUsb;PENTAX Optio 60 on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-11-24 15:34]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{06c61c38-0186-11dd-836e-00038a000015}]
\Shell\AutoRun\command - PStart.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 02:12:31
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cach‚s ...

Balayage cach‚ autostart entries ...

Balayage des fichiers cach‚s ...

Scan termin‚ avec succŠs
Les fichiers cach‚s: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\APPS\HIDSERVICE\HidService.exe
C:\WINDOWS\system32\snmp.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-07-24 2:16:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-24 00:16:15
ComboFix2.txt 2008-07-23 23:32:29

Pre-Run: 4,298,649,600 octets libres
Post-Run: 4,275,437,568 octets libres

193 --- E O F --- 2008-07-14 08:02:46

rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:18:23, on 24/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Apps\Powercinema\PCMService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EZ-DUB\EZ-DUB.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Famille\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lycos.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O4 - HKLM\..\Run: [ATIPTA] "C:\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Fichiers communs\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EZ-DUB Finder.lnk = C:\Program Files\EZ-DUB\EZ-DUB.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - D:\Documents and Settings\Famille\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f002.mail.caramail.lycos.fr/app/ ... loader.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylo ... loader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BFB12B2-584D-488E-BCC7-B5CC4EB68011}: NameServer = 84.103.237.141 86.64.145.141
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7821 bytes
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22

Re: Warning! Spyware detected on your computer

Messagepar Falkra » 24 Juil 2008 07:58

Le rapport est clean. As-tu encore des symptômes infectieux sur la machine ?

(je reviens ce soir)
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: Warning! Spyware detected on your computer

Messagepar Marvel » 24 Juil 2008 14:31

Plus aucun signe ^^
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22

Re: Warning! Spyware detected on your computer

Messagepar Falkra » 24 Juil 2008 19:48

Parfait. :wink:

Tu peux désinstaller combofix : entre combofix /u dans la boite exécuter du menu démarrer.
Après cela, efface ce dossier s'il existe encore.
C:\QooBox

Désinstalle Lop S&D et Toolbar S&D par ajout/suppression de programmes (ou le raccourci du menu démarrer)
Tu as été infecté par des toolbars, notamment celle de Spyware Terminator, il faut les éviter voici pourquoi :
http://www.libellules.ch/opt_out.php

- Il faut que tu fasses très attention lorsque tu installes des logiciels, notamment MSN/WLM Plus! (Messenger Plus! est installé), il y a des "sponsors" ou barres d'outils, des choses qu'on installe avec les programmes, et ce sont des infections.

Exemple pour MSN Plus :
Image

Il faut surtout décocher cela lorsqu'on installe, et par défaut, c'est coché : si on ne fait pas attention, on est infecté !

----
Garde MBAM, il est gratuit dans cette version et sans module résident, donc il s'ajoute sans gêner d'autres programmes.

Tu devrais oublier Avast, il a beaucoup perdu en efficacité sur la dernière année, et il ne t'a pas protégé.

Vire Avast et remplace le par Antivir (free-av.com), tout aussi gratuit mais bien plus réactif depuis un moment, Antivir surclasse avast.
Tu peux le faire par le panneau de configuration / ajout-suppression de programmes.
Si ça ne marche pas bien, il y a aussi (au cas où mais normalement pas besoin) cet utilitaire officiel :
http://www.avast.com/fre/avast-uninstall-utility.html

Pour Antivir voici un lien de téléchargement direct :
http://dl1.avgate.net/down/windows/anti ... u_en_h.exe
Voici un tuto http://www.libellules.ch/tuto_antivir.php
Attention, un seul antivirus actif à la fois, donc d'abord en désinstaller un puis installer l'autre.

Je te propose en complément un antimalware performant : MalwareBytes' Anti-malware.
Site officiel : http://www.malwarebytes.org/
Le module résident (qui tourne à l'arrière plan) est payant, mais cela reste gratuit, ce module ne s'active simplement pas, sauf paiement).

Un "vrai" pare-feu est une nécessité, je te conseille Comodo v3, simple à utiliser, gratuit et efficace, un très bon compromis : http://www.personalfirewall.comodo.com/
Tu trouveras ici un tuto en français : http://www.malekal.com/tutorial_COMODO_Firewall.php
(N'installe pas les toolbars proposées par l'installateur, décoche)

Tout cela est long et dense, alors prends ton temps, et n'hésite pas à poser des questions, cette partie est aussi importante que la désinfection.

Tu peux marquer résolu dans le titre, (en éditant le premier post, le titre devient modifiable).

Voici un peu de lecture, une compilation de conseils pour éviter une réinfection et sécuriser la machine.
Plus d'infos dans la FAQ sécurité du site.
Avatar de l’utilisateur
Falkra
Admin libellules.ch
Admin libellules.ch
 
Messages: 24424
Inscription: 30 Jan 2005 13:44
Localisation: 127.0.0.1

Re: résolu Warning! Spyware detected on your computer

Messagepar Marvel » 25 Juil 2008 01:04

parfait, un grand merci a toi et félicitation pour votre site^^
Marvel
 
Messages: 23
Inscription: 23 Juil 2008 18:22


Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités