Comprendre rapport hijackthis

sagatore Messages postés 265 Statut Membre -  
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour à tous,
Voilà tout est dans le titre , quelqu'un pourrait il m'aider à comprendre le rapport ?
Avg à trouvé des fichiers infectés mais impossible de les supprimer ou les mettre en quarantaine (fichiers introuvable)
Peut on m'indiquer la marche à suivre ?
Un bon dimanche à tous

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:37:38, on 11/01/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\twatdog.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\TEMP\mcq8.tmp
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\rs32net.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\AVG\AVG8\avgscanx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\seb\Bureau\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [RegServer] regserve.exe
O4 - HKLM\..\Run: [XGIWatchDog] twatdog.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: pughbm - C:\WINDOWS\SYSTEM32\pughbm.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\fci.exe.exe:ext.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\icf.exe.exe:ext.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 9329 bytes

Sebastien
Configuration: Windows XP
Firefox 3.0.5

24 réponses

  • 1
  • 2
  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Un peu de patience stp, je ne suis pas en permanence devant mon ordinateur ;)

    La cause très probable de l'infection de ton PC est ici :
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen

    Non seulement le crack est illégal, mais il fait courir de sérieux risques à ton ordinateur, car la plupart des cracks sont infectés aujourd'hui... En plus, Avast est un antivirus médiocre, il est dommage d'essayer de le pirater alors que d'autres antivirus gratuits sont plus efficaces !

    Supprime le dossier "avast! Antivirus Professional Edition 4.8.1229+keygen" présent dans le dossier "raccourcis Bureau non utilisés".

    Au passage, je ne t'ai pas demandé de rapport LopS&D, tu l'as fait de ta propre initiative, ou quelqu'un d'autre te l'a conseillé ? Il ne sert à rien ici, puisque tu n'as pas d'infection Lop ;)

    Fais ce qui suit pour poursuivre la désinfection stp :

    /!\ A l'attention de ceux qui passent sur ce sujet /!\
    Le logiciel qui suit n'est pas à utiliser à la légère ! Ne le faites que si un helpeur du forum qui connait bien cet outil vous l'a recommandé.

    On va utiliser Combofix pour finir la désinfection. Attention, ce logiciel est très puissant, une mauvaise utilisation peut faire des dégâts... Fais exactement ce qui suit :

    Télécharge ComboFix (de sUBs) sur ton Bureau (et pas ailleurs !). Pour cela, fais un clic droit sur ce lien et choisis "enregistrer la cible sous ... " et tape C-Fix dans dans la fenêtre qui s'ouvre, puis choisis le Bureau comme destination : http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    --------------------------------------------- [ ! ATTENTION ! ] ----------------------------------------------------------
    ! déconnecte toi, ferme toutes tes applications en cours et DESACTIVE TOUTES TES DEFENCES (anti-virus, antispyware, pare-feu) le temps de la manipulation qui pourraient gêner fortement l'outil...Tu les réactiveras donc après !

    Dans ton cas, il s'agit d'AVG

    ==> Surtout, si tu rencontres des difficultés à ce niveau là, dis le moi avant de poursuivre...

    Tuto ici pour installer la Console de récupération (important en cas de problème) : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    ---------------------------------------------------------------------------------------------------------------------------------

    Ensuite :

    Double-clique sur C-Fix.exe (= combofix.exe ).

    Appuie sur une touche pour démarrer le scan .

    Attention : n'utilise pas ta souris ni ton clavier pendant que le programme tourne. Cela pourrait figer l'ordi ---> si un message d'erreur windows apparait à un moment : clique sur la croix rouge en haut à droite de la fenêtre pour la fermer

    Le rapport sera crée dans: C:\Combofix.txt , poste le ici stp

    1
  2. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Bonjour,

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

    • Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
    • Puis redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : Redémarre ton ordinateur, puis tapote sur la touche F8 (F5 sur certains PC) juste avant l’apparition du logo Windows. Un menu va apparaître, tu devra choisir de démarrer en mode sans échec. Ouvre ensuite ta session habituelle (si nécessaire) et ne t'inquiète pas si les couleurs et la taille des icônes changent par rapport à d'habitude.

    • Puis, ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script et laisse toi guider.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Le rapport SDFix s'ouvrira alors à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau rapport Hijackthis !

    0
  3. sagatore Messages postés 265 Statut Membre 7
     
    Bonjour anthony5151

    Merci pour votre réponse rapide, le problème c'est que je n'arrive pas à relancer en mode sans échecs ... Voici ce que l'on me propose quand je tape f8 :
    Please select boot device
    1st floopy drive
    sm-pioneer dvd-rom atapimodel d
    ss-artec wrr-52z1
    pm-maxtor 6y080l0
    intel undi pxe-2.0 (build082)

    J'ai tester avec pm-maxtor 6y080l0 mais rien ...
    0
  4. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Tu tapes probablement sur la touche F8 trop tôt, il faut le faire après le bip de démarrage, et juste avant l'apparition du logo Windows. Réessaye stp
    Sinon essaye avec la touche F5
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sagatore Messages postés 265 Statut Membre 7
     
    Ok merci c'était le F5
    Voici les deux rapports

    SDFix

    [b]SDFix: Version 1.240 [/b]
    Run by seb on 11/01/2009 at 15:55

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\Documents and Settings\seb\Bureau\SDFix

    [b]Checking Services [/b]:

    Rootkit Found :
    C:\WINDOWS\system32\drivers\ATI2BFXX.sys - Rootkit Pandex/Cutwail - Protect.sys

    [b]Name [/b]:
    FCI
    ICF
    ATI2BFXX

    [b]Path [/b]:
    C:\WINDOWS\system32\fci.exe.exe:ext.exe
    C:\WINDOWS\system32\svchost.exe:ext.exe
    System32\Drivers\ati2bfxx.sys

    FCI - Deleted
    ICF - Deleted
    ATI2BFXX - Deleted

    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting

    Service ATI2BFXX - Deleted after Reboot

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\FCIEXE~1.EXE - Deleted
    C:\WINDOWS\SYSTEM32\ICFEXE~1.EXE - Deleted
    C:\WINDOWS\system32\fci.exe.exe - Deleted
    C:\WINDOWS\system32\icf.exe.exe - Deleted
    C:\WINDOWS\system32\rs32net.exe - Deleted
    C:\WINDOWS\system32\drivers\ATI2BFXX.sys - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    C:\WINDOWS\system32\svchost.exe
    : ADS Found!
    svchost.exe: deleted 25600 bytes in 1 streams.

    Checking for remaining Streams

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    [b]Final Check [/b]:

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-11 16:05:08
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"="C:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE:*:Enabled:Operation Flashpoint"
    "C:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"="C:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe:*:Enabled:NAVBrowser"
    "C:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"="C:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe:*:Enabled:NAVBrowser"
    "C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe"="C:\\Program Files\\EA GAMES\\Medal of Honor Batailles du Pacifique(tm)\\mohpa.exe:*:Disabled:Medal of Honor Pacific Assault(tm)"
    "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"="C:\\Program Files\\AVG\\AVG8\\avgemc.exe:*:Enabled:avgemc.exe"
    "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\DOCUME~1\seb\Bureau\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Sun 22 Jun 2008 6,104,632 A..H. --- "C:\Program Files\Picasa2\setup.exe"
    Sat 27 Dec 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Fri 21 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

    [b]Finished![/b]

    Et hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:10:10, on 11/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\twatdog.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Documents and Settings\seb\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [RegServer] regserve.exe
    O4 - HKLM\..\Run: [XGIWatchDog] twatdog.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [rs32net] C:\WINDOWS\System32\rs32net.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: pughbm - C:\WINDOWS\SYSTEM32\pughbm32.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    0
  7. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Ok, on continue :

    • Télécharge et installe Malwarebytes' Anti-Malware
    • A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée
    • Lance MBAM et laisse les Mises à jour se télécharger (sinon fais les manuellement au lancement du programme)
    • Puis va dans l'onglet "Recherche", coche "Exécuter un examen rapide" puis "Rechercher"
    • Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
    • A la fin du scan, clique sur Afficher les résultats
    • Coche tous les éléments détectés puis clique sur Supprimer la sélection
    • Enregistre le rapport
    • S'il t'est demandé de redémarrer, clique sur Yes

    • Poste le rapport de scan après la suppression ici

    0
  8. sagatore Messages postés 265 Statut Membre 7
     
    Voici le rapport

    Malwarebytes' Anti-Malware 1.32
    Version de la base de données: 1643
    Windows 5.1.2600 Service Pack 3

    11/01/2009 19:03:14
    mbam-log-2009-01-11 (19-03-07).txt

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 137321
    Temps écoulé: 1 hour(s), 16 minute(s), 37 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 1
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 13

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rs32net (Trojan.Agent) -> No action taken.

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0169088.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0169101.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0169201.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0169211.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0170343.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0170361.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0169183.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0169195.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0170214.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0170222.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0170234.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0170245.sys (Rootkit.Agent) -> No action taken.
    C:\System Volume Information\_restore{3945EBB3-BD6B-48A5-9728-FB63D7B685A6}\RP253\A0170334.sys (Rootkit.Agent) -> No action taken.

    Bon début de soirée
    Seb
    0
  9. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Redémarre ton ordinateur et poste un nouveau rapport hijackthis stp

    0
  10. eselgringo Messages postés 8 Statut Membre
     
    Bonjour, je te poste le rapport de lop S&D,

    --------------------\\ Lop S&D 4.2.5-0 XP/Vista

    Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Uniprocessor Free : AMD Athlon(tm) XP 2400+ )
    BIOS : Phoenix - AwardBIOS v6.00PG
    USER : DA SILVA ( Administrator )
    BOOT : Normal boot
    Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Activated)
    C:\ (Local Disk) - NTFS - Total:53 Go (Free:26 Go)
    D:\ (CD or DVD)
    E:\ (CD or DVD)
    I:\ (USB)
    J:\ (USB)

    "C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
    Option : [1] ( 12/01/2009| 6:42 )

    --------------------\\ Listing des dossiers dans APPLIC~1

    [11/01/2009|12:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [14/01/2008|19:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\AVS4YOU
    [13/09/2003|04:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [26/12/2008|22:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DAEMON Tools Lite
    [23/11/2006|19:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [31/07/2008|21:04] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hps
    [12/01/2009|06:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
    [24/11/2008|13:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab Setup Files
    [14/08/2008|14:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
    [05/08/2008|18:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
    [22/12/2008|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [05/12/2003|10:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\MSN6
    [04/01/2009|10:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
    [10/01/2009|00:02] C:\DOCUME~1\ALLUSE~1\APPLIC~1\NOS
    [13/09/2003|04:11] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QuickTime
    [30/09/2002|13:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [10/01/2009|19:40] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [27/12/2004|12:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [23/03/2008|15:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TVU networks
    [31/08/2008|20:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    [11/05/2008|17:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WildTangent
    [02/03/2007|14:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [19/03/2007|18:43] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
    [24/03/2008|23:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [11/02/2008|23:59] C:\DOCUME~1\DASILV~1\APPLIC~1\Adobe
    [17/11/2006|17:29] C:\DOCUME~1\DASILV~1\APPLIC~1\AdobeUM
    [28/07/2004|09:28] C:\DOCUME~1\DASILV~1\APPLIC~1\Ahead
    [25/12/2006|21:41] C:\DOCUME~1\DASILV~1\APPLIC~1\ArcSoft
    [26/12/2003|13:44] C:\DOCUME~1\DASILV~1\APPLIC~1\Creative
    [07/11/2003|21:31] C:\DOCUME~1\DASILV~1\APPLIC~1\CyberLink
    [26/12/2008|22:09] C:\DOCUME~1\DASILV~1\APPLIC~1\DAEMON Tools
    [26/12/2008|22:09] C:\DOCUME~1\DASILV~1\APPLIC~1\DAEMON Tools Lite
    [26/12/2008|22:09] C:\DOCUME~1\DASILV~1\APPLIC~1\DAEMON Tools Pro
    [28/12/2004|17:35] C:\DOCUME~1\DASILV~1\APPLIC~1\eConf
    [11/02/2008|16:07] C:\DOCUME~1\DASILV~1\APPLIC~1\Google
    [29/08/2005|16:14] C:\DOCUME~1\DASILV~1\APPLIC~1\Help
    [05/05/2004|18:18] C:\DOCUME~1\DASILV~1\APPLIC~1\Hewlett-Packard
    [07/03/2008|16:08] C:\DOCUME~1\DASILV~1\APPLIC~1\HP
    [20/02/2008|15:46] C:\DOCUME~1\DASILV~1\APPLIC~1\HTML Executable
    [17/10/2007|22:31] C:\DOCUME~1\DASILV~1\APPLIC~1\Image Zone Express
    [17/12/2007|18:33] C:\DOCUME~1\DASILV~1\APPLIC~1\InstallShield
    [13/09/2003|04:09] C:\DOCUME~1\DASILV~1\APPLIC~1\InterTrust
    [16/01/2005|23:49] C:\DOCUME~1\DASILV~1\APPLIC~1\Jasc
    [18/01/2005|12:17] C:\DOCUME~1\DASILV~1\APPLIC~1\Jasc Software Inc
    [04/12/2007|22:10] C:\DOCUME~1\DASILV~1\APPLIC~1\Lavasoft
    [06/01/2009|11:26] C:\DOCUME~1\DASILV~1\APPLIC~1\LG Electronics
    [03/02/2008|19:57] C:\DOCUME~1\DASILV~1\APPLIC~1\Macromedia
    [14/08/2008|14:44] C:\DOCUME~1\DASILV~1\APPLIC~1\Malwarebytes
    [07/01/2009|13:54] C:\DOCUME~1\DASILV~1\APPLIC~1\Microsoft
    [26/04/2004|12:43] C:\DOCUME~1\DASILV~1\APPLIC~1\Microsoft Web Folders
    [21/10/2008|23:40] C:\DOCUME~1\DASILV~1\APPLIC~1\Mozilla
    [18/01/2008|22:15] C:\DOCUME~1\DASILV~1\APPLIC~1\MSN6
    [29/10/2008|13:14] C:\DOCUME~1\DASILV~1\APPLIC~1\Nero
    [09/09/2008|15:44] C:\DOCUME~1\DASILV~1\APPLIC~1\Panasonic
    [26/04/2005|15:44] C:\DOCUME~1\DASILV~1\APPLIC~1\PassidTmp
    [22/10/2008|12:33] C:\DOCUME~1\DASILV~1\APPLIC~1\Real
    [25/10/2007|18:10] C:\DOCUME~1\DASILV~1\APPLIC~1\SecuROM
    [30/06/2008|18:42] C:\DOCUME~1\DASILV~1\APPLIC~1\SlySoft
    [23/11/2006|19:04] C:\DOCUME~1\DASILV~1\APPLIC~1\Sun
    [06/11/2004|20:17] C:\DOCUME~1\DASILV~1\APPLIC~1\Symantec
    [07/09/2004|16:06] C:\DOCUME~1\DASILV~1\APPLIC~1\Talkback
    [06/03/2008|21:50] C:\DOCUME~1\DASILV~1\APPLIC~1\U3
    [12/01/2009|00:15] C:\DOCUME~1\DASILV~1\APPLIC~1\uTorrent
    [05/05/2005|20:43] C:\DOCUME~1\DASILV~1\APPLIC~1\VERITAS
    [31/08/2008|20:20] C:\DOCUME~1\DASILV~1\APPLIC~1\Viewpoint
    [28/10/2008|13:55] C:\DOCUME~1\DASILV~1\APPLIC~1\vlc
    [28/12/2004|17:19] C:\DOCUME~1\DASILV~1\APPLIC~1\Wanadoo visio

    [13/09/2003|04:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Adobe
    [30/09/2002|12:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [13/09/2003|04:09] C:\DOCUME~1\DEFAUL~1\APPLIC~1\InterTrust
    [30/09/2002|11:54] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
    [13/09/2003|04:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Real

    [30/09/2002|11:54] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [30/09/2002|11:54] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    --------------------\\ Tâches planifiées dans C:\WINDOWS\tasks

    [18/11/2003 11:50][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 3.job
    [11/11/2003 14:50][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 2.job
    [05/11/2003 16:05][--a------] C:\WINDOWS\tasks\Rappel d'enregistrement 1.job
    [12/01/2009 06:29][--ah-----] C:\WINDOWS\tasks\SA.DAT
    [30/08/2002 12:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

    --------------------\\ Listing des dossiers dans C:\Program Files

    [11/01/2009|12:23] C:\Program Files\Adobe
    [03/01/2009|23:38] C:\Program Files\adslTV
    [01/03/2005|12:51] C:\Program Files\Alwil Software
    [18/12/2008|15:44] C:\Program Files\ArcSoft
    [03/12/2008|13:29] C:\Program Files\a-squared Free
    [05/11/2005|19:17] C:\Program Files\Auralog
    [10/09/2008|12:50] C:\Program Files\AviSynth 2.5
    [24/03/2008|23:31] C:\Program Files\AVSMedia
    [03/08/2006|13:10] C:\Program Files\Axon Data
    [29/11/2003|19:54] C:\Program Files\BeWAN ADSL V1.9.0.3
    [06/05/2008|12:47] C:\Program Files\CCleaner
    [08/12/2007|15:28] C:\Program Files\Common Files
    [30/09/2002|12:01] C:\Program Files\ComPlus Applications
    [27/10/2008|11:34] C:\Program Files\Creative
    [14/10/2007|19:59] C:\Program Files\directx
    [07/01/2009|11:56] C:\Program Files\DivX
    [22/10/2007|10:32] C:\Program Files\EHMINSTALL
    [02/12/2007|00:13] C:\Program Files\ESET
    [18/12/2008|15:41] C:\Program Files\Fichiers communs
    [16/11/2006|13:03] C:\Program Files\Free
    [11/01/2008|15:16] C:\Program Files\Free Easy Burner
    [20/02/2008|19:35] C:\Program Files\Google
    [30/10/2008|16:42] C:\Program Files\Hercules
    [05/05/2004|18:13] C:\Program Files\Hewlett-Packard
    [12/01/2009|06:36] C:\Program Files\InstallShield Installation Information
    [06/05/2008|12:38] C:\Program Files\InterActual
    [14/08/2008|14:11] C:\Program Files\Internet Explorer
    [18/01/2005|12:17] C:\Program Files\Jasc Software Inc
    [11/01/2009|12:25] C:\Program Files\Java
    [05/11/2003|15:59] C:\Program Files\JavaSoft
    [10/01/2009|19:46] C:\Program Files\Kaspersky Lab
    [15/01/2005|18:44] C:\Program Files\Kerio
    [08/12/2007|14:35] C:\Program Files\Lavasoft
    [06/01/2009|11:18] C:\Program Files\LG Electronics
    [18/07/2005|18:57] C:\Program Files\Livecom
    [10/01/2009|19:15] C:\Program Files\Malwarebytes' Anti-Malware
    [09/09/2008|17:36] C:\Program Files\MesPolices10
    [09/09/2008|17:36] C:\Program Files\Messenger
    [11/01/2009|23:21] C:\Program Files\Messenger Plus! Live
    [17/12/2008|15:07] C:\Program Files\Microsoft
    [17/06/2008|10:40] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [26/04/2004|12:42] C:\Program Files\microsoft frontpage
    [26/12/2008|22:12] C:\Program Files\Microsoft Games
    [09/09/2008|17:39] C:\Program Files\Microsoft Image Composer
    [09/09/2008|17:39] C:\Program Files\Microsoft Image Composer(2)
    [25/12/2008|16:34] C:\Program Files\Microsoft Office
    [17/12/2008|15:07] C:\Program Files\Microsoft Silverlight
    [17/12/2008|14:56] C:\Program Files\Microsoft SQL Server Compact Edition
    [17/12/2008|14:58] C:\Program Files\Microsoft Sync Framework
    [13/09/2003|04:13] C:\Program Files\Microsoft Visual Studio
    [09/09/2008|17:36] C:\Program Files\Movie Maker
    [10/01/2009|00:10] C:\Program Files\Mozilla Firefox
    [12/01/2009|06:31] C:\Program Files\Mozilla Firefox 3.1 Beta 2
    [07/08/2008|22:20] C:\Program Files\MP3 EasySplitter Trial
    [22/08/2008|13:24] C:\Program Files\mp3DirectCut
    [24/12/2003|16:18] C:\Program Files\MSN
    [30/09/2002|12:00] C:\Program Files\MSN Gaming Zone
    [17/06/2008|04:43] C:\Program Files\MSXML 4.0
    [04/01/2009|10:25] C:\Program Files\Nero
    [14/08/2008|14:08] C:\Program Files\NetMeeting
    [11/03/2004|20:07] C:\Program Files\Norton AntiVirus
    [27/12/2004|12:59] C:\Program Files\Norton SystemWorks
    [10/01/2009|00:02] C:\Program Files\NOS
    [06/11/2003|19:50] C:\Program Files\Nullsoft
    [14/08/2008|14:07] C:\Program Files\Outlook Express
    [09/09/2008|15:45] C:\Program Files\Panasonic
    [31/07/2008|20:54] C:\Program Files\Photocite Collection 4
    [07/01/2009|12:40] C:\Program Files\PhotoZoom Pro 2
    [10/09/2008|13:00] C:\Program Files\QuickMediaConverter
    [11/01/2008|15:32] C:\Program Files\Real
    [09/09/2008|15:30] C:\Program Files\Red Kawa
    [07/09/2004|16:02] C:\Program Files\RegCleaner
    [30/09/2002|12:00] C:\Program Files\Services en ligne
    [01/07/2008|11:02] C:\Program Files\SlySoft
    [10/01/2009|19:40] C:\Program Files\Spybot - Search & Destroy
    [01/06/2007|21:03] C:\Program Files\Sunbelt Software
    [23/08/2004|13:20] C:\Program Files\Uninstall Information
    [18/06/2008|17:57] C:\Program Files\uTorrent
    [28/10/2008|12:30] C:\Program Files\Veetle
    [20/12/2007|20:07] C:\Program Files\VideoLAN
    [06/11/2003|19:50] C:\Program Files\Viewpoint
    [13/09/2003|04:15] C:\Program Files\Virtual CD v4 SDK
    [17/12/2008|15:06] C:\Program Files\Windows Live
    [17/12/2008|14:52] C:\Program Files\Windows Live SkyDrive
    [17/12/2008|14:58] C:\Program Files\Windows Live Toolbar
    [04/12/2008|14:34] C:\Program Files\Windows Media Connect 2
    [07/01/2009|10:57] C:\Program Files\Windows Media Player
    [14/08/2008|14:07] C:\Program Files\Windows NT
    [17/12/2007|19:46] C:\Program Files\WindowsUpdate
    [15/05/2005|19:24] C:\Program Files\WinRAR
    [25/03/2008|10:34] C:\Program Files\WinZip
    [30/09/2002|12:05] C:\Program Files\xerox
    [25/10/2007|18:04] C:\Program Files\Zero G Registry

    --------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs

    [11/01/2009|12:23] C:\Program Files\Fichiers communs\Adobe
    [28/07/2004|09:39] C:\Program Files\Fichiers communs\Ahead
    [14/01/2008|19:38] C:\Program Files\Fichiers communs\AVSMedia
    [11/03/2004|20:06] C:\Program Files\Fichiers communs\CMEII(2)
    [13/09/2003|04:13] C:\Program Files\Fichiers communs\Designer
    [10/03/2008|11:43] C:\Program Files\Fichiers communs\DirectX
    [05/05/2004|18:11] C:\Program Files\Fichiers communs\Hewlett-Packard
    [20/02/2008|15:45] C:\Program Files\Fichiers communs\HTML Executable Viewer
    [27/12/2003|14:04] C:\Program Files\Fichiers communs\InstallShield
    [23/11/2006|19:00] C:\Program Files\Fichiers communs\Java
    [11/01/2009|23:19] C:\Program Files\Fichiers communs\Microsoft Shared
    [30/09/2002|12:02] C:\Program Files\Fichiers communs\MSSoap
    [04/01/2009|10:55] C:\Program Files\Fichiers communs\Nero
    [30/09/2002|11:55] C:\Program Files\Fichiers communs\ODBC
    [22/10/2008|12:33] C:\Program Files\Fichiers communs\Real
    [10/09/2008|12:55] C:\Program Files\Fichiers communs\Services
    [30/09/2002|11:55] C:\Program Files\Fichiers communs\SpeechEngines
    [16/01/2005|23:11] C:\Program Files\Fichiers communs\SWF Studio
    [05/12/2005|13:40] C:\Program Files\Fichiers communs\Symantec Shared
    [25/12/2008|16:34] C:\Program Files\Fichiers communs\System
    [13/09/2003|04:11] C:\Program Files\Fichiers communs\TVNavigTechnologies Shared
    [17/12/2008|14:39] C:\Program Files\Fichiers communs\Windows Live
    [24/03/2008|23:22] C:\Program Files\Fichiers communs\WindowsLiveInstaller
    [22/10/2008|12:33] C:\Program Files\Fichiers communs\xing shared

    --------------------\\ Process

    ( 34 Processes )

    ... OK !

    --------------------\\ Recherche avec S_Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Recherche de Fichiers / Dossiers Lop

    Aucun fichier / dossier Lop trouvé !

    --------------------\\ Verification du Registre

    ..... OK !

    --------------------\\ Verification du fichier Hosts

    Fichier Hosts PROPRE

    --------------------\\ Recherche de fichiers avec Catchme

    catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-12 06:46:16
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden files ...
    scan completed successfully
    hidden processes: 0
    hidden files: 0

    --------------------\\ Recherche d'autres infections

    C:\WINDOWS\Pack.epk

    C:\WINDOWS\System32\dzpyurb.dat
    C:\WINDOWS\System32\dzpyurb_navtmp.dat
    C:\WINDOWS\System32\dzpyurb_navup.dat
    [b]==> EGDACCESS <==/b

    --------------------\\ Cracks & Keygens ..

    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\DESCRiPTiON.nfo
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\key avast 4.8.1229.txt
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\keymaker
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\setupengpro.exe
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\snd.nfo
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\avist_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\black-liquid_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\black_vibe_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\corporate_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\flatnsimple_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\g5_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\lite-on_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\MacLoverOS X.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\o-sti-x_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\pirate_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\rejzor-sharp_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\silhouette_4in1_by_szcraftec.aswcs
    C:\DOCUME~1\DASILV~1\Bureau\Raccourcis Bureau non utilis‚s\avast! Antivirus Professional Edition 4.8.1229+keygen\Avast Pro 4.8.1229\skin\szc-kde_by_szcraftec.aswcs

    [F:21][D:5]-> C:\DOCUME~1\DASILV~1\LOCALS~1\Temp
    [F:10][D:0]-> C:\DOCUME~1\DASILV~1\Cookies
    [F:273][D:5]-> C:\DOCUME~1\DASILV~1\LOCALS~1\TEMPOR~1\content.IE5

    1 - "C:\Lop SD\LopR_1.txt" - 12/01/2009| 6:49 - Option : [1]

    --------------------\\ Fin du rapport a 6:49:59

    Merci pour ton aide
    0
  11. sagatore Messages postés 265 Statut Membre 7
     
    Bonjour anthony5151
    Voici le dernier rapport hijack Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:44:10, on 12/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\twatdog.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\seb\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [RegServer] regserve.exe
    O4 - HKLM\..\Run: [XGIWatchDog] twatdog.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: pughbm - C:\WINDOWS\SYSTEM32\pughbm32.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    0
  12. sagatore Messages postés 265 Statut Membre 7
     
    un p'tit up
    0
  13. sagatore Messages postés 265 Statut Membre 7
     
    Bonsoir anthony5151
    Euh en fait c'est pas moi qui a posté le rapport Lop ... c'est quelqu'un qui c'est incrusté ...
    Moi je t'ai envoyé le dernier message avec le rapport hijack
    Désolé si je t'harcèle lol
    Passe une bonne soirée
    Sébastien
    0
  14. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    @ sagatore :

    Oups, j'ai lu un peu vite... Donc le crack n'est pas à toi non plus ^^

    Tu peux donc passer à combofix directement ;)

    @ eselgringo :

    Merci d'ouvrir ton propre sujet sur le forum stp (n'exécute pas Combofix)

    0
  15. loloetseb Messages postés 5684 Statut Membre 174
     
    Salut antony,

    Toujours aussi insomniaque.Je suis encore sur le forum aussi,j'ai a priori des restes de l'infection de l'autre fois qui sont apparu (que m'ont detecté les nouvelles Maj des logiciels installés).Je suis entre les mains de gen hackman.C'est une sacré bete coriace que j'ai pris (adware vundo variant,et, le rogue component)C'est un repliqueur fou ce rogue,impossible de l'attrapper!!!

    Meilleurs voeux ,santé et bonheurs pour 2009
    0
  16. sagatore Messages postés 265 Statut Membre 7
     
    Bonjour anthony
    Voici le résultat pour combofix

    ComboFix 09-01-11.04 - seb 2009-01-13 15:52:26.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.598 [GMT 1:00]
    Lancé depuis: c:\documents and settings\seb\Bureau\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
    * Un nouveau point de restauration a été créé
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\pughbm32.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_OULTRAF
    -------\Service_oUltraf

    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-13 au 2009-01-13 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-12 10:30 . 2009-01-12 10:30 754 --a------ c:\windows\WORDPAD.INI
    2009-01-11 17:19 . 2009-01-11 17:19 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-11 17:19 . 2009-01-11 17:19 <REP> d-------- c:\documents and settings\seb\Application Data\Malwarebytes
    2009-01-11 17:19 . 2009-01-11 17:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-11 17:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-11 17:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-11 15:54 . 2009-01-11 15:54 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
    2009-01-11 15:52 . 2009-01-11 15:52 <REP> d-------- c:\windows\ERUNT
    2009-01-10 15:07 . 2009-01-11 16:51 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
    2009-01-01 19:06 . 2009-01-01 19:06 <REP> d-------- c:\program files\Defraggler
    2008-12-28 14:38 . 2008-04-14 03:33 221,184 --a------ c:\windows\system32\wmpns.dll
    2008-12-28 14:25 . 2008-12-28 14:25 <REP> d-------- c:\windows\system32\fr
    2008-12-28 14:25 . 2008-12-28 14:25 <REP> d-------- c:\windows\system32\bits
    2008-12-28 14:11 . 2008-12-28 14:11 <REP> d-------- c:\windows\EHome
    2008-12-28 14:08 . 2008-12-28 14:08 0 --a----t- c:\windows\[u]0/u05418_.tmp
    2008-12-20 12:28 . 2009-01-13 15:44 <REP> d--h----- C:\$AVG8.VAULT$
    2008-12-19 21:25 . 2008-12-19 21:25 <REP> d-------- c:\documents and settings\seb\Application Data\Media Player Classic
    2008-12-19 21:25 . 2008-12-19 21:25 <REP> d-------- c:\documents and settings\seb\Application Data\DivX
    2008-12-19 21:25 . 2008-12-19 21:25 3,532 --a------ C:\drmHeader.bin
    2008-12-19 21:21 . 2008-12-19 21:21 <REP> d-------- c:\program files\Satsuki Decoder Pack
    2008-12-19 21:21 . 2008-12-19 21:21 26 --a------ c:\windows\system32\satsukidecodersettings.ini
    2008-12-19 21:17 . 2008-12-19 21:18 <REP> d-------- c:\program files\DivX
    2008-12-19 16:01 . 2008-12-19 16:01 <REP> d-------- c:\documents and settings\All Users\SonicStage
    2008-12-19 15:54 . 2008-12-19 15:54 <REP> d-------- c:\program files\Sony Corporation
    2008-12-19 15:54 . 2001-09-13 02:15 90,112 --------- c:\windows\snymsico.dll
    2008-12-19 15:54 . 2002-08-08 15:51 38,951 --------- c:\windows\system32\drivers\NETMDUSB.sys
    2008-12-19 15:54 . 2003-11-10 12:31 36,232 --------- c:\windows\system32\drivers\NETMD033.sys
    2008-12-19 15:54 . 2003-04-01 18:55 35,319 --------- c:\windows\system32\drivers\NETMD031.sys
    2008-12-19 15:54 . 2001-08-31 15:07 27,255 --------- c:\windows\system32\drivers\NWWMUSB.sys
    2008-12-19 15:54 . 2002-09-11 10:20 11,510 --------- c:\windows\system32\drivers\VMCUSB.sys
    2008-12-19 15:53 . 2008-12-19 15:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony Corporation
    2008-12-19 15:53 . 2003-08-26 17:03 757,760 --a------ c:\windows\system32\CDDBUI.dll
    2008-12-19 15:53 . 2003-08-26 17:01 630,784 --a------ c:\windows\system32\CDDBControl.dll
    2008-12-19 15:53 . 2003-07-11 14:23 110,592 --a------ c:\windows\system32\CddbLangFR.dll
    2008-12-19 15:52 . 2008-12-19 15:54 <REP> d-------- c:\program files\Sony
    2008-12-19 15:52 . 2008-12-19 15:54 <REP> d-------- c:\program files\Fichiers communs\Sony Shared
    2008-12-19 15:52 . 2008-12-19 16:01 <REP> d-------- c:\documents and settings\seb\Application Data\Sony Corporation
    2008-12-18 17:00 . 2006-03-02 13:00 34,560 -----c--- c:\windows\system32\dllcache\wmdm.inf
    2008-12-18 17:00 . 2004-08-03 22:29 25,471 --------- c:\windows\system32\drivers\watv10nt.sys
    2008-12-18 17:00 . 2004-08-03 22:29 22,271 --------- c:\windows\system32\drivers\watv06nt.sys
    2008-12-18 17:00 . 2006-03-02 13:00 13,540 -----c--- c:\windows\system32\dllcache\wmfsdk.inf
    2008-12-18 17:00 . 2004-08-03 22:29 11,935 --------- c:\windows\system32\drivers\wadv11nt.sys
    2008-12-18 17:00 . 2004-08-03 22:29 11,871 --------- c:\windows\system32\drivers\wadv09nt.sys
    2008-12-18 17:00 . 2004-08-03 22:29 11,807 --------- c:\windows\system32\drivers\wadv07nt.sys
    2008-12-18 17:00 . 2004-08-03 22:29 11,295 --------- c:\windows\system32\drivers\wadv08nt.sys
    2008-12-18 17:00 . 2006-03-02 13:00 1,740 -----c--- c:\windows\system32\dllcache\wmpocm.inf
    2008-12-18 16:57 . 2008-12-18 16:58 <REP> d-------- c:\program files\iTunes
    2008-12-18 16:57 . 2008-12-18 16:57 <REP> d-------- c:\program files\iPod
    2008-12-18 16:57 . 2008-12-18 16:58 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-18 16:54 . 2008-12-18 16:54 <REP> d-------- c:\program files\Bonjour
    2008-12-18 16:54 . 2008-04-14 03:33 1,888,992 --------- c:\windows\system32\ati3duag.dll
    2008-12-18 16:38 . 2008-10-23 13:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
    2008-12-18 16:20 . 2008-12-18 16:54 <REP> d-------- c:\program files\QuickTime
    2008-12-18 15:46 . 2008-12-18 15:47 <REP> d-------- c:\program files\Fichiers communs\Sony Ericsson Shared
    2008-12-18 15:45 . 2008-12-18 15:45 <REP> d-------- c:\program files\MSXML 4.0
    2008-12-18 14:54 . 2008-12-18 16:09 <REP> d-------- c:\program files\iTunes(4)
    2008-12-18 14:54 . 2008-12-18 16:09 <REP> d-------- c:\program files\iPod(4)
    2008-12-18 14:30 . 2008-12-18 16:14 <REP> d-------- c:\program files\iTunes(3)
    2008-12-18 14:30 . 2008-12-18 16:14 <REP> d-------- c:\program files\iPod(3)
    2008-12-18 13:05 . 2008-12-27 01:01 <REP> d-------- c:\program files\LimeWire
    2008-12-18 13:05 . 2009-01-05 14:35 <REP> d-------- c:\documents and settings\seb\Application Data\LimeWire
    2008-12-16 19:39 . 2008-12-16 19:39 <REP> d-------- c:\documents and settings\seb\Application Data\Uniblue
    2008-12-16 19:39 . 2008-12-16 20:08 <REP> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
    2008-12-16 19:38 . 2008-12-18 16:14 <REP> d----c--- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
    2008-12-16 19:29 . 2008-12-16 19:29 <REP> d-------- c:\program files\Etymonix
    2008-12-16 01:00 . 2008-12-16 01:00 <REP> d-------- c:\documents and settings\seb\Application Data\MSNInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-12 18:41 --------- d-----w c:\program files\Blitzkrieg 2
    2009-01-01 17:32 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-18 15:21 --------- d-----w c:\program files\Xvid
    2008-12-18 15:21 --------- d-----w c:\program files\Safari
    2008-12-18 15:21 --------- d-----w c:\program files\Red Kawa
    2008-12-18 15:21 --------- d-----w c:\program files\Bonjour(2)
    2008-12-18 15:21 --------- d-----w c:\program files\AviSynth 2.5
    2008-12-18 15:21 --------- d-----w c:\documents and settings\seb\Application Data\Red Kawa(2)
    2008-12-18 15:20 --------- d-----w c:\program files\QuickTime(2)
    2008-12-18 15:19 --------- d-----w c:\program files\Windows Media Connect 2
    2008-12-18 15:17 --------- d-----w c:\program files\iTunes(2)
    2008-12-18 15:17 --------- d-----w c:\program files\iPod(2)
    2008-12-18 15:04 --------- d-----w c:\documents and settings\seb\Application Data\AVGTOOLBAR
    2008-12-18 14:47 --------- d-----w c:\program files\Fichiers communs\Teleca Shared
    2008-12-18 14:46 --------- d-----w c:\program files\EA GAMES
    2008-12-18 14:45 --------- d-----w c:\program files\Apple Software Update
    2008-12-08 13:09 --------- d-----w c:\program files\Java
    2008-11-22 00:29 --------- d-----w c:\documents and settings\seb\Application Data\Canon
    2008-11-21 18:33 --------- d-----w c:\program files\VirginMega
    2008-11-13 12:02 --------- d-----w c:\documents and settings\seb\Application Data\Teleca
    2008-11-13 12:01 --------- d-----w c:\documents and settings\seb\Application Data\Sony Ericsson
    2008-11-13 11:58 --------- d-----w c:\documents and settings\All Users\Application Data\Teleca
    2008-11-13 11:58 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Ericsson
    2008-11-13 11:57 --------- d-----w c:\program files\Sony Ericsson
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
    "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-18 1261336]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 401408]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
    "RegServer"="regserve.exe" [2004-11-25 c:\windows\system32\RegServe.exe]
    "XGIWatchDog"="twatdog.exe" [2004-11-25 c:\windows\system32\TWatDog.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2fjxx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6mpxx.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"=
    "c:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9566:TCP"= 9566:TCP:BitComet 9566 TCP
    "9566:UDP"= 9566:UDP:BitComet 9566 UDP

    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-06-11 75904]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-12 97928]
    R3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [2008-06-11 337664]
    R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-12 875288]
    R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-12 231704]
    R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-12 76040]
    R4 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-09-06 38144]
    S0 ati2fjxx;ati2fjxx;c:\windows\system32\Drivers\ati2fjxx.sys --> c:\windows\system32\Drivers\ati2fjxx.sys [?]
    S0 ati6mpxx;ati6mpxx;c:\windows\system32\Drivers\ati6mpxx.sys --> c:\windows\system32\Drivers\ati6mpxx.sys [?]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-18 33752]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-18 209152]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    FF - ProfilePath - c:\documents and settings\seb\Application Data\Mozilla\Firefox\Profiles\vw1qpcnc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - GoogleCOM
    FF - component: c:\documents and settings\seb\Application Data\Mozilla\Firefox\Profiles\vw1qpcnc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

    ---- FIREFOX POLICIES ----

    FF - user.js: browser.search.selectedEngine - GoogleCOM
    FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-13 15:56:26
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    ------------------------ Autres processus actifs ------------------------
    .
    c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\VIA\RAID\raid_tool.exe
    c:\program files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
    c:\program files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Fichiers communs\Teleca Shared\Generic.exe
    c:\program files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    c:\program files\AVG\AVG8\avgrsx.exe
    .
    **************************************************************************
    .
    Heure de fin: 2009-01-13 16:02:43 - La machine a redémarré
    ComboFix-quarantined-files.txt 2009-01-13 15:02:38

    Avant-CF: 12ÿ232ÿ404ÿ992 octets libres
    AprÞs-CF: 12,188,737,536 octets libres

    WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP dition familiale" /noexecute=optin /fastdetect

    232 --- E O F --- 2008-12-29 00:05:39

    et hijack

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:06:41, on 13/01/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16762)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\twatdog.exe
    C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
    C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\seb\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [RegServer] regserve.exe
    O4 - HKLM\..\Run: [XGIWatchDog] twatdog.exe
    O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
    O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: raid_tool.exe.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O4 - Global Startup: REALTEK USB Wireless LAN Utility.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    0
  17. sagatore Messages postés 265 Statut Membre 7
     
    Un p'tit up
    0
  18. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Re,

    Désolé pour le délai de réponse.

    /!\ ATTENTION /!\ Le script qui suit a été écrit spécialement pour sagatore, il n'est pas transposable sur un autre ordinateur !

    Toujours avec toutes les protections désactivées, fais ceci :

    • Ouvre le bloc-notes (Menu démarrer --> programmes --> accessoires --> bloc-notes)
    • Copie/colle dans le bloc-notes ce qui entre les lignes ci dessous (sans les lignes) :

    ----------------------------------------------------------
    File::
    c:\windows\system32\TWatDog.exe

    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "XGIWatchDog"=-

    ------------------------------------------------------------------

    • Enregistre ce fichier sur ton Bureau (et pas ailleurs !) sous le nom CFScript.txt
    • Quitte le Bloc Notes

    • Fais un glisser/déposer de ce fichier CFScript sur le fichier C-Fix.exe (combofix) comme sur ce lien : http://apu.mabul.org/up/apu/2008/09/06/img-2258535my8h.gif

    • Patiente le temps du scan. Le Bureau va disparaître à plusieurs reprises : c'est normal ! Ne touche à rien tant que le scan n'est pas terminé.
    • Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
    • Si le fichier ne s'ouvre pas, il se trouve ici → C:\ComboFix.txt

    0
  19. sagatore Messages postés 265 Statut Membre 7
     
    Bonjour Anthony,
    Merci pour le suivi du problème.
    Voici le rapport de combo :

    ComboFix 09-01-15.01 - seb 2009-01-16 14:21:27.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.3.1252.1.1036.18.1023.613 [GMT 1:00]
    Lancé depuis: c:\documents and settings\seb\Bureau\ComboFix.exe
    Commutateurs utilisés :: c:\documents and settings\seb\Bureau\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
    * Un nouveau point de restauration a été créé

    FILE ::
    c:\windows\system32\TWatDog.exe
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\TWatDog.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2008-12-16 au 2009-01-16 ))))))))))))))))))))))))))))))))))))
    .

    2009-01-15 00:17 . 2009-01-15 00:17 1,374 --a------ c:\windows\imsins.BAK
    2009-01-12 10:30 . 2009-01-12 10:30 754 --a------ c:\windows\WORDPAD.INI
    2009-01-11 17:19 . 2009-01-11 17:19 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
    2009-01-11 17:19 . 2009-01-11 17:19 <REP> d-------- c:\documents and settings\seb\Application Data\Malwarebytes
    2009-01-11 17:19 . 2009-01-11 17:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-01-11 17:19 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
    2009-01-11 17:19 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
    2009-01-11 15:54 . 2009-01-11 15:54 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
    2009-01-11 15:52 . 2009-01-11 15:52 <REP> d-------- c:\windows\ERUNT
    2009-01-10 15:07 . 2009-01-11 16:51 <REP> d-------- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
    2009-01-01 19:06 . 2009-01-01 19:06 <REP> d-------- c:\program files\Defraggler
    2008-12-28 14:38 . 2008-04-14 03:33 221,184 --a------ c:\windows\system32\wmpns.dll
    2008-12-28 14:25 . 2008-12-28 14:25 <REP> d-------- c:\windows\system32\fr
    2008-12-28 14:25 . 2008-12-28 14:25 <REP> d-------- c:\windows\system32\bits
    2008-12-28 14:11 . 2008-12-28 14:11 <REP> d-------- c:\windows\EHome
    2008-12-28 14:08 . 2008-12-28 14:08 0 --a----t- c:\windows\[u]0/u05418_.tmp
    2008-12-20 12:28 . 2009-01-13 15:44 <REP> d--h----- C:\$AVG8.VAULT$
    2008-12-19 21:25 . 2008-12-19 21:25 <REP> d-------- c:\documents and settings\seb\Application Data\Media Player Classic
    2008-12-19 21:25 . 2008-12-19 21:25 <REP> d-------- c:\documents and settings\seb\Application Data\DivX
    2008-12-19 21:25 . 2009-01-14 17:12 3,532 --a------ C:\drmHeader.bin
    2008-12-19 21:21 . 2008-12-19 21:21 <REP> d-------- c:\program files\Satsuki Decoder Pack
    2008-12-19 21:21 . 2008-12-19 21:21 26 --a------ c:\windows\system32\satsukidecodersettings.ini
    2008-12-19 21:17 . 2008-12-19 21:18 <REP> d-------- c:\program files\DivX
    2008-12-19 16:01 . 2008-12-19 16:01 <REP> d-------- c:\documents and settings\All Users\SonicStage
    2008-12-19 15:54 . 2008-12-19 15:54 <REP> d-------- c:\program files\Sony Corporation
    2008-12-19 15:54 . 2001-09-13 02:15 90,112 --------- c:\windows\snymsico.dll
    2008-12-19 15:54 . 2002-08-08 15:51 38,951 --------- c:\windows\system32\drivers\NETMDUSB.sys
    2008-12-19 15:54 . 2003-11-10 12:31 36,232 --------- c:\windows\system32\drivers\NETMD033.sys
    2008-12-19 15:54 . 2003-04-01 18:55 35,319 --------- c:\windows\system32\drivers\NETMD031.sys
    2008-12-19 15:54 . 2001-08-31 15:07 27,255 --------- c:\windows\system32\drivers\NWWMUSB.sys
    2008-12-19 15:54 . 2002-09-11 10:20 11,510 --------- c:\windows\system32\drivers\VMCUSB.sys
    2008-12-19 15:53 . 2008-12-19 15:53 <REP> d-------- c:\documents and settings\All Users\Application Data\Sony Corporation
    2008-12-19 15:53 . 2003-08-26 17:03 757,760 --a------ c:\windows\system32\CDDBUI.dll
    2008-12-19 15:53 . 2003-08-26 17:01 630,784 --a------ c:\windows\system32\CDDBControl.dll
    2008-12-19 15:53 . 2003-07-11 14:23 110,592 --a------ c:\windows\system32\CddbLangFR.dll
    2008-12-19 15:52 . 2008-12-19 15:54 <REP> d-------- c:\program files\Sony
    2008-12-19 15:52 . 2008-12-19 15:54 <REP> d-------- c:\program files\Fichiers communs\Sony Shared
    2008-12-19 15:52 . 2008-12-19 16:01 <REP> d-------- c:\documents and settings\seb\Application Data\Sony Corporation
    2008-12-18 17:00 . 2006-03-02 13:00 34,560 -----c--- c:\windows\system32\dllcache\wmdm.inf
    2008-12-18 17:00 . 2004-08-03 22:29 25,471 --------- c:\windows\system32\drivers\watv10nt.sys
    2008-12-18 17:00 . 2004-08-03 22:29 22,271 --------- c:\windows\system32\drivers\watv06nt.sys
    2008-12-18 17:00 . 2006-03-02 13:00 13,540 -----c--- c:\windows\system32\dllcache\wmfsdk.inf
    2008-12-18 17:00 . 2004-08-03 22:29 11,935 --------- c:\windows\system32\drivers\wadv11nt.sys
    2008-12-18 17:00 . 2004-08-03 22:29 11,871 --------- c:\windows\system32\drivers\wadv09nt.sys
    2008-12-18 17:00 . 2004-08-03 22:29 11,807 --------- c:\windows\system32\drivers\wadv07nt.sys
    2008-12-18 17:00 . 2004-08-03 22:29 11,295 --------- c:\windows\system32\drivers\wadv08nt.sys
    2008-12-18 17:00 . 2006-03-02 13:00 1,740 -----c--- c:\windows\system32\dllcache\wmpocm.inf
    2008-12-18 16:57 . 2008-12-18 16:58 <REP> d-------- c:\program files\iTunes
    2008-12-18 16:57 . 2008-12-18 16:57 <REP> d-------- c:\program files\iPod
    2008-12-18 16:57 . 2008-12-18 16:58 <REP> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
    2008-12-18 16:54 . 2008-12-18 16:54 <REP> d-------- c:\program files\Bonjour
    2008-12-18 16:54 . 2008-04-14 03:33 1,888,992 --------- c:\windows\system32\ati3duag.dll
    2008-12-18 16:38 . 2008-10-23 13:36 286,720 -----c--- c:\windows\system32\dllcache\gdi32.dll
    2008-12-18 16:20 . 2008-12-18 16:54 <REP> d-------- c:\program files\QuickTime
    2008-12-18 15:46 . 2008-12-18 15:47 <REP> d-------- c:\program files\Fichiers communs\Sony Ericsson Shared
    2008-12-18 15:45 . 2008-12-18 15:45 <REP> d-------- c:\program files\MSXML 4.0
    2008-12-18 14:54 . 2008-12-18 16:09 <REP> d-------- c:\program files\iTunes(4)
    2008-12-18 14:54 . 2008-12-18 16:09 <REP> d-------- c:\program files\iPod(4)
    2008-12-18 14:30 . 2008-12-18 16:14 <REP> d-------- c:\program files\iTunes(3)
    2008-12-18 14:30 . 2008-12-18 16:14 <REP> d-------- c:\program files\iPod(3)
    2008-12-18 13:05 . 2008-12-27 01:01 <REP> d-------- c:\program files\LimeWire
    2008-12-18 13:05 . 2009-01-05 14:35 <REP> d-------- c:\documents and settings\seb\Application Data\LimeWire
    2008-12-16 19:39 . 2008-12-16 19:39 <REP> d-------- c:\documents and settings\seb\Application Data\Uniblue
    2008-12-16 19:39 . 2008-12-16 20:08 <REP> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
    2008-12-16 19:38 . 2008-12-18 16:14 <REP> d----c--- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
    2008-12-16 19:29 . 2008-12-16 19:29 <REP> d-------- c:\program files\Etymonix
    2008-12-16 01:00 . 2008-12-16 01:00 <REP> d-------- c:\documents and settings\seb\Application Data\MSNInstaller

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-01-12 18:41 --------- d-----w c:\program files\Blitzkrieg 2
    2009-01-11 14:48 14,336 ----a-w c:\windows\system32\svchost.exe
    2009-01-01 17:32 --------- d--h--w c:\program files\InstallShield Installation Information
    2008-12-18 15:21 --------- d-----w c:\program files\Xvid
    2008-12-18 15:21 --------- d-----w c:\program files\Safari
    2008-12-18 15:21 --------- d-----w c:\program files\Red Kawa
    2008-12-18 15:21 --------- d-----w c:\program files\Bonjour(2)
    2008-12-18 15:21 --------- d-----w c:\program files\AviSynth 2.5
    2008-12-18 15:21 --------- d-----w c:\documents and settings\seb\Application Data\Red Kawa(2)
    2008-12-18 15:20 --------- d-----w c:\program files\QuickTime(2)
    2008-12-18 15:19 --------- d-----w c:\program files\Windows Media Connect 2
    2008-12-18 15:17 --------- d-----w c:\program files\iTunes(2)
    2008-12-18 15:17 --------- d-----w c:\program files\iPod(2)
    2008-12-18 15:04 --------- d-----w c:\documents and settings\seb\Application Data\AVGTOOLBAR
    2008-12-18 14:47 --------- d-----w c:\program files\Fichiers communs\Teleca Shared
    2008-12-18 14:46 --------- d-----w c:\program files\EA GAMES
    2008-12-18 14:45 --------- d-----w c:\program files\Apple Software Update
    2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
    2008-12-08 13:09 --------- d-----w c:\program files\Java
    2008-11-22 00:29 --------- d-----w c:\documents and settings\seb\Application Data\Canon
    2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
    2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
    2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
    2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
    2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
    2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
    2008-11-21 18:33 --------- d-----w c:\program files\VirginMega
    2008-11-12 15:10 10,520 ----a-w c:\windows\system32\avgrsstx.dll
    2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
    2008-10-16 20:18 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
    2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
    2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
    2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
    2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
    2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
    2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
    2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
    2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
    2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
    .

    ((((((((((((((((((((((((((((( snapshot@2009-01-13_16.01.54.85 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-12-11 12:33:59 333,952 ----a-w c:\windows\$hf_mig$\KB958687\SP3QFE\srv.sys
    + 2007-11-30 11:19:06 18,296 ----a-w c:\windows\$hf_mig$\KB958687\spmsg.dll
    + 2007-11-30 11:19:06 234,872 ----a-w c:\windows\$hf_mig$\KB958687\spuninst.exe
    + 2007-11-30 11:19:06 26,488 ----a-w c:\windows\$hf_mig$\KB958687\update\spcustom.dll
    + 2007-11-30 11:19:06 767,352 ----a-w c:\windows\$hf_mig$\KB958687\update\update.exe
    + 2007-11-30 11:19:10 406,392 ----a-w c:\windows\$hf_mig$\KB958687\update\updspapi.dll
    + 2007-11-30 11:19:06 234,872 -c----w c:\windows\$NtUninstallKB958687$\spuninst\spuninst.exe
    + 2007-11-30 11:19:10 406,392 -c----w c:\windows\$NtUninstallKB958687$\spuninst\updspapi.dll
    + 2008-09-08 10:41:42 333,824 -c----w c:\windows\$NtUninstallKB958687$\srv.sys
    - 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys
    + 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys
    - 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
    + 2009-01-10 01:35:28 20,853,704 ----a-w c:\windows\system32\MRT.exe
    - 2008-12-18 15:26:36 41,684,404 ----a-w c:\windows\system32\Restore\rstrlog.dat
    + 2009-01-15 12:04:03 311,360 ----a-w c:\windows\system32\Restore\rstrlog.dat
    - 2007-11-30 12:39:29 18,296 ------w c:\windows\system32\spmsg.dll
    + 2007-11-30 11:19:06 18,296 ------w c:\windows\system32\spmsg.dll
    .
    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
    "Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-18 1261336]
    "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 401408]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
    "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
    "RegServer"="regserve.exe" [2004-11-25 c:\windows\system32\RegServe.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
    raid_tool.exe.lnk - c:\program files\VIA\RAID\raid_tool.exe [2008-06-11 561152]
    REALTEK USB Wireless LAN Utility.lnk - c:\program files\REALTEK USB Wireless LAN Driver and Utility\RtWLan.exe [2008-10-18 786432]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=avgrsstx.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati2fjxx.sys]
    @="Driver"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ati6mpxx.sys]
    @="Driver"

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\BitComet\\BitComet.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Codemasters\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"=
    "c:\\Program Files\\ScanSoft\\OmniPageSE\\EregFre\\NAVBrowser.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9566:TCP"= 9566:TCP:BitComet 9566 TCP
    "9566:UDP"= 9566:UDP:BitComet 9566 UDP

    R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2008-06-11 75904]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-12 97928]
    R3 Xgiv3;Xgiv3;c:\windows\system32\drivers\Xgiv3m.sys [2008-06-11 337664]
    R4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-12 875288]
    R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-12 231704]
    R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-12 76040]
    R4 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-09-06 38144]
    S0 ati2fjxx;ati2fjxx;c:\windows\system32\Drivers\ati2fjxx.sys --> c:\windows\system32\Drivers\ati2fjxx.sys [?]
    S0 ati6mpxx;ati6mpxx;c:\windows\system32\Drivers\ati6mpxx.sys --> c:\windows\system32\Drivers\ati6mpxx.sys [?]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-10-18 33752]
    S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2008-10-18 209152]
    .
    Contenu du dossier 'Tâches planifiées'

    2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
    .
    .
    ------- Examen supplémentaire -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    FF - ProfilePath - c:\documents and settings\seb\Application Data\Mozilla\Firefox\Profiles\vw1qpcnc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - GoogleCOM
    FF - component: c:\documents and settings\seb\Application Data\Mozilla\Firefox\Profiles\vw1qpcnc.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll

    ---- PARAMETRES FIREFOX ----

    FF - user.js: browser.search.selectedEngine - GoogleCOM
    FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-01-16 14:24:45
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(604)
    c:\windows\system32\avgrsstx.dll

    - - - - - - - > 'lsass.exe'(668)
    c:\windows\system32\avgrsstx.dll
    .
    Heure de fin: 2009-01-16 14:27:08
    ComboFix-quarantined-files.txt 2009-01-16 13:27:02
    ComboFix2.txt 2009-01-13 15:02:45

    Avant-CF: 11 741 102 080 octets libres
    Après-CF: 11,761,369,088 octets libres

    252 --- E O F --- 2009-01-16 13:13:32
    0
  20. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Re,

    Apparemment, le fichier qu'on a supprimé n'était peut-être pas infecté... Est-ce que tu as eu des problèmes avec ton ordinateur depuis qu'on l'a supprimé ?

    On va l'analyser, et s'il est bien légitime, je t'aiderai à le restaurer à partir de la quarantaine de Combofix.

    Merci à Regis59 de m'avoir prévenu.

    • Rends toi sur le site https://www.virustotal.com/gui/

    • Clique sur Parcourir, et navigue jusqu'au fichier suivant et valide : C:\QooBox\Quarantine\c:\windows\system32\TWatDog.exe.vir

    • Clique sur "Envoyer le fichier" : s'il a déjà été analysé, demande une nouvelle analyse.

    • Fais un copier/coller du rapport entier sur le forum.

    0
  21. sagatore Messages postés 265 Statut Membre 7
     
    Voici le résultat

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.0.0.73 2009.01.16 -
    AhnLab-V3 2009.1.15.0 2009.01.16 -
    AntiVir 7.9.0.55 2009.01.16 -
    Authentium 5.1.0.4 2009.01.16 -
    Avast 4.8.1281.0 2009.01.16 -
    AVG 8.0.0.229 2009.01.16 -
    BitDefender 7.2 2009.01.16 -
    CAT-QuickHeal 10.00 2009.01.16 -
    ClamAV 0.94.1 2009.01.16 -
    Comodo 933 2009.01.16 -
    DrWeb 4.44.0.09170 2009.01.16 -
    eSafe 7.0.17.0 2009.01.15 -
    eTrust-Vet 31.6.6311 2009.01.16 -
    F-Prot 4.4.4.56 2009.01.16 -
    F-Secure 8.0.14470.0 2009.01.16 -
    Fortinet 3.117.0.0 2009.01.15 -
    GData 19 2009.01.16 -
    Ikarus T3.1.1.45.0 2009.01.16 -
    K7AntiVirus 7.10.593 2009.01.16 -
    Kaspersky 7.0.0.125 2009.01.16 -
    McAfee 5497 2009.01.16 -
    McAfee+Artemis 5497 2009.01.16 -
    Microsoft 1.4205 2009.01.16 -
    NOD32 3772 2009.01.16 -
    Norman 5.93.01 2009.01.16 -
    nProtect 2009.1.8.0 2009.01.16 -
    Panda 9.5.1.2 2009.01.15 -
    PCTools 4.4.2.0 2009.01.16 -
    Prevx1 V2 2009.01.16 -
    Rising 21.12.42.00 2009.01.16 -
    SecureWeb-Gateway 6.7.6 2009.01.16 -
    Sophos 4.37.0 2009.01.16 -
    Sunbelt 3.2.1835.2 2009.01.16 -
    Symantec 10 2009.01.16 -
    TheHacker 6.3.1.4.220 2009.01.14 -
    TrendMicro 8.700.0.1004 2009.01.16 -
    VBA32 3.12.8.10 2009.01.16 -
    ViRobot 2009.1.16.1562 2009.01.16 -
    VirusBuster 4.5.11.0 2009.01.16 -
    Information additionnelle
    File size: 77824 bytes
    MD5...: defdd9def60a012e291703f2bafd3523
    SHA1..: b7963523fdc60cc5fd59019f88b3cab5ec8e9b66
    SHA256: 91d9593fc21046bf21c86653ed705caeb924f908061eb0121c7c17c765a27312
    SHA512: 1f34619aee825ac3657636b72a4393fc32b9fb7825a852b550f69335d657cc17
    6ebd73c2e6454e6e2a6d1f84416bcaaf177ad23a275c6c3863d12b0c77b02f44
    ssdeep: 768:wfUZLQy44wOU07kwetIocy9PMtNL2cnGjXQ0RlmPiB9tm3acTAQdpp5UcM5T
    q+:EeQy4WP7kwsrPDcGzt9xcTb7UcM5O+
    PEiD..: Armadillo v1.71
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x4068bf
    timedatestamp.....: 0x4112dae1 (Fri Aug 06 01:12:01 2004)
    machinetype.......: 0x14c (I386)

    ( 5 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0xbe40 0xc000 6.60 61f650e2715a0bb164aff4b228f48e81
    .rdata 0xd000 0x1100 0x2000 3.33 3223bbe6e3069653c0eb716c3c0cef3a
    .data 0xf000 0x2a74 0x2000 3.15 f238b596d3c6f25e2c75172b1c09595a
    .share 0x12000 0x4 0x1000 0.00 620f0b67a91f7f74151bc5be745b7110
    .rsrc 0x13000 0x908 0x1000 2.13 51eeb08aa89f0a1abef317070b091144

    ( 6 imports )
    > KERNEL32.dll: Sleep, InterlockedExchange, InterlockedDecrement, GetModuleFileNameA, lstrcatA, LoadLibraryA, lstrcpyA, GetModuleHandleA, GetProcAddress, FreeLibrary, GetLocaleInfoA, MultiByteToWideChar, GetSystemPowerStatus, OutputDebugStringA, HeapSize, ExitProcess, WideCharToMultiByte, GetVersion, FreeEnvironmentStringsA, LocalFree, CloseHandle, FlushFileBuffers, GetStringTypeW, GetStringTypeA, SetStdHandle, GetOEMCP, GetACP, GetCPInfo, SetFilePointer, GetLastError, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, WriteFile, GetFileType, GetStdHandle, SetHandleCount, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, IsBadWritePtr, UnhandledExceptionFilter, RaiseException, GetVersionExA, GetCommandLineA, HeapReAlloc, VirtualAlloc, VirtualFree, HeapCreate, RtlUnwind, HeapFree, HeapAlloc, GetSystemTimeAsFileTime, GetStartupInfoA, LCMapStringW, GetCurrentProcess, TerminateProcess, LCMapStringA, HeapDestroy
    > USER32.dll: MessageBoxA, GetSystemMetrics, ChangeDisplaySettingsA, EnumDisplaySettingsA, PostMessageA, TranslateMessage, DispatchMessageA, GetMessageA, RegisterClassA, UpdateWindow, wsprintfA, CreateDialogParamA, SetWindowPos, LoadStringA, SetDlgItemTextA, DestroyWindow, IsDlgButtonChecked, PostQuitMessage, DefWindowProcA, SetTimer, KillTimer, CreateWindowExA, ShowWindow, IsWindow, LoadCursorA, LoadIconA
    > GDI32.dll: GetDeviceCaps, CreateICA, CreateDCA, ExtEscape, DeleteDC
    > ADVAPI32.dll: RegCloseKey, RegQueryValueExA, RegOpenKeyExA, RegSetValueExA, RegCreateKeyExA
    > ole32.dll: CoInitialize, CoUninitialize, CoCreateInstance, CLSIDFromProgID
    > OLEAUT32.dll: -, -

    ( 0 exports )
    0
  • 1
  • 2